ComboFix

[ADMONEY]

Zde log z MBR:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

[ADMONEY]

Omlouvám se, zde ještě jednou MBR:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe >>UNKNOWN [0x87149580]<<
kernel: MBR read successfully
user & kernel MBR OK

[motji]

Fajn, pokračujte velkým Gmerem, pokud by Vám nešel udělat, zkuste v nouzovém režimu.

[ADMONEY]

Gmer je v pohodě, funguje normal ve Windows , zatim skenuje.

[ADMONEY]

V příloze je ten log z GMERu. Nevešel se mi sem - překročen maximalní počet povolených znaků

[motji]

Já si sem ten log vhodím, at se mi v tom líp orientuje

---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xF7065900]
.text C:\WINDOWS\system32\drivers\hardlock.sys section is writeable [0xEFD35400, 0x87EE2, 0xE8000020]
.protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xEFDD9620] C:\WINDOWS\system32\drivers\hardlock.sys entry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xEFDD9620]
.protect˙˙˙˙hardlockunknown last code section [0xEFDD9400, 0x5126, 0xE0000020] C:\WINDOWS\system32\drivers\hardlock.sys unknown last code section [0xEFDD9400, 0x5126, 0xE0000020]
pnidata C:\WINDOWS\system32\DRIVERS\secdrv.sys unknown last section [0xEFA86F00, 0x24000, 0x48000000]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[1424] ntdll.dll!NtQueryDirectoryFile + 6 7C90DF64 4 Bytes [90, 61, CA, 00]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3720] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)


AFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg ---- Registry - GMER 1.0.15 ----


Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x3D 0x50 0xB0 0x31 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SOFTWARE\Classes\.package@ package_auto_file
Reg HKLM\SOFTWARE\Classes\ASP.HostEncode\CLSID
Reg HKLM\SOFTWARE\Classes\ASP.HostEncode\CLSID@ {0CF774D1-F077-11D1-B1BC-00C04F86C324}
Reg HKLM\SOFTWARE\Classes\AVIEBHO.IEFW@ IEFW Object
Reg HKLM\SOFTWARE\Classes\AVIEBHO.IEFW\CLSID
Reg HKLM\SOFTWARE\Classes\AVIEBHO.IEFW\CLSID@ {FAAD2038-C371-473d-86F1-5B11D39C3775}
Reg HKLM\SOFTWARE\Classes\AVIEBHO.IEFW\CurVer
Reg HKLM\SOFTWARE\Classes\AVIEBHO.IEFW\CurVer@ AVIEBHO.IEFW.2
Reg HKLM\SOFTWARE\Classes\AVIEBHO.IEFW.2@ IEFW Object
Reg HKLM\SOFTWARE\Classes\AVIEBHO.IEFW.2\CLSID
Reg HKLM\SOFTWARE\Classes\AVIEBHO.IEFW.2\CLSID@ {FAAD2038-C371-473d-86F1-5B11D39C3775}
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0xAA 0x52 0xC6 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xB2 0x46 0x9A 0xE2 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EAC HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...
Reg HKLM\SOFTWARE\Classes\ECMAScript@ JScript Language
Reg HKLM\SOFTWARE\Classes\ECMAScript\CLSID
Reg HKLM\SOFTWARE\Classes\ECMAScript\CLSID@ {f414c260-6ac0-11cf-b6d1-00aa00bbbb58}
Reg HKLM\SOFTWARE\Classes\ECMAScript\OLEScript
Reg HKLM\SOFTWARE\Classes\HTML.HostEncode\CLSID
Reg HKLM\SOFTWARE\Classes\HTML.HostEncode\CLSID@ {0CF774D0-F077-11D1-B1BC-00C04F86C324}
Reg HKLM\SOFTWARE\Classes\JavaScript@ JScript Language
Reg HKLM\SOFTWARE\Classes\JavaScript\CLSID
Reg HKLM\SOFTWARE\Classes\JavaScript\CLSID@ {f414c260-6ac0-11cf-b6d1-00aa00bbbb58}
Reg HKLM\SOFTWARE\Classes\JavaScript\OLEScript
Reg HKLM\SOFTWARE\Classes\JavaScript Author@ JScript Language Authoring
Reg HKLM\SOFTWARE\Classes\JavaScript Author\CLSID
Reg HKLM\SOFTWARE\Classes\JavaScript Author\CLSID@ {f414c261-6ac0-11cf-b6d1-00aa00bbbb58}
Reg HKLM\SOFTWARE\Classes\JavaScript Author\OLEScript
Reg HKLM\SOFTWARE\Classes\JavaScript1.1@ JScript Language
Reg HKLM\SOFTWARE\Classes\JavaScript1.1\CLSID
Reg HKLM\SOFTWARE\Classes\JavaScript1.1\CLSID@ {f414c260-6ac0-11cf-b6d1-00aa00bbbb58}
Reg HKLM\SOFTWARE\Classes\JavaScript1.1\OLEScript
Reg HKLM\SOFTWARE\Classes\JavaScript1.1 Author@ JScript Language Authoring
Reg HKLM\SOFTWARE\Classes\JavaScript1.1 Author\CLSID
Reg HKLM\SOFTWARE\Classes\JavaScript1.1 Author\CLSID@ {f414c261-6ac0-11cf-b6d1-00aa00bbbb58}
Reg HKLM\SOFTWARE\Classes\JavaScript1.1 Author\OLEScript
Reg HKLM\SOFTWARE\Classes\JavaScript1.2@ JScript Language
Reg HKLM\SOFTWARE\Classes\JavaScript1.2\CLSID
Reg HKLM\SOFTWARE\Classes\JavaScript1.2\CLSID@ {f414c260-6ac0-11cf-b6d1-00aa00bbbb58}
Reg HKLM\SOFTWARE\Classes\JavaScript1.2\OLEScript
Reg HKLM\SOFTWARE\Classes\JavaScript1.2 Author@ JScript Language Authoring
Reg HKLM\SOFTWARE\Classes\JavaScript1.2 Author\CLSID
Reg HKLM\SOFTWARE\Classes\JavaScript1.2 Author\CLSID@ {f414c261-6ac0-11cf-b6d1-00aa00bbbb58}
Reg HKLM\SOFTWARE\Classes\JavaScript1.2 Author\OLEScript
Reg HKLM\SOFTWARE\Classes\JavaScript1.3@ JScript Language
Reg HKLM\SOFTWARE\Classes\JavaScript1.3\CLSID
Reg HKLM\SOFTWARE\Classes\JavaScript1.3\CLSID@ {f414c260-6ac0-11cf-b6d1-00aa00bbbb58}
Reg HKLM\SOFTWARE\Classes\JavaScript1.3\OLEScript
Reg HKLM\SOFTWARE\Classes\JScript@ JScript Language
Reg HKLM\SOFTWARE\Classes\JScript\CLSID
Reg HKLM\SOFTWARE\Classes\JScript\CLSID@ {f414c260-6ac0-11cf-b6d1-00aa00bbbb58}
Reg HKLM\SOFTWARE\Classes\JScript\OLEScript
Reg HKLM\SOFTWARE\Classes\JScript Author@ JScript Language Authoring
Reg HKLM\SOFTWARE\Classes\JScript Author\CLSID
Reg HKLM\SOFTWARE\Classes\JScript Author\CLSID@ {f414c261-6ac0-11cf-b6d1-00aa00bbbb58}
Reg HKLM\SOFTWARE\Classes\JScript Author\OLEScript
Reg HKLM\SOFTWARE\Classes\JScript.Encode@ JScript Language Encoding
Reg HKLM\SOFTWARE\Classes\JScript.Encode\CLSID
Reg HKLM\SOFTWARE\Classes\JScript.Encode\CLSID@ {f414c262-6ac0-11cf-b6d1-00aa00bbbb58}
Reg HKLM\SOFTWARE\Classes\JScript.Encode\OLEScript
Reg HKLM\SOFTWARE\Classes\JSFile.HostEncode\CLSID
Reg HKLM\SOFTWARE\Classes\JSFile.HostEncode\CLSID@ {85131630-480C-11D2-B1F9-00C04F86C324}
Reg HKLM\SOFTWARE\Classes\LiveScript@ JScript Language
Reg HKLM\SOFTWARE\Classes\LiveScript\CLSID
Reg HKLM\SOFTWARE\Classes\LiveScript\CLSID@ {f414c260-6ac0-11cf-b6d1-00aa00bbbb58}
Reg HKLM\SOFTWARE\Classes\LiveScript\OLEScript
Reg HKLM\SOFTWARE\Classes\LiveScript Author@ JScript Language Authoring
Reg HKLM\SOFTWARE\Classes\LiveScript Author\CLSID
Reg HKLM\SOFTWARE\Classes\LiveScript Author\CLSID@ {f414c261-6ac0-11cf-b6d1-00aa00bbbb58}
Reg HKLM\SOFTWARE\Classes\LiveScript Author\OLEScript
Reg HKLM\SOFTWARE\Classes\MSIDXS@ Microsoft OLE DB Provider for Indexing Service
Reg HKLM\SOFTWARE\Classes\MSIDXS\Clsid
Reg HKLM\SOFTWARE\Classes\MSIDXS\Clsid@ {F9AE8980-7E52-11d0-8964-00C04FD611D7}
Reg HKLM\SOFTWARE\Classes\MSIDXS ErrorLookup@ Microsoft OLE DB Error Lookup for Indexing Service
Reg HKLM\SOFTWARE\Classes\MSIDXS ErrorLookup\Clsid
Reg HKLM\SOFTWARE\Classes\MSIDXS ErrorLookup\Clsid@ {F9AE8981-7E52-11d0-8964-00C04FD611D7}
Reg HKLM\SOFTWARE\Classes\MSScriptControl.ScriptControl@ ScriptControl Object
Reg HKLM\SOFTWARE\Classes\MSScriptControl.ScriptControl\CLSID HKLM\SOFTWARE\Classes\Scripting.FileSystemObject\CLSID@ {0D43FE01-F093-11CF-8940-00A0C9054228}
Reg HKLM\SOFTWARE\Classes\VBS@ VB Script Language
Reg HKLM\SOFTWARE\Classes\VBS\CLSID
Reg HKLM\SOFTWARE\Classes\VBS\CLSID@ {B54F3741-5B07-11cf-A4B0-00AA004A55E8}
Reg HKLM\SOFTWARE\Classes\VBS\OLEScript
Reg HKLM\SOFTWARE\Classes\VBS Author@ VB Script Language Authoring
Reg HKLM\SOFTWARE\Classes\VBS Author\CLSID
Reg HKLM\SOFTWARE\Classes\VBS Author\CLSID@ {B54F3742-5B07-11cf-A4B0-00AA004A55E8}
Reg HKLM\SOFTWARE\Classes\VBS Author\OLEScript
Reg HKLM\SOFTWARE\Classes\VBScript@ VB Script Language
Reg HKLM\SOFTWARE\Classes\VBScript\CLSID
Reg HKLM\SOFTWARE\Classes\VBScript\CLSID@ {B54F3741-5B07-11cf-A4B0-00AA004A55E8}
Reg HKLM\SOFTWARE\Classes\VBScript\OLEScript
Reg HKLM\SOFTWARE\Classes\VBScript Author@ VB Script Language Authoring
Reg HKLM\SOFTWARE\Classes\VBScript Author\CLSID
Reg HKLM\SOFTWARE\Classes\VBScript Author\CLSID@ {B54F3742-5B07-11cf-A4B0-00AA004A55E8}
Reg HKLM\SOFTWARE\Classes\VBScript Author\OLEScript
Reg HKLM\SOFTWARE\Classes\VBScript.Encode@ VBScript Language Encoding
Reg HKLM\SOFTWARE\Classes\VBScript.Encode\CLSID
Reg HKLM\SOFTWARE\Classes\VBScript.Encode\CLSID@ {B54F3743-5B07-11cf-A4B0-00AA004A55E8}
Reg HKLM\SOFTWARE\Classes\VBScript.Encode\OLEScript
Reg HKLM\SOFTWARE\Classes\VBScript.RegExp@ VBScript Regular Expression
Reg HKLM\SOFTWARE\Classes\VBScript.RegExp\CLSID
Reg HKLM\SOFTWARE\Classes\VBScript.RegExp\CLSID@ {3F4DACA4-160D-11D2-A8E9-00104B365C9F}
Reg HKLM\SOFTWARE\Classes\VBScript.RegExp\OLEScript
Reg HKLM\SOFTWARE\Classes\VBSFile.HostEncode\CLSID
Reg HKLM\SOFTWARE\Classes\VBSFile.HostEncode\CLSID@ {85131631-480C-11D2-B1F9-00C04F86C324}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aac\OpenWithProgids@ şĹ\0\x2d9\x2d9\x2d9\x2d9xÍS\23\x2d9\x2d9\x2d9\x2d9ě=>\0č=>\0004şĹ\0hlp\0ôŔE\0ě=>\0lkT\23\3
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\OpenWithProgids@ şĹ\0\x2d9\x2d9\x2d9\x2d9xÍS\23\x2d9\x2d9\x2d9\x2d9ě=>\0č=>\0004şĹ\0hlp\0ôŔE\0ě=>\0lkT\23\3
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\OpenWithProgids@ şĹ\0\x2d9\x2d9\x2d9\x2d9xÍS\23\x2d9\x2d9\x2d9\x2d9ě=>\0č=>\0004şĹ\0hlp\0ôŔE\0ě=>\0lkT\23\3

---- Files - GMER 1.0.15 ----

File C:\ACERNB\NAV2006\Support\SymNet\SymNet\System32\Drivers\symndis.sys (size mismatch) 27792/182912 bytes executable
File C:\Documents and Settings\Karel\Plocha\mbr.log 251 bytes
File C:\RECYCLER 0 bytes
File C:\RECYCLER\S-1-5-21-234633930-1686313516-2344982973-1006 0 bytes
File C:\RECYCLER\S-1-5-21-234633930-1686313516-2344982973-1006\Dc1.log 1076 bytes
File C:\RECYCLER\S-1-5-21-234633930-1686313516-2344982973-1006\Dc2.log 195 bytes
File C:\RECYCLER\S-1-5-21-234633930-1686313516-2344982973-1006\Dc3.log 251 bytes
File C:\RECYCLER\S-1-5-21-234633930-1686313516-2344982973-1006\desktop.ini 65 bytes
File C:\RECYCLER\S-1-5-21-234633930-1686313516-2344982973-1006\INFO2 2420 bytes
File C:\WINDOWS\system32\dllcache\ndis.sys (size mismatch) 212736/182912 bytes executable
File C:\WINDOWS\system32\drivers\ndis.sys (size mismatch) 212736/182912 bytes executable
File C:\WINDOWS\system32\drivers\symndis.sys (size mismatch) 46208/182912 bytes executable

---- EOF - GMER 1.0.15 ----

[motji]

Vy máte nainstalovaný Norton antivirus?

[ADMONEY]

Ano, Norton tu mam nainstalovany, ale asi častečně norton nejde zapnout ani odinstalovat. Šel by nějakym zpuspbem odinstalovat - odstranit z pc ?

[motji]

Zkuste si stahnout odinstalátor odsud
http://www.raymond.cc/blog/archives/200 ... #more-2878

A pak až ho odinstalujete, vložte log ze Rsitu.Podle logu z gmeru to vypadá, že je infikovaný i driver od Nortona

[ADMONEY]

Dobrá,

[motji]

A až ho odinstalujete - restart pc, můžete ještě udělat sken gmerem - označit pouze záložku File?

[ADMONEY]

Norton Antivirus vypadá že byl úspěšně odinstalován utilitou, kterou jste mi doporučila , po jeho odinstalaci jsem provedl RSIT scan, zde log:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2010-04-20 17:34:20
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 43 GB (59%) free of 74 GB
Total RAM: 1023 MB (80% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-08-26 279944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
MyAshampoo Toolbar - C:\Program Files\MyAshampoo\tbMyAs.dll [2009-12-31 2349080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2009-09-08 761840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-06-07 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-06-07 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
free-downloads.net Toolbar - C:\Program Files\free-downloads.net\tbfre0.dll [2009-03-10 2079256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetIM Toolbar Helper - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2009-05-20 1258808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
BS Player Toolbar - C:\Program Files\BS_Player\tbBS_P.dll [2009-07-02 2215960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-01-03 1019128]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-08-26 279944]
{ecdee021-0d17-467f-a1ff-c7a115230949} - free-downloads.net Toolbar - C:\Program Files\free-downloads.net\tbfre0.dll [2009-03-10 2079256]
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - BS Player Toolbar - C:\Program Files\BS_Player\tbBS_P.dll [2009-07-02 2215960]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2009-11-24 953800]
{EEE6C35B-6118-11DC-9C72-001320C79847} - SweetIM Toolbar for Internet Explorer - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2009-05-20 1258808]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431}
{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - MyAshampoo Toolbar - C:\Program Files\MyAshampoo\tbMyAs.dll [2009-12-31 2349080]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-06-07 148888]
"FaxCenterServer"=C:\Program Files\Lexmark Fax Solutions\fm3032.exe [2007-02-09 295856]
"SweetIM"=C:\Program Files\SweetIM\Messenger\SweetIM.exe [2009-08-26 111928]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-18 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Empowering Technology Monitor]
C:\WINDOWS\system32\SysMonitor.exe [2006-04-18 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AspireService]
C:\Program Files\Acer\Acer eMode Management\AspireService.exe [2006-06-09 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BroadCam]
C:\Program Files\NCH Software\BroadCam\broadcam.exe [2009-12-07 946180]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2004-08-18 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe [2006-04-28 401408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ImageItEncrypt]
C:\WINDOWS\system32\ImageItEncrypt.exe [2005-12-30 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-18 208952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe [2005-07-08 1397760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchApp]
Alaunch []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaSync]
C:\Program Files\Acer\Acer eConsole\MediaSync.exe [2006-05-04 425984]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-18 59392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2005-06-02 1957888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntiMUI]
c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe [2005-05-11 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
C:\Program Files\Acer TV-FM\PCMService.exe [2006-03-29 143360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-18 455168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-18 455168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RAM Idle Professional]
C:\Program Files\RAM Idle LE\RAM_XP.exe [2006-01-17 135168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower]
SiSPower.dll,ModeAgent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2010-03-09 26100520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2004-09-23 860160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2004-10-14 1388544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [2007-07-12 132496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2009-11-13 247144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Acer Empowering Technology.lnk]
C:\Acer\EMPOWE~1\ACEREM~1.EXE [2006-05-11 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2005-09-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^DVD@ccess.lnk]
C:\PROGRA~1\APPLEC~1\DVD@CC~1\DVDACC~1.EXE [2003-11-21 888832]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Philips ×°ÖĂąÜŔíÔ±.lnk]
C:\PROGRA~1\Philips\GOGEAR~1\main.exe [2009-04-10 119296]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-02-01 61440]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Acer TV-FM\PowerCinema.exe"="C:\Program Files\Acer TV-FM\PowerCinema.exe:*:Enabled:CyberLink PowerCinema"
"C:\Program Files\Acer TV-FM\PCMService.exe"="C:\Program Files\Acer TV-FM\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"
"C:\Program Files\Acer\Acer eConsole\MediaSync.exe"="C:\Program Files\Acer\Acer eConsole\MediaSync.exe:LocalSubNet:Enabled:Media Synchoronizer"
"C:\Program Files\Acer\Acer eConsole\eConsole.exe"="C:\Program Files\Acer\Acer eConsole\eConsole.exe:LocalSubNet:Enabled:eConsole"
"C:\Program Files\Acer\Acer eConsole\MediaServerService.exe"="C:\Program Files\Acer\Acer eConsole\MediaServerService.exe:LocalSubNet:Enabled:Acer Media Server"
"C:\Program Files\CulinatiX\SQL Anywhere 7\win32\rteng7.exe"="C:\Program Files\CulinatiX\SQL Anywhere 7\win32\rteng7.exe:*:Disabled:Adaptive Server Anywhere Database Engine"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\WPMP150\miranda32.exe"="C:\Program Files\WPMP150\miranda32.exe:*:Enabled:Miranda IM"
"C:\Program Files\TrackMania Nations ESWC\TmNationsESWC.exe"="C:\Program Files\TrackMania Nations ESWC\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Java\jre1.6.0_02\bin\javaw.exe"="C:\Program Files\Java\jre1.6.0_02\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\TmNationsForever\TmForever.exe"="C:\Program Files\TmNationsForever\TmForever.exe:*:Enabled:TmForever"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\WINDOWS\system32\ftp.exe"="C:\WINDOWS\system32\ftp.exe:*:Enabled:Program pro přenos souborů"
"C:\Program Files\Miranda IM\miranda32.exe"="C:\Program Files\Miranda IM\miranda32.exe:*:Enabled:Miranda IM"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Documents and Settings\Karel\temp\TeamViewer\Version4\TeamViewer.exe"="C:\Documents and Settings\Karel\temp\TeamViewer\Version4\TeamViewer.exe:*:Disabled:TeamViewer Remote Control Application"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Codemasters\Operation Flashpoint\OperationFlashpoint.exe"="C:\Program Files\Codemasters\Operation Flashpoint\OperationFlashpoint.exe:*:Enabled:Operation Flashpoint"
"C:\Documents and Settings\Karel\temp\TeamViewer\Version5\TeamViewer.exe"="C:\Documents and Settings\Karel\temp\TeamViewer\Version5\TeamViewer.exe:*:Enabled:TeamViewer"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"

======List of files/folders created in the last 1 months======

2010-04-20 17:34:20 ----D---- C:\rsit
2010-04-20 13:15:39 ----SHD---- C:\RECYCLER
2010-04-20 12:36:32 ----A---- C:\WINDOWS\system32\CF16066.exe
2010-04-20 12:01:23 ----D---- C:\A
2010-04-18 17:29:55 ----D---- C:\Documents and Settings\Administrator\Data aplikací\WinRAR
2010-04-18 16:56:47 ----D---- C:\Program Files\trend micro
2010-04-18 16:54:15 ----A---- C:\RSIT.exe
2010-04-18 15:03:51 ----A---- C:\Boot.bak
2010-04-18 15:03:45 ----RASHD---- C:\cmdcons
2010-04-18 15:02:10 ----A---- C:\WINDOWS\NIRCMD.exe
2010-04-18 15:02:10 ----A---- C:\WINDOWS\MBR.exe
2010-04-18 15:02:09 ----A---- C:\WINDOWS\zip.exe
2010-04-18 15:02:09 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-04-18 15:02:09 ----A---- C:\WINDOWS\SWSC.exe
2010-04-18 15:02:09 ----A---- C:\WINDOWS\SWREG.exe
2010-04-18 15:02:09 ----A---- C:\WINDOWS\sed.exe
2010-04-18 15:02:09 ----A---- C:\WINDOWS\PEV.exe
2010-04-18 15:02:09 ----A---- C:\WINDOWS\grep.exe
2010-04-18 14:58:53 ----D---- C:\WINDOWS\ERDNT
2010-04-18 14:58:52 ----A---- C:\WINDOWS\system32\CF3953.exe
2010-04-18 14:58:51 ----D---- C:\Qoobox
2010-04-18 14:41:15 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2010-04-18 13:35:51 ----D---- C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab Setup Files
2010-04-18 13:00:08 ----D---- C:\WINDOWS\system32\CatRoot_bak
2010-04-18 11:54:32 ----A---- C:\WINDOWS\imsins.BAK
2010-04-18 11:30:59 ----A---- C:\WINDOWS\ntbtlog.txt
2010-04-18 11:01:18 ----D---- C:\Program Files\ICQ7.1
2010-04-17 23:55:45 ----D---- C:\Program Files\RAM Idle LE
2010-04-17 23:15:52 ----D---- C:\Program Files\MyAshampoo
2010-04-17 22:26:13 ----D---- C:\Documents and Settings\All Users\Data aplikací\Boss Media
2010-04-17 21:43:55 ----D---- C:\Program Files\ICQ7(2).1
2010-04-13 19:19:03 ----D---- C:\Config.Msi
2010-04-13 15:08:27 ----D---- C:\Documents and Settings\All Users\Data aplikací\Real
2010-04-08 18:24:46 ----D---- C:\Program Files\JeSim
2010-04-03 17:55:27 ----D---- C:\Program Files\Rockstar Games
2010-03-28 22:02:33 ----D---- C:\Program Files\Common Files\Skype
2010-03-28 13:50:24 ----D---- C:\Program Files\XviD
2010-03-27 14:12:58 ----A---- C:\WINDOWS\lagarith.ini
2010-03-27 13:25:28 ----A---- C:\WINDOWS\system32\lagarith.dll
2010-03-27 13:25:26 ----A---- C:\WINDOWS\unins000.exe
2010-03-27 10:04:08 ----D---- C:\Program Files\AbleMP3

======List of files/folders modified in the last 1 months======

2010-04-20 17:32:17 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-20 17:27:00 ----D---- C:\Program Files\Symantec
2010-04-20 17:27:00 ----AD---- C:\WINDOWS\system32\drivers
2010-04-20 17:27:00 ----AD---- C:\WINDOWS\system32
2010-04-20 17:26:59 ----D---- C:\Documents and Settings\All Users\Data aplikací\Symantec
2010-04-20 17:26:57 ----D---- C:\Program Files\Norton AntiVirus
2010-04-20 17:26:20 ----SHD---- C:\WINDOWS\Installer
2010-04-20 17:24:10 ----D---- C:\WINDOWS\Prefetch
2010-04-20 16:17:34 ----D---- C:\WINDOWS\temp
2010-04-20 13:09:37 ----SD---- C:\WINDOWS\Tasks
2010-04-20 13:09:27 ----AD---- C:\WINDOWS
2010-04-20 12:48:06 ----A---- C:\WINDOWS\system.ini
2010-04-20 12:45:43 ----D---- C:\WINDOWS\AppPatch
2010-04-20 12:45:40 ----D---- C:\Program Files\Common Files
2010-04-20 12:42:31 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-20 10:05:26 ----D---- C:\Program Files\TrackMania Nations ESWC
2010-04-19 20:28:15 ----D---- C:\Program Files\rajce
2010-04-19 19:05:07 ----D---- C:\WINDOWS\msdownld.tmp
2010-04-19 17:56:17 ----AC---- C:\WINDOWS\NeroDigital.ini
2010-04-18 16:56:47 ----D---- C:\Program Files
2010-04-18 16:36:19 ----AD---- C:\WINDOWS\system
2010-04-18 16:00:57 ----D---- C:\WINDOWS\system32\CatRoot
2010-04-18 16:00:55 ----HD---- C:\WINDOWS\inf
2010-04-18 15:18:14 ----D---- C:\WINDOWS\system32\config
2010-04-18 15:03:51 ----RASH---- C:\boot.ini
2010-04-18 14:41:34 ----RSHD---- C:\WINDOWS\system32\dllcache
2010-04-18 14:37:07 ----D---- C:\WINDOWS\SoftwareDistribution
2010-04-18 13:57:01 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-04-18 11:30:44 ----D---- C:\Program Files\ICQ6Toolbar
2010-04-18 11:23:48 ----D---- C:\Program Files\rkEdit
2010-04-18 11:02:22 ----D---- C:\Documents and Settings\All Users\Data aplikací\ICQ
2010-04-18 10:03:44 ----A---- C:\WINDOWS\win.ini
2010-04-18 10:03:43 ----D---- C:\WINDOWS\pss
2010-04-18 00:48:05 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-04-17 23:02:44 ----D---- C:\Program Files\uTorrent
2010-04-17 22:48:19 ----D---- C:\Program Files\Windows Media Player
2010-04-17 22:26:55 ----D---- C:\WINDOWS\system32\wbem
2010-04-17 22:26:55 ----D---- C:\WINDOWS\Registration
2010-04-17 22:26:34 ----D---- C:\Program Files\Mozilla Firefox
2010-04-17 22:25:00 ----D---- C:\Program Files\Google
2010-04-17 22:22:21 ----D---- C:\Program Files\Internet Explorer
2010-04-15 21:30:19 ----RSD---- C:\WINDOWS\Fonts
2010-04-13 18:56:52 ----D---- C:\WINDOWS\Debug
2010-04-10 21:12:14 ----D---- C:\Program Files\Sony
2010-04-10 21:12:02 ----D---- C:\Program Files\VstPlugins
2010-04-08 14:36:04 ----D---- C:\Fraps
2010-04-06 20:17:42 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-04-03 23:32:20 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-04-02 20:03:40 ----D---- C:\WINDOWS\Help
2010-03-31 20:18:10 ----D---- C:\Program Files\ICQToolbar
2010-03-26 22:06:32 ----HD---- C:\Program Files\InstallShield Installation Information
2010-03-26 21:48:17 ----D---- C:\Program Files\WPMP150

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2009-12-07 13567]
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2005-07-08 29696]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2005-07-08 28672]
R1 UBHelper;UBHelper; C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 13952]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-18 9600]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2006-01-26 6144]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-12-05 10368]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-18 26624]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-18 57600]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-18 17024]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-18 26496]
S1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 42496]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-18 14848]
S1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
S1 prodrv04;Star Force copy protection driver v4; C:\WINDOWS\System32\drivers\prodrv04.sys [2007-03-13 114496]
S1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-01-26 52224]
S1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2005-08-26 11904]
S2 DVDAccss;DVDAccss; C:\WINDOWS\system32\drivers\DVDAccss.sys [2003-11-21 29156]
S2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
S3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2005-12-27 127872]
S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-02-01 1479680]
S3 catchme;catchme; \??\C:\DOCUME~1\Karel\LOCALS~1\Temp\catchme.sys []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-06-30 25280]
S3 int15.sys;int15.sys; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys []
S3 jfdcd;jfdcd; \??\C:\DOCUME~1\Ivanka\LOCALS~1\Temp\jfdcd.sys []
S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys [2005-12-27 88960]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-12-07 47360]
S3 Revoflt;Revoflt; C:\WINDOWS\system32\DRIVERS\revoflt.sys [2009-12-30 27064]
S3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2005-12-27 392704]
S3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2005-09-04 261632]
S3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2005-12-27 32256]
S3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-03-28 220992]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-18 31616]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2005-01-28 18944]
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS); C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys []
S3 ZD1211U(ZyDAS);ZyDAS ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyDAS); C:\WINDOWS\system32\DRIVERS\zd1211u.sys []
S3 ZDPSp50;ZDPSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\ZDPSp50.sys []
S4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2005-07-08 99584]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-11-16 691696]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 Acer Media Server;Acer Media Server; C:\Program Files\Acer\Acer eConsole\MediaServerService.exe [2006-05-04 438272]
S2 AcerMemUsageCheckService;Memory Check Service; C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [2006-03-29 28672]
S2 Application Updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [2010-01-08 380928]
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-02-01 405504]
S2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
S2 BroadCamService;BroadCam Video Streaming Server; C:\Program Files\NCH Software\BroadCam\broadcam.exe [2009-12-07 946180]
S2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe [2006-03-29 266338]
S2 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe [2006-03-29 114784]
S2 CyberLink Media Library Service;CyberLink Media Library Service; C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe [2006-03-29 1073152]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-18 268288]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-08 194032]
S2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-01-03 246520]
S2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2005-07-08 871424]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-06-07 152984]
S2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
S2 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
S2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
S2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-18 14336]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2010-01-28 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-08-31 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 usnjsvc;Služba Čtení deníku USN sdílených složek programu Messenger; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[motji]

Ještě poprosím o ten log z Gmeru - záložka File
Musím zjistit, jestli tam nezůstal ten infikovaný driver. Tyhle opravY jsou náročné na skeny, a navíc furt tam změny šmejd blokuje, ale už jsme ho odhalili, mršku