VIRY.CZ

Stáhněte Avenger
http://swandog46.geekstogo.com/avenger.exe

-spustíte program a potvrdíte kliknutím na ok,tím potvrzujete, že všechny činnosti s tím spojené činíte na vlastní riziko.
-Po odkliknutí se objeví hlavní okno programu,do bílého okna něj zkopírujte tento skript:
-zaškrtněte políčko scan for rootkits

a klikněte na tlačítko Execute.
-Potom se objeví okno,kde kliknutím Yes potvrdíte spuštění skriptu. Pak znovu tlačítkem yes potvrdíte restart počítače.
-Po restartu by se měl otevřít poznámkový blok s logem o vykonání skriptu, bude také uložený v C:\avenger.txt.
-Log vložte sem

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File move operation "c:\windows\ServicePackFiles\i386\atapi.sys|c:\windows\system32\drivers\atapi.sys" completed successfully.

Completed script processing.

*******************

Finished! Terminate.

Spustte znovu combofix

ComboFix 11-08-21.01 - Filip 23.08.2011 11:09:14.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1402 [GMT 2:00]
Spuštěný z: c:\documents and settings\Filip\Plocha\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-23 do 2011-08-23 )))))))))))))))))))))))))))))))
.
.
2011-08-22 19:51 . 2011-08-22 19:51 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Martau
2011-08-22 19:51 . 2011-08-22 19:51 -------- d-----w- c:\program files\Total Uninstall 5
2011-08-21 20:14 . 2011-08-21 20:14 -------- d-----w- c:\documents and settings\Filip\Data aplikací\Malwarebytes
2011-08-21 20:14 . 2011-08-21 20:14 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-08-21 20:14 . 2010-11-29 15:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-21 20:14 . 2011-08-21 20:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-21 20:14 . 2010-11-29 15:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-21 16:34 . 2011-08-21 20:05 -------- d-----w- c:\program files\Valve
2011-08-21 11:39 . 2011-08-21 11:39 -------- d-----w- c:\windows\system32\wbem\Repository
2011-08-21 11:05 . 2011-08-21 11:33 -------- d-----w- c:\documents and settings\Filip\Data aplikací\Sammsoft
2011-08-20 18:14 . 2011-08-20 18:14 -------- d-----w- C:\rsit
2011-08-20 18:14 . 2011-08-20 18:14 -------- d-----w- c:\program files\trend micro
2011-08-20 18:11 . 2011-08-20 18:11 -------- d-----w- c:\windows\ufa
2011-08-20 18:10 . 2011-08-21 20:07 246272 ----a-w- c:\windows\unrar.exe
2011-08-20 18:07 . 2011-08-20 18:07 -------- d--h--w- c:\windows\update.7.1
2011-08-20 18:05 . 2011-08-20 18:05 -------- d-----w- c:\windows\av_ico
2011-08-20 17:43 . 2011-08-21 20:32 -------- d--h--w- c:\windows\update.tray-8-0
2011-08-20 17:43 . 2011-08-20 17:43 -------- d--h--w- c:\windows\update.tray-8-0-lnk
2011-08-20 11:46 . 2011-08-20 12:08 139488 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-08-20 11:46 . 2011-08-20 12:08 270776 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-08-20 11:46 . 2011-08-20 12:07 270776 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-08-20 11:46 . 2011-08-20 11:57 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-08-12 08:20 . 2011-08-12 08:20 -------- d-----w- c:\documents and settings\Filip\Local Settings\Data aplikací\PCHealth
2011-08-11 17:18 . 2011-06-24 14:10 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-11 17:17 . 2011-07-08 14:02 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-20 12:08 . 2010-01-29 20:39 270776 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-07-15 13:29 . 2004-08-04 06:15 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2001-08-18 04:55 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-29 10:14 . 2009-09-25 11:21 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-06-29 10:14 . 2009-09-25 11:21 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-06-24 14:10 . 2004-08-17 22:49 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-21 18:18 . 2004-08-17 22:49 668160 ----a-w- c:\windows\system32\wininet.dll
2011-06-21 18:18 . 2004-08-04 05:59 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-06-21 18:18 . 2004-08-17 22:49 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-06-21 18:16 . 2004-08-17 22:44 370176 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2004-08-17 22:49 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-06 11:35 . 2004-08-17 22:44 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-30 14:18 . 2010-09-25 14:26 2474 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2011-05-11 20:20 . 2011-05-11 20:20 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-13 18:40 . !HASH: COULD NOT OPEN FILE !!!!! . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
.
((((((((((((((((((((((((((((( SnapShot@2011-08-21_20.00.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-22 21:10 . 2011-08-22 21:10 16384 c:\windows\temp\Perflib_Perfdata_55c.dat
+ 2011-08-22 21:10 . 2011-08-22 21:10 16384 c:\windows\temp\Perflib_Perfdata_3c4.dat
- 2009-09-24 19:45 . 2011-08-21 20:01 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-09-24 19:45 . 2011-08-22 14:45 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-09-24 19:45 . 2011-08-21 20:01 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-09-24 19:45 . 2011-08-22 14:45 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2011-08-22 11:51 . 2011-08-22 14:45 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2011-08-21 14:06 . 2011-08-21 20:01 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2011-08-21 14:06 . 2011-08-22 14:45 326656 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\AskToolbar\cache.dat
- 2011-08-21 14:06 . 2011-08-21 20:02 326656 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\AskToolbar\cache.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-06-25 10:30 1491928 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-06-25 1491928]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-07-29 17361032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2008-04-07 318488]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2005-03-08 176128]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [BU]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"nwiz"="nwiz.exe" [2009-03-27 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]
"SPC230NC_Monitor"="c:\windows\Philips\SPC230NC\Monitor.exe" [2007-12-10 323584]
"SPC_Monitor"="c:\windows\Philips\SPC230NC\Monitor.exe" [2007-12-10 323584]
"Copperhead"="c:\program files\CopperheadAntiSpyware\CopperScheduler.exe" [2007-10-02 1596345]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [BU]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"tray_ico"="" [BU]
"tray_ico1"="" [BU]
"tray_ico2"="" [BU]
"tray_ico3"="" [BU]
"tray_ico4"="" [BU]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Administrator\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-5-15 384512]
.
c:\documents and settings\Administrator\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-5-15 384512]
.
c:\documents and settings\Filip\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-5-15 384512]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
TrayMin230.lnk - c:\program files\Philips\Philips SPC230NC Webcam\TrayMin230.exe [2009-10-13 241664]
Wireless Utility.lnk - c:\program files\EDIMAX\Common\RaUI.exe [2011-2-22 1601536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Philips\\Intelligent Agent\\Philips Intelligent Agent.exe"=
"c:\\Documents and Settings\\Administrator\\Plocha\\Fiuypek\\Warcraft III\\Warcraft III.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\CAPCOM\\DARK VOID\\Launcher.exe"=
"c:\\Program Files\\CAPCOM\\DARK VOID\\nativePC\\Binaries\\ShippingPC-SkyGame.exe"=
"c:\\Program Files\\EA Sports\\FIFA 10\\FIFA10.exe"=
"c:\\Program Files\\CAPCOM\\Dead Rising 2\\deadrising2.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Filip\\Local Settings\\Data aplikací\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Firefly Studios\\Stronghold Crusader\\Stronghold Crusader.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [27.8.2010 16:22 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [27.8.2010 16:22 5248]
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [4.1.2011 20:33 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [4.1.2011 20:33 5248]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [24.9.2009 21:41 576024]
R2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [7.12.2010 12:32 2228008]
R3 PAEAFLT.sys;USB Composite Device;c:\windows\system32\drivers\PAEAFLT.sys [13.10.2009 16:43 8576]
R3 SPC230NC;Philips SPC230NC Webcam;c:\windows\system32\drivers\SPC230NC.SYS [13.10.2009 16:43 461056]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;"c:\program files\Avira\AntiVir Desktop\sched.exe" --> c:\program files\Avira\AntiVir Desktop\sched.exe [?]
S2 AntiVirWebService;Avira AntiVir WebGuard;"c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE" --> c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [?]
S2 ddservice;ddservice;c:\windows\update.7.1\svchostdriver.exe srv --> c:\windows\update.7.1\svchostdriver.exe srv [?]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6.5.2010 12:02 135664]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [10.11.2009 18:19 36608]
S3 GarenaPEngine;GarenaPEngine; [x]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6.5.2010 12:02 135664]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [10.11.2009 15:36 136704]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-06 10:02]
.
2011-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-06 10:02]
.
2011-08-22 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2011-06-25 10:30]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.sk/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=CS_CZ&c=74&bd=smb&pf=desktop
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 213.215.94.33 8.8.8.8
FF - ProfilePath - c:\documents and settings\Filip\Data aplikací\Mozilla\Firefox\Profiles\1x93r0uw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - prefs.js: keyword.URL - hxxp://gb.toolbarhome.com/search.aspx?srch=ku&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-23 11:14
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'lsass.exe'(828)
c:\program files\Avira\AntiVir Desktop\avsda.dll
.
- - - - - - - > 'explorer.exe'(448)
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSCS.DLL
c:\windows\system32\nvwddi.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2011-08-23 11:15:20
ComboFix-quarantined-files.txt 2011-08-23 09:15
ComboFix2.txt 2011-08-21 20:45
ComboFix3.txt 2011-08-21 20:03
ComboFix4.txt 2011-08-21 11:32
.
Před spuštěním: Volných bajtů: 148.225.974.272
Po spuštění: Volných bajtů: 148.213.682.176
.
- - End Of File - - 5A01B32AB510DB73194003B433FAA373

Furt se Vás to drží.

Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, klikněte na Save a tím si uložíte log,který sem vložíte

-Podle návodu v odkazu provedete druhý sken a log sem také vložíte.

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-08-23 20:53:06
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD2500AAJS-60B4A0 rev.02.03A02
Running: gmer.exe; Driver: C:\DOCUME~1\Filip\LOCALS~1\Temp\kftyakob.sys


---- System - GMER 1.0.15 ----

SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwEnumerateKey [0xF758A5DC]
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwEnumerateValueKey [0xF7596120]

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8A25DC28
Device \Driver\atapi \Device\Ide\IdePort0 8A25DC28
Device \Driver\atapi \Device\Ide\IdePort1 8A25DC28
Device \Driver\atapi \Device\Ide\IdePort2 8A25DC28
Device \Driver\atapi \Device\Ide\IdePort3 8A25DC28
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-12 8A25DC28
Device \Driver\d347prt \Device\Scsi\d347prt1Port5Path0Target0Lun0 8A25D8A8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port4Path0Target0Lun0 8A3D1A48
Device \Driver\d347prt \Device\Scsi\d347prt1Port5Path0Target2Lun0 8A25D8A8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 8A3D1A48
Device \Driver\d347prt \Device\Scsi\d347prt1Port5Path0Target3Lun0 8A25D8A8
Device \Driver\d347prt \Device\Scsi\d347prt1Port5Path0Target1Lun0 8A25D8A8
Device \Driver\d347prt \Device\Scsi\d347prt1 8A25D8A8
Device \FileSystem\Ntfs \Ntfs 8A802890
Device \FileSystem\Fastfat \Fat 8965E478

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Modules - GMER 1.0.15 ----

Module _________ F744C000-F7464000 (98304 bytes)

---- EOF - GMER 1.0.15 ----

A ještě druhý sken.

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-08-23 20:53:06
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD2500AAJS-60B4A0 rev.02.03A02
Running: gmer.exe; Driver: C:\DOCUME~1\Filip\LOCALS~1\Temp\kftyakob.sys


---- System - GMER 1.0.15 ----

SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwEnumerateKey [0xF758A5DC]
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwEnumerateValueKey [0xF7596120]

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8A25DC28
Device \Driver\atapi \Device\Ide\IdePort0 8A25DC28
Device \Driver\atapi \Device\Ide\IdePort1 8A25DC28
Device \Driver\atapi \Device\Ide\IdePort2 8A25DC28
Device \Driver\atapi \Device\Ide\IdePort3 8A25DC28
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-12 8A25DC28
Device \Driver\d347prt \Device\Scsi\d347prt1Port5Path0Target0Lun0 8A25D8A8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port4Path0Target0Lun0 8A3D1A48
Device \Driver\d347prt \Device\Scsi\d347prt1Port5Path0Target2Lun0 8A25D8A8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 8A3D1A48
Device \Driver\d347prt \Device\Scsi\d347prt1Port5Path0Target3Lun0 8A25D8A8
Device \Driver\d347prt \Device\Scsi\d347prt1Port5Path0Target1Lun0 8A25D8A8
Device \Driver\d347prt \Device\Scsi\d347prt1 8A25D8A8
Device \FileSystem\Ntfs \Ntfs 8A802890
Device \FileSystem\Fastfat \Fat 8965E478

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Modules - GMER 1.0.15 ----

Module _________ F744C000-F7464000 (98304 bytes)

---- EOF - GMER 1.0.15 ----

To je zase jen rychlý sken, podle náodu udělejte i ten normální

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-23 22:26:29
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD2500AAJS-60B4A0 rev.02.03A02
Running: gmer.exe; Driver: C:\DOCUME~1\Filip\LOCALS~1\Temp\kftyakob.sys


---- System - GMER 1.0.15 ----

SSDT BA2119EC ZwClose
SSDT BA2119A6 ZwCreateKey
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwCreatePagingFile [0xF7589B00]
SSDT BA2119F6 ZwCreateSection
SSDT BA21199C ZwCreateThread
SSDT BA2119AB ZwDeleteKey
SSDT BA2119B5 ZwDeleteValueKey
SSDT BA2119E7 ZwDuplicateObject
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwEnumerateKey [0xF758A5DC]
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwEnumerateValueKey [0xF7596120]
SSDT BA2119BA ZwLoadKey
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwOpenFile [0xF7589B40]
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwOpenKey [0xF7595FA4]
SSDT BA211988 ZwOpenProcess
SSDT BA21198D ZwOpenThread
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwQueryKey [0xF758A5FC]
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwQueryValueKey [0xF7596076]
SSDT BA2119C4 ZwReplaceKey
SSDT BA2119BF ZwRestoreKey
SSDT BA2119FB ZwSetContextThread
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwSetSystemPowerState [0xF7595550]
SSDT BA2119B0 ZwSetValueKey
SSDT BA211997 ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution + 19A 804E49F4 2 Bytes [20, 61]
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB941C380, 0x34C81F, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[336] USER32.dll!SetWindowLongA 7E37C29D 5 Bytes JMP 10698DD9 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[336] USER32.dll!SetWindowLongW 7E37C2BB 5 Bytes JMP 10698D6B C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[336] USER32.dll!GetWindowInfo 7E37C49C 5 Bytes JMP 104C7187 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[336] USER32.dll!TrackPopupMenu 7E3B531E 5 Bytes JMP 104C7781 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3564] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00401410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A5852F0
Device \Driver\Cdrom \Device\CdRom0 8A319008
Device \FileSystem\Rdbss \Device\FsWrap 89FD9400
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8A307968
Device \Driver\atapi \Device\Ide\IdePort0 8A307968
Device \Driver\atapi \Device\Ide\IdePort1 8A307968
Device \Driver\atapi \Device\Ide\IdePort2 8A307968
Device \Driver\atapi \Device\Ide\IdePort3 8A307968
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-12 8A307968
Device \Driver\Cdrom \Device\CdRom1 8A319008
Device \Driver\Cdrom \Device\CdRom2 8A319008
Device \Driver\Cdrom \Device\CdRom3 8A319008
Device \Driver\Cdrom \Device\CdRom4 8A319008
Device \Driver\Cdrom \Device\CdRom5 8A319008
Device \FileSystem\Srv \Device\LanmanServer 89BC0898
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A0125F0
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A0125F0
Device \FileSystem\Npfs \Device\NamedPipe 89FDD928
Device \FileSystem\Msfs \Device\Mailslot 89FD37E0
Device \Driver\d347prt \Device\Scsi\d347prt1Port5Path0Target0Lun0 8A1EC4B0
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port4Path0Target0Lun0 8A26B4A8
Device \Driver\d347prt \Device\Scsi\d347prt1Port5Path0Target2Lun0 8A1EC4B0
Device \Driver\a347scsi \Device\Scsi\a347scsi1 8A26B4A8
Device \Driver\d347prt \Device\Scsi\d347prt1Port5Path0Target3Lun0 8A1EC4B0
Device \Driver\d347prt \Device\Scsi\d347prt1Port5Path0Target1Lun0 8A1EC4B0
Device \Driver\d347prt \Device\Scsi\d347prt1 8A1EC4B0
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 89FD5830
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 89FD5830
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 89FD5830
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 89FD5830
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 89FD5830
Device \FileSystem\Cdfs \Cdfs 8A3572B0

---- Modules - GMER 1.0.15 ----

Module _________ F744C000-F7464000 (98304 bytes)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg40@ujdew 0x20 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg40@ljej40 0x35 0xB4 0xE8 0xA4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg40@ljej41 0x9E 0xB4 0xE8 0xA4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg40@ljej42 0x9E 0xB4 0xE8 0xA4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg40@ljej43 0x9E 0xB4 0xE8 0xA4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg40@ljej44 0x9E 0xB4 0xE8 0xA4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf43
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x9A 0xFF 0xA0 0xE8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x79 0x78 0x2B 0xC2 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x9A 0xFF 0xA0 0xE8 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x79 0x78 0x2B 0xC2 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x2D 0x9D 0x00 0xD7 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x79 0x78 0x2B 0xC2 ...

---- EOF - GMER 1.0.15 ----

Zkuste přímo tento soubor otestovat na www.virustotal.com
c:\windows\system32\drivers\atapi.sys

A co stym ma spravit ?? neviznam sa vtom...

uz som to spravil a nic sa nestalo...

Odešlete to na virustotal, a až Vám naběhnou výsledky antivirů, tak mi sem vložíte link ke stránce.

Po akej dlhej dobe by to malo vybehnut??? Lebo ja ked to tam dam tak mne len nieco nacitava a potom sa nic nestane...je to potom take ako naziaciatku...