VIRY.CZ

[IMG=http://img155.imageshack.us/img155/7998/hdtuneerrorscanhitachihw.th.png][/IMG]

Uploaded with ImageShack.us

Tak snad to je ono vše co jste chtěl.

Otestujte jeste RAMky http://www.viry.cz/forum/viewtopic.php?f=53&t=106788

dobrý den, běželo to celou noc a nenašlo to žádnou chybu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

ComboFix 12-01-03.04 - Zdeňka 03.01.2012 16:41:42.6.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1250.420.1029.18.2038.522 [GMT 1:00]
Spuštěný z: c:\users\Zde˛ka\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: COMODO Firewall *Disabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-12-03 do 2012-01-03 )))))))))))))))))))))))))))))))
.
.
2012-01-03 15:58 . 2012-01-03 15:59 -------- d-----w- c:\users\Zdeňka\AppData\Local\temp
2012-01-03 15:58 . 2012-01-03 15:58 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-01-03 15:58 . 2012-01-03 15:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-03 15:35 . 2012-01-03 15:35 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{96CD7716-FFB4-4496-A63E-8EBBE5C30DE9}\offreg.dll
2012-01-03 15:34 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{96CD7716-FFB4-4496-A63E-8EBBE5C30DE9}\mpengine.dll
2011-12-30 15:07 . 2011-12-30 15:07 -------- d-----w- c:\program files\HD Tune
2011-12-29 20:06 . 2011-12-29 20:06 -------- d-----w- C:\_OTL
2011-12-27 19:46 . 2011-12-27 19:46 -------- d-----w- C:\rsit
2011-12-15 18:52 . 2011-10-25 15:56 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-15 18:52 . 2011-10-27 08:01 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-15 18:52 . 2011-10-27 08:01 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-15 18:52 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-12-15 18:52 . 2011-11-23 13:37 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-12-15 18:52 . 2011-11-08 12:10 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-12-15 18:51 . 2011-11-08 14:42 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-07 20:57 . 2011-12-07 21:02 -------- d-----w- C:\USB
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 14:24 . 2011-10-28 12:29 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-03 11:26 . 2011-12-03 11:26 781383 ----a-w- C:\RSIT.exe
2011-11-28 18:01 . 2011-12-03 11:10 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2011-12-03 11:10 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:53 . 2011-12-03 11:11 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2011-12-03 11:11 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2011-12-03 11:11 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2011-12-03 11:11 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2011-12-03 11:11 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-11-28 17:51 . 2011-12-03 11:11 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-14 16:50 . 2011-05-26 04:14 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-30 20:43 . 2011-10-30 20:43 161792 ----a-w- c:\windows\system32\msls31.dll
2011-10-30 20:43 . 2011-10-30 20:43 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-10-30 20:43 . 2011-10-30 20:43 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-10-30 20:43 . 2011-10-30 20:43 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-10-30 20:43 . 2011-10-30 20:43 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-10-30 20:43 . 2011-10-30 20:43 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-10-30 20:43 . 2011-10-30 20:43 367104 ----a-w- c:\windows\system32\html.iec
2011-10-30 20:43 . 2011-10-30 20:43 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-10-30 20:43 . 2011-10-30 20:43 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-10-30 20:43 . 2011-10-30 20:43 152064 ----a-w- c:\windows\system32\wextract.exe
2011-10-30 20:43 . 2011-10-30 20:43 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-10-30 20:43 . 2011-10-30 20:43 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-10-30 20:43 . 2011-10-30 20:43 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-10-30 20:43 . 2011-10-30 20:43 11776 ----a-w- c:\windows\system32\mshta.exe
2011-10-30 20:43 . 2011-10-30 20:43 101888 ----a-w- c:\windows\system32\admparse.dll
2011-10-30 20:43 . 2011-10-30 20:43 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-10-30 20:43 . 2011-10-30 20:43 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-10-27 19:09 . 2011-10-27 19:09 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2011-10-07 16:47 . 2011-10-07 16:47 82400 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-10-07 16:47 . 2011-10-07 16:47 488208 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-10-07 16:47 . 2011-10-07 16:47 38616 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-10-07 16:47 . 2011-10-07 16:47 19600 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-10-07 16:47 . 2011-10-07 16:47 33984 ----a-w- c:\windows\system32\cmdcsr.dll
2011-10-07 16:47 . 2011-10-07 16:47 300200 ----a-w- c:\windows\system32\guard32.dll
2011-11-15 02:13 . 2011-10-29 19:18 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 00:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\f03a7cb0-a92f-448f-81bd-952f33884137.exe" [2008-11-17 1805552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 102400]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-08 4853760]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-28 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-28 137752]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-01-07 858632]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-10-20 2497352]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
c:\users\Zdeňka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
_uninst_15624656.lnk - c:\users\Zdeňka\AppData\Local\temp\_uninst_15624656.bat [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2009-7-1 795936]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-4-27 535336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-12-02 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-12-02 19:00 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Zdeňka^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk]
path=c:\users\Zdeňka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMTDeviceService]
2009-01-21 15:11 184320 ----a-w- c:\program files\AMT Media Manager\AMTDeviceService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BTCentre]
2008-05-13 15:33 483328 ----a-w- c:\genius\ioCentre4D\gBTMouseTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO]
2011-05-26 03:43 208184 ----a-w- c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConMet]
2011-10-29 19:45 4045824 ----a-w- c:\program files\ConMet\ConMet.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPA]
2011-05-26 03:43 182584 ----a-w- c:\program files\COMODO\COMODO GeekBuddy\VALA.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
2008-01-02 23:55 521776 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2007-10-03 13:44 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe"
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"WarReg_PopUp"=c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe
"eRecoveryService"=
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-12-02 116608]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - FSUSBEXDISK
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
TCP: Interfaces\{70F9BBA8-6A00-4B8F-8AAB-BAA0437BC842}: NameServer = 192.168.1.1,156.154.70.22
TCP: Interfaces\{866D0CF4-2766-4EB5-B90E-4D856CCFE35C}: NameServer = 8.26.56.26,156.154.70.22
FF - ProfilePath - c:\users\Zdeňka\AppData\Roaming\Mozilla\Firefox\Profiles\wocu24ya.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-03 16:59
Windows 6.0.6002 Service Pack 2 NTFS
.
detected NTDLL code modification:
ZwClose
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'lsass.exe'(752)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'Explorer.exe'(4736)
c:\windows\system32\guard32.dll
c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\program files\ThinkPad\Bluetooth Software\btmmhook.dll
c:\acer\Empowering Technology\EPOWER\SysHook.dll
.
Celkový čas: 2012-01-03 17:03:36
ComboFix-quarantined-files.txt 2012-01-03 16:03
.
Před spuštěním: Volných bajtů: 33 581 105 152
Po spuštění: Volných bajtů: 32 922 411 008
.
- - End Of File - - AEFB61701A5FADFB58910E89F2FF13C0

Stahnete SPTD http://www.duplexsecure.com/en/downloads

Vyberte z uvedene stranky verzi dle sveho operacniho systemu (32(x86)bit ci 64(x64)bit)
Ulozte na plochu a spustte
Zvolte moznost Uninstall a restartujte PC - pokud nepujde kliknout (tlacitko bude sede), krok preskocte

Stahnete Defogger http://www.jpshortstuff.247fixes.com/Defogger.exe

Ulozte na plochu a spustte
Kliknete na Disable a restartujte PC - pokud nepujde kliknout (tlacitko bude sede), krok preskocte

Stahnete MBR na plochu http://www2.gmer.net/mbr/mbr.exe ale nespoustejte

Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R

Vyskoci na Vas okenko, do ktereho zkopirujte text nize
Kód: Vybrat vše
```
"%userprofile%\Desktop\mbr" -t -s
```
Kliknete na OK
Na plose se Vam vytvori log s nazvem mbr.txt, jeho obsah mi sem vlozte

Dejte logy z Gmeru - viz muj podpis

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: Hitachi_HTS542516K9SA00 rev.BBCOC31P -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
1 ntkrnlpa!IofCallDriver[0x82C86912] -> \Device\Harddisk0\DR0[0x86188AC8]
3 CLASSPNP[0x88D9D8B3] -> ntkrnlpa!IofCallDriver[0x82C86912] -> [0x85A9CC10]
5 acpi[0x806926BC] -> ntkrnlpa!IofCallDriver[0x82C86912] -> \Device\Ide\IdeDeviceP2T0L0-3[0x85AAD030]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV DI, 0x5; XOR AX, AX; MOV DL, 0x80; INT 0x13; JAE 0x2d; DEC DI; }
user & kernel MBR OK

MBR sektor budiz cisty, jeste udelejte gmera, bude trvat o neco dele zrejme

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-01-04 16:17:40
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 Hitachi_HTS542516K9SA00 rev.BBCOC31P
Running: gmer.exe; Driver: C:\Users\ZDEKA~1\AppData\Local\Temp\pwdiypog.sys

---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8E0C27A2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Společnost Microsoft)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Společnost Microsoft)
AttachedDevice \Driver\tdx \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Fajn, ted jeste ten druhy, ten bude trvat asi dele

Zkuste jej aplikovat v nouzovem rezimu

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-04 17:40:20
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 Hitachi_HTS542516K9SA00 rev.BBCOC31P
Running: gmer.exe; Driver: C:\Users\ZDEKA~1\AppData\Local\Temp\pwdiypog.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1124] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73C97817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1124] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73CEA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1124] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73C9BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1124] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73C8F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1124] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73C975E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1124] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73C8E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1124] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73CC8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1124] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73C9DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1124] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73C8FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1124] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73C8FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1124] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73C871CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1124] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73D1CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1124] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73CBC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1124] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73C8D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1124] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73C86853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1124] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73C8687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1124] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73C92AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1124] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [10002300] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Windows\Explorer.EXE[1124] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [10001B30] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Windows\Explorer.EXE[1124] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [10002690] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Windows\Explorer.EXE[1124] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [10001290] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Společnost Microsoft)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Společnost Microsoft)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe2eb36ea
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe2eb36ea@002567d63f89 0x1F 0x61 0x66 0x06 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe2eb36ea@001ca41a70e6 0x90 0x59 0xD6 0x47 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001fe2eb36ea (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001fe2eb36ea@002567d63f89 0x1F 0x61 0x66 0x06 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001fe2eb36ea@001ca41a70e6 0x90 0x59 0xD6 0x47 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib@Last Counter 11280
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib@Last Help 11281
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Zde\x2dbka\Desktop\ComboFix.exe 1
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Novß slo\xd7ka\ComboFix.exe 1
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Zde\x2dbka\Desktop\CComboFix.exe.exe 1

---- EOF - GMER 1.0.15 ----

Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R

Vyskoci na Vas okenko, do ktereho zkopirujte text nize
Kód: Vybrat vše
```
cmd
```
Kliknete na OK
Otevre se nove okno s cernym pozadim a prikazovym radkem

V okne co se zjevilo napiste chkdsk /f /r

Potvrdte pripadny dotaz na kontrolu po restartu
Restartujte PC a nechte kontrolu probehnout - pak napiste jestli neco opravila

VIRY.CZ

Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu