VIRY.CZ

Dobrý den, prosím o zkontrolování logu. Něco neni určitě v pořádku děkuji.

Log je v odkazu ke stažení do příspěvku se nevešel.

http://dataport.cz/file/170640/log.txt

Kdyžtak sem comp proskenoval ComboFixem

ComboFix 10-07-13.05 - mateffy 14.07.2000 7:35.1.1 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.815 [GMT 2:00]
Spuštěný z: d:\documents and settings\mateffy\Dokumenty\Stažené soubory\ComboFix.exe
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\docume~1\mateffy\LOCALS~1\Temp\services.exe
d:\windows\msa.exe
d:\windows\system\WINSPOOL.DRV
d:\windows\system32\0042.DLL
d:\windows\system32\0044.DLL
d:\windows\system32\3672377627.dat
d:\windows\system32\awttrSKb.dll
d:\windows\system32\crt.dat
d:\windows\system32\mssfc.dll
d:\windows\system32\prnqctl.vbs
d:\windows\system32\rqRJYoPH.dll
d:\windows\system32\shimg.dll
d:\windows\system32\structuredqueryschematrivial.bin
d:\windows\system32\wexe.exe
d:\windows\system32\WORK.DAT
d:\windows\system32\wupd.dat
d:\windows\system32\wvUlmmlj.dll

d:\windows\system32\sfcfiles.dll . . . je infikován!!

d:\windows\system32\msgsvc.dll . . . je infikován!!

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_HELPSVCIMAPISERVICE
-------\Legacy_SFC
-------\Legacy_SSHNAS
-------\Service_helpsvcImapiService
-------\Service_sfc

((((((((((((((((((((((((( Soubory vytvořené od 2000-06-14 do 2000-07-14 )))))))))))))))))))))))))))))))
.

2010-03-12 18:42 . 2000-03-19 22:19 -------- d-----w- d:\program files\MyFantasyMaker
2010-03-12 18:42 . 2010-03-12 18:42 -------- d-----w- d:\windows\Downloaded Installations
2010-03-10 19:29 . 2010-03-10 19:29 94208 ----a-w- d:\windows\system32\dpl100.dll
2010-03-10 10:29 . 2010-03-10 10:29 45 -c-h--w- d:\windows\dsez4455.dat
2010-03-10 10:29 . 2010-03-10 11:19 -------- d-----w- d:\program files\PhotoFiltre Studio
2010-03-07 11:25 . 2010-03-07 11:55 -------- d-----w- d:\program files\VSTplugins
2010-03-07 11:09 . 2002-01-05 15:37 344064 ----a-w- d:\windows\system32\msvcr70.dll
2010-03-07 11:06 . 2010-03-07 11:06 -------- d-----w- d:\program files\Common Files\Skype
2010-03-06 21:02 . 2010-03-06 21:02 -------- d-----w- d:\program files\Realtek
2010-03-06 21:02 . 2009-11-02 12:48 831488 -c--a-w- d:\windows\RtlExUpd.dll
2010-03-06 20:49 . 2010-03-06 20:49 -------- d-----w- d:\program files\Realtek AC97
2010-02-27 21:00 . 2010-02-27 21:00 -------- d-----w- d:\windows\system32\wbem\Repository
2010-02-27 20:59 . 2010-02-27 20:59 -------- d-----w- d:\program files\Xvid CZ
2010-02-27 20:59 . 2010-02-27 20:59 -------- d-----w- d:\windows\system32\custom matrices
2010-02-27 20:58 . 2010-02-27 20:59 -------- d-----w- d:\windows\system32\C2MP
2010-02-27 20:58 . 2010-02-27 20:58 -------- d-----w- d:\program files\XP Codec Pack
2010-02-27 20:46 . 2010-02-27 20:58 -------- d-----w- d:\program files\XP Codec Pack(2)
2010-02-27 18:39 . 2010-02-27 18:39 -------- d-----w- d:\program files\Trend Micro
2010-02-25 22:26 . 2010-02-27 20:59 -------- d-----w- d:\program files\Spybot - Search & Destroy
2010-02-25 22:23 . 2010-02-25 22:23 -------- d-----w- d:\program files\Alwil Software
2010-02-25 19:49 . 2010-03-11 12:54 -------- d-----w- d:\program files\Common Files\Adobe
2010-02-22 20:27 . 2010-02-22 20:27 -------- d-----w- d:\program files\Nero
2010-02-22 20:27 . 2010-02-22 20:30 -------- d-----w- d:\program files\Common Files\Ahead
2010-02-22 19:19 . 2010-02-27 20:58 -------- d-----w- d:\program files\DAEMON Tools Toolbar
2010-02-22 19:19 . 2010-02-22 19:19 691696 ----a-w- d:\windows\system32\drivers\sptd.sys
2010-02-20 09:46 . 2010-02-20 09:46 56 ---ha-w- d:\windows\system32\ezsidmv.dat
2010-02-20 09:35 . 2010-02-22 19:53 -------- d-----r- d:\program files\Skype
2010-02-19 19:27 . 2010-02-19 19:27 720384 ----a-w- d:\windows\system32\DivX.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- d:\windows\system32\divx_xx0c.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- d:\windows\system32\divx_xx07.dll
2010-02-19 19:27 . 2010-02-19 19:27 847872 ----a-w- d:\windows\system32\divx_xx0a.dll
2010-02-19 19:27 . 2010-02-19 19:27 843776 ----a-w- d:\windows\system32\divx_xx16.dll
2010-02-19 19:27 . 2010-02-19 19:27 839680 ----a-w- d:\windows\system32\divx_xx11.dll
2010-02-19 14:15 . 2003-05-23 12:28 1060864 ----a-w- d:\windows\system32\mfc71.dll
2010-02-19 14:15 . 2010-02-19 14:15 -------- d-----w- d:\program files\Rockstar Games
2010-02-17 20:18 . 2010-02-17 20:58 -------- d-----w- d:\program files\TO2SAM
2010-02-17 20:17 . 2010-02-17 20:58 -------- d-----w- d:\program files\Common Files\Motive
2010-02-13 17:35 . 2000-06-09 20:05 -------- d-----w- d:\program files\MaxKO
2010-02-11 21:12 . 2010-03-06 20:56 -------- d-----w- d:\program files\Essentials Codec Pack
2010-02-11 20:59 . 2010-02-11 21:00 -------- d-----w- d:\program files\The KMPlayer
2010-02-11 20:57 . 2003-06-23 00:44 1415680 ----a-w- d:\windows\system32\wmv9vcm.dll
2010-02-11 20:57 . 2001-05-16 15:54 309616 ----a-w- d:\windows\system32\wmv8dmod.dll
2010-02-11 20:53 . 2010-02-11 20:53 -------- d-----w- d:\program files\Crystal Player
2010-02-11 20:46 . 2010-02-11 20:46 -------- d-----w- d:\windows\system32\QuickTime
2010-02-11 16:10 . 2010-02-04 09:01 238936 ----a-w- d:\windows\system32\xactengine3_6.dll
2010-02-11 16:10 . 2010-02-04 09:01 22360 ----a-w- d:\windows\system32\X3DAudio1_7.dll
2010-02-10 10:11 . 2009-11-27 17:25 17920 -c----w- d:\windows\system32\dllcache\msyuv.dll
2010-02-10 10:11 . 2009-11-27 16:29 8704 -c----w- d:\windows\system32\dllcache\tsbyuv.dll
2010-02-10 10:11 . 2009-11-27 16:29 48128 -c----w- d:\windows\system32\dllcache\iyuv_32.dll
2010-02-10 10:11 . 2009-12-04 17:25 456832 -c----w- d:\windows\system32\dllcache\mrxsmb.sys
2010-02-10 10:11 . 2009-12-09 10:03 2147328 -c----w- d:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-10 10:11 . 2009-12-09 10:03 2025984 -c----w- d:\windows\system32\dllcache\ntkrpamp.exe
2010-02-07 13:27 . 2007-04-09 13:23 28552 ----a-w- d:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2010-02-07 13:27 . 2007-04-09 13:23 28040 ----a-w- d:\windows\system32\mdimon.dll
2010-02-07 13:22 . 2010-02-07 13:23 -------- d-----w- d:\windows\SHELLNEW
2010-02-07 13:22 . 2010-02-07 13:22 -------- d-----w- d:\program files\Microsoft.NET
2010-02-07 09:41 . 2010-02-07 10:06 -------- d-----w- d:\program files\Scorpions WinCheater
2010-02-04 17:03 . 2010-02-04 17:03 -------- d-----w- d:\program files\Guitar Pro 5
2010-02-04 15:11 . 2009-11-20 16:10 -------- d-----w- d:\program files\QIP Infium RičrdssonPack
2010-02-04 09:46 . 2010-02-04 15:08 -------- d-----w- d:\program files\Common Files\Symantec Shared
2010-02-04 09:42 . 2010-02-04 13:19 -------- d-----w- d:\windows\system32\Adobe
2010-02-03 20:50 . 2010-02-03 20:50 -------- d-----w- d:\windows\Sun
2010-02-03 20:38 . 2010-02-03 20:38 -------- d-----w- d:\program files\Common Files\Java
2010-02-03 20:37 . 2010-02-03 20:36 411368 ----a-w- d:\windows\system32\deploytk.dll
2010-02-03 20:36 . 2010-02-03 20:50 -------- d-----w- d:\program files\Java
2010-02-03 16:40 . 2010-02-03 16:40 -------- d-----w- d:\program files\Webteh
2010-02-03 16:23 . 2000-06-10 11:30 -------- d-----w- d:\program files\ICQ7.0
2010-02-03 16:18 . 2010-02-11 16:09 -------- d--h--w- d:\windows\msdownld.tmp
2010-02-03 16:18 . 2010-02-11 16:10 -------- d-----w- d:\windows\Logs
2010-02-03 15:50 . 2010-02-03 15:50 -------- d-----w- d:\windows\system32\NVSYS
2010-02-03 13:12 . 2010-02-03 13:12 -------- d-----w- d:\windows\ie8updates
2010-02-03 13:12 . 2010-03-12 02:03 -------- d--h--w- d:\windows\$hf_mig$
2010-02-02 23:00 . 2008-04-13 23:15 6272 ----a-w- d:\windows\system32\drivers\splitter.sys
2010-02-02 23:00 . 2008-04-13 21:09 142592 ----a-w- d:\windows\system32\drivers\aec.sys
2010-02-02 23:00 . 2008-04-13 23:15 2944 ----a-w- d:\windows\system32\drivers\drmkaud.sys
2010-02-02 23:00 . 2008-04-13 23:15 56576 ----a-w- d:\windows\system32\drivers\swmidi.sys
2010-02-02 23:00 . 2008-04-13 23:09 4992 ----a-w- d:\windows\system32\drivers\MSPQM.sys
2010-02-02 23:00 . 2008-04-13 23:47 83072 ----a-w- d:\windows\system32\drivers\wdmaud.sys
2010-02-02 23:00 . 2008-04-13 23:15 172416 ----a-w- d:\windows\system32\drivers\kmixer.sys
2010-02-02 23:00 . 2008-04-13 23:15 52864 ----a-w- d:\windows\system32\drivers\DMusic.sys
2010-02-02 23:00 . 2008-04-13 23:45 60800 ----a-w- d:\windows\system32\drivers\sysaudio.sys
2010-02-02 23:00 . 2008-04-13 23:09 5376 ----a-w- d:\windows\system32\drivers\MSPCLOCK.sys
2010-02-02 23:00 . 2008-04-13 23:09 7552 ----a-w- d:\windows\system32\drivers\MSKSSRV.sys
2010-02-02 23:00 . 2001-08-17 20:59 3072 ----a-w- d:\windows\system32\drivers\audstub.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-28 20:57 . 2000-07-13 21:00 38848 ----a-w- d:\windows\avastSS.scr
2010-06-28 20:57 . 2000-07-13 21:00 165032 ----a-w- d:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2000-07-13 21:00 46672 ----a-w- d:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2000-07-13 21:00 165456 ----a-w- d:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2000-07-13 21:00 23376 ----a-w- d:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2000-07-13 21:00 100176 ----a-w- d:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2000-07-13 21:00 94544 ----a-w- d:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2000-07-13 21:00 17744 ----a-w- d:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 20:32 . 2000-07-13 21:00 28880 ----a-w- d:\windows\system32\drivers\aavmker4.sys
2010-03-31 01:58 . 2010-02-03 16:29 9200 ------w- d:\windows\system32\drivers\cdralw2k.sys
2010-03-31 01:58 . 2010-02-03 16:29 9072 ------w- d:\windows\system32\drivers\cdr4_xp.sys
2010-03-31 01:58 . 2010-02-03 16:29 44944 ----a-w- d:\windows\system32\drivers\PxHelp20.sys
2010-03-31 01:58 . 2010-02-03 16:29 133616 ------w- d:\windows\system32\pxafs.dll
2010-03-31 01:58 . 2010-02-03 16:29 125424 ------w- d:\windows\system32\pxinsi64.exe
2010-03-31 01:58 . 2010-02-03 16:29 123888 ------w- d:\windows\system32\pxcpyi64.exe
2010-02-12 10:03 . 2000-03-13 09:49 293376 -c----w- d:\windows\system32\browserchoice.exe
2010-02-04 09:09 . 2010-02-20 23:58 183448 ----a-w- d:\windows\pchealth\helpctr\Config\Cache\Professional_32_1029.dat
2010-02-04 09:08 . 2010-02-02 22:12 86327 ----a-w- d:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-02-04 09:08 . 2010-02-02 22:12 2426 ----a-w- d:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-02-04 09:07 . 2010-02-02 22:13 8972 ----a-w- d:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-02-03 15:50 . 2010-02-02 22:33 -------- d-----w- d:\program files\Common Files\InstallShield
2010-02-02 22:19 . 2010-02-02 22:19 -------- d-----w- d:\program files\microsoft frontpage
2010-02-02 22:17 . 2010-02-02 22:17 -------- d-----w- d:\program files\MSBuild
2010-02-02 22:17 . 2010-02-02 22:17 -------- d-----w- d:\program files\Reference Assemblies
2010-02-02 22:11 . 2010-02-02 22:11 -------- d-----w- d:\program files\Windows Media Connect 2
2010-02-02 22:06 . 2010-02-02 22:06 21812 ----a-w- d:\windows\system32\emptyregdb.dat
2010-02-02 22:05 . 2010-02-02 22:05 -------- d-----w- d:\program files\Windows Desktop Search
2010-02-02 22:05 . 2010-02-02 22:05 -------- d-----w- d:\program files\MSXML 4.0
2010-02-02 22:04 . 2010-02-02 22:04 -------- d-----w- d:\program files\Microsoft Silverlight
2010-01-18 06:30 . 2010-01-18 06:30 348160 ----a-w- d:\windows\system32\msvcr71.dll
2010-01-18 06:30 . 2010-01-18 06:30 499712 ----a-w- d:\windows\system32\msvcp71.dll
2010-01-14 17:13 . 2001-10-24 11:25 77891 ----a-w- d:\windows\system32\usrmlnka.exe
2010-01-14 17:07 . 2010-02-02 22:06 1676288 ----a-w- d:\windows\system32\xpssvcs.dll
2010-01-14 17:06 . 2010-02-02 22:06 581192 ----a-w- d:\windows\system32\winUsbCoinstaller.dll
2010-01-14 17:05 . 2010-02-02 22:05 44032 ----a-w- d:\windows\system32\msstrc.dll
2010-01-14 17:05 . 2010-02-02 22:05 1418240 ----a-w- d:\windows\system32\mssrch.dll
2010-01-14 17:05 . 2010-02-02 22:05 32768 -c--a-w- d:\windows\system32\mssprxy.dll
2010-01-14 17:05 . 2010-02-02 22:05 350208 ----a-w- d:\windows\system32\mssph.dll
2010-01-14 17:05 . 2010-02-02 22:05 203776 -c--a-w- d:\windows\system32\mssphtb.dll
2010-01-14 17:05 . 2010-02-02 22:05 231936 ----a-w- d:\windows\system32\msshsq.dll
2010-01-14 17:05 . 2010-02-02 22:05 11776 ----a-w- d:\windows\system32\msshooks.dll
2010-01-14 17:05 . 2010-02-02 22:05 34816 ----a-w- d:\windows\system32\msscb.dll
2010-01-14 17:05 . 2010-02-02 22:05 87552 ----a-w- d:\windows\system32\mssitlb.dll
2010-01-14 17:05 . 2010-02-02 22:05 60416 ----a-w- d:\windows\system32\msscntrs.dll
2010-01-14 17:05 . 2010-02-02 22:06 323696 ----a-w- d:\windows\system32\msdrm.dll
2010-01-14 17:05 . 2010-01-14 17:05 312128 ----a-w- d:\windows\system32\msdelta.dll
2010-01-14 17:05 . 2010-01-14 17:05 265720 ----a-w- d:\windows\system32\msdbg2.dll
2010-01-14 17:03 . 2010-02-02 22:05 3851784 ----a-w- d:\windows\system32\D3DX9_39.dll
2010-01-14 17:02 . 2010-01-14 17:02 96792 ----a-w- d:\windows\system32\basecsp.dll
2010-01-14 17:01 . 2010-01-14 17:01 290304 ----a-w- d:\windows\system32\ulib.dll
2010-01-14 17:00 . 2010-01-14 17:00 48128 ----a-w- d:\windows\system32\mshtmler.dll
2010-01-14 16:59 . 2010-01-14 16:59 56320 ----a-w- d:\windows\system32\dot3msm.dll
2010-01-14 11:48 . 2010-01-14 11:48 4463 ----a-w- d:\windows\system32\oembios.dat
2010-01-14 11:48 . 2010-01-14 11:48 13107200 ----a-w- d:\windows\system32\oembios.bin
2010-01-01 07:58 . 2010-01-14 17:01 353792 ----a-w- d:\windows\system32\drivers\srv.sys
2009-12-21 19:02 . 2010-01-14 17:02 916480 ----a-w- d:\windows\system32\wininet.dll
2009-12-17 07:42 . 2010-02-02 22:02 343552 ----a-w- d:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2008-04-14 13:00 33280 ----a-w- d:\windows\system32\csrsrv.dll
2009-12-09 14:33 . 2009-08-04 21:53 2068352 ----a-w- d:\windows\system32\ntkrnlpa.exe
2009-12-09 14:33 . 2010-01-14 17:01 2191488 ----a-w- d:\windows\system32\ntoskrnl.exe
2009-12-04 17:25 . 2010-01-14 17:00 456832 ----a-w- d:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:25 . 2010-01-14 17:01 1294336 ----a-w- d:\windows\system32\quartz.dll
2009-11-27 17:25 . 2008-04-14 07:51 17920 ----a-w- d:\windows\system32\msyuv.dll
2009-11-27 16:29 . 2010-01-14 16:59 84992 ----a-w- d:\windows\system32\avifil32.dll
2009-11-27 16:29 . 2008-04-14 13:00 28672 ----a-w- d:\windows\system32\msvidc32.dll
2009-11-27 16:29 . 2008-04-14 13:00 11264 ----a-w- d:\windows\system32\msrle32.dll
2009-11-27 16:29 . 2008-04-14 07:51 48128 ----a-w- d:\windows\system32\iyuv_32.dll
2009-11-27 16:29 . 2001-10-24 11:25 8704 ----a-w- d:\windows\system32\tsbyuv.dll
2009-10-09 11:52 . 2009-10-09 11:45 1571840 ----a-w- d:\windows\system32\sfcfiles.dll
2009-10-09 11:51 . 2009-10-09 11:52 997376 ----a-w- d:\windows\system32\syssetup.dll
2009-09-04 15:43 . 2010-02-02 22:02 195712 ----a-w- d:\windows\system32\drivers\rdpdr.sys
2009-08-06 18:23 . 2010-02-02 22:04 274288 ----a-w- d:\windows\system32\mucltui.dll
2009-08-04 18:52 . 2009-08-04 18:52 1193832 ----a-w- d:\windows\system32\FM20.DLL
2009-06-24 11:28 . 2009-06-24 11:28 92928 ----a-w- d:\windows\system32\drivers\ksecdd.sys
2009-06-15 12:14 . 2009-06-15 12:14 78336 ----a-w- d:\windows\system32\telnet.exe
2009-03-23 11:55 . 2009-03-23 11:55 576512 ----a-w- d:\windows\system32\drivers\ntfs.sys
2009-02-09 11:59 . 2009-02-09 11:59 710144 ----a-w- d:\windows\system32\ntdll.dll
2008-07-31 18:45 . 2008-07-31 18:45 20616 ----a-w- d:\windows\system32\drivers\BtHidBus.sys
2008-07-29 20:10 . 2008-07-29 20:10 73720 ----a-w- d:\windows\system32\dxva2.dll
2008-07-29 20:10 . 2008-07-29 20:10 493048 ----a-w- d:\windows\system32\evr.dll
2008-07-29 20:10 . 2008-07-29 20:10 26112 ----a-w- d:\windows\system32\TsWpfWrp.exe
2008-07-29 19:35 . 2008-07-29 19:35 326160 ----a-w- d:\windows\system32\PresentationHost.exe
2008-07-29 18:59 . 2008-07-29 18:59 781344 ----a-w- d:\windows\system32\PresentationNative_v0300.dll
2008-07-29 18:59 . 2008-07-29 18:59 43544 ----a-w- d:\windows\system32\PresentationHostProxy.dll
2008-07-29 18:59 . 2008-07-29 18:59 105016 ----a-w- d:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2008-07-29 18:24 . 2008-07-29 18:24 97800 ----a-w- d:\windows\system32\infocardapi.dll
2008-07-29 18:24 . 2008-07-29 18:24 622080 ----a-w- d:\windows\system32\icardagt.exe
2008-07-29 18:24 . 2008-07-29 18:24 11264 ----a-w- d:\windows\system32\icardres.dll
2008-07-25 10:16 . 2008-07-25 10:16 83968 ----a-w- d:\windows\system32\mscories.dll
2008-07-25 10:16 . 2008-07-25 10:16 282112 ----a-w- d:\windows\system32\mscoree.dll
2008-07-25 10:16 . 2008-07-25 10:16 158720 ----a-w- d:\windows\system32\mscorier.dll
2008-07-25 10:16 . 2008-07-25 10:16 96760 ----a-w- d:\windows\system32\dfshim.dll
2008-07-02 12:58 . 2008-07-02 12:58 26248 ----a-w- d:\windows\system32\drivers\IvtBtBus.sys
2008-04-14 13:00 . 2010-02-02 22:56 89456 ---h--w- d:\windows\Fonts\sserifft.fon
2008-04-14 07:52 . 2010-02-02 22:58 75264 ----a-w- d:\windows\system32\usbui.dll
2008-04-14 07:52 . 2010-02-02 22:56 75264 ----a-w- d:\windows\system32\storprop.dll
2008-04-14 07:51 . 2008-04-14 13:00 29184 ----a-w- d:\windows\system32\sdhcinst.dll
2008-04-14 07:51 . 2008-04-14 13:00 30208 ----a-w- d:\windows\system32\bthserv.dll
2008-04-14 07:51 . 2008-04-14 13:00 20992 ----a-w- d:\windows\system32\bthci.dll
2008-04-14 06:53 . 2010-02-02 22:02 40840 ----a-w- d:\windows\system32\drivers\termdd.sys
.

------- Sigcheck -------

[-] 2009-10-09 11:52 . 1BE9E4648ACBFD364A6ED28B5ECEA95D . 1571840 . . [------] . . d:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="d:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"Skype"="d:\program files\Skype\Phone\Skype.exe" [2010-02-22 26101032]
"CTSyncU.exe"="d:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]
"ICQ"="d:\program files\ICQ7.0\ICQ.exe" [2010-06-08 133368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2003-05-02 4640768]
"nwiz"="nwiz.exe" [2003-05-02 323584]
"NeroFilterCheck"="d:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"CTCheck"="d:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 397312]
"DivXUpdate"="d:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "d:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2010-01-14 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Documents and Settings\\mateffy\\Data aplikací\\uTorrent\\utorrent.exe"=
"d:\\Program Files\\ICQ7.0\\ICQ.exe"=
"d:\\Program Files\\ICQ7.0\\aolload.exe"=
"d:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\Program Files\\QIP Infium RičrdssonPack\\infium.exe"=
"d:\\Program Files\\Metin2\\metin2.bin"=
"d:\\Program Files\\Metin2\\metin2client.bin"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"4156:TCP"= 4156:TCP:Services
"6812:TCP"= 6812:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop

R0 BtHidBus;Bluetooth HID Bus Service;d:\windows\system32\drivers\BtHidBus.sys [31.7.2008 20:45 20616]
S1 aswSP;aswSP;d:\windows\system32\drivers\aswSP.sys [13.7.2000 23:00 165456]
S1 DumpDrv;Crash Dump Driver;d:\windows\system32\drivers\dumpdrv.sys [14.1.2010 19:04 9472]
S2 aswFsBlk;aswFsBlk;d:\windows\system32\drivers\aswFsBlk.sys [13.7.2000 23:00 17744]
S3 IvtBtBUs;IVT Bluetooth Bus Service;d:\windows\system32\drivers\IvtBtBus.sys [2.7.2008 14:58 26248]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"d:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe" --> d:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [?]
S3 SexyReplay;S-Shield Driver;\??\d:\documents and settings\mateffy\Dokumenty\Stažené soubory\SexyKO\Inc\b.b --> d:\documents and settings\mateffy\Dokumenty\Stažené soubory\SexyKO\Inc\b.b [?]
S3 WinRM;Windows Remote Management (WS-Management);d:\windows\system32\svchost.exe -k WINRM [14.1.2010 19:01 14848]
S4 sptd;sptd;d:\windows\system32\drivers\sptd.sys [22.2.2010 21:19 691696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1750559
uInternet Settings,ProxyServer = socks=
IE: E&xportovat do aplikace Microsoft Excel - d:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - d:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - d:\documents and settings\mateffy\Data aplikací\Mozilla\Firefox\Profiles\693blfge.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - plugin: d:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- NASTAVENÍ FIREFOXU ----
d:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-SunJavaUpdateSched - d:\program files\Java\jre6\bin\jusched.exe
Notify-RailNotification - (no file)
AddRemove-Creative Audio CD Ripper - d:\program files\Creative Installation Information\CD_RIPPER_UNICODE_2\Setup.exe
AddRemove-Creative Sync Manager (Unicode) - d:\program files\Creative Installation Information\CREATIVE_SYNC_MANAGER_U\Setup.exe
AddRemove-Creative Video Converter - d:\program files\Creative Installation Information\CREATIVE_VIDEO_CONVERTER\Setup.exe
AddRemove-ZEN (MTP) Media Explorer - d:\program files\Creative Installation Information\ZEN_MTP_MEDIA_EXPLORER\Setup.exe
AddRemove-ZENcast Organizer - d:\program files\Creative Installation Information\ZENCAST_ORGANIZER\Setup.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - d:\program files\DivX\DivXCodecUninstall.exe
AddRemove-{88EB38EF-4D2C-436D-ABD3-56B232674062} - d:\program files\InstallShield Installation Information\{88EB38EF-4D2C-436D-ABD3-56B232674062}\ICQ7.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2000-07-14 07:51
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8649978A]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7873f28
\Driver\ACPI -> ACPI.sys @ 0xf77e6cb8
\Driver\atapi -> ntoskrnl.exe @ 0x805c7a1e
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a9
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a9
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
NDIS: Intel(R) PRO/100 S Desktop Adapter -> SendCompleteHandler -> 0x864ffb60
PacketIndicateHandler -> NDIS.sys @ 0xf767eb21
SendHandler -> NDIS.sys @ 0xf765c87b
copy of MBR has been found in sector 0x02546841
malicious code @ sector 0x02546844 !
PE file found in sector at 0x0254685A !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SexyReplay]
"ImagePath"="\??\d:\documents and settings\mateffy\Dokumenty\Stažené soubory\SexyKO\Inc\b.b"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cf,59,f5,11,cc,bf,93,48,bc,e8,ae,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cf,59,f5,11,cc,bf,93,48,bc,e8,ae,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(368)
d:\windows\system32\msi.dll
.
Celkový čas: 2000-07-14 07:58:47 - počítač byl restartován
ComboFix-quarantined-files.txt 2000-07-14 05:58

Před spuštěním: Volných bajtů: 19 097 137 152
Po spuštění: Volných bajtů: 21 564 055 552

- - End Of File - - 2CCDBE0493C025D33BB8F4C23222A690

no dnes uz toho vela nestihnem, snad sa Ta poobede niekto ujme - nateraz urob:
Presun ComboFix
na plochu (ak tam este nie je)

otvor si Poznamkovy blok - notepad

do neho zkopiruj skript z nasledujiceho okna:

Kód: Vybrat vše

Driver::
SexyReplay

uloz vytvoreny textovy soubor ako CFScript.txt na plochu

po ulozeni uchop vytvoreny skript lavym tlacitkom mysi a presun ho nad ikonu Combofixu, nad nim skript upust:

Obrázek

po aplikacii by mal vzniknut dalsi log, ten vloz sem

+ prescanuj PC s MBAM - log vloz

Dobře, děkuji za pomoc

Udělal jsem vše podle pokynů.
Tady je další log z ComboFix a scan z programu MBAM

ComboFix 10-07-13.08 - Administrator 14.07.2000 13:16:10.2.1 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.821 [GMT 2:00]
Spuštěný z: d:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: d:\documents and settings\Administrator\Plocha\CFScript.txt.txt
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\windows\system32\mssfc.dll

Nakažená kopie d:\windows\system32\msgsvc.dll byla nalezena a vyléčena.
Obnovena kopie z - d:\windows\ERDNT\cache\msgsvc.dll

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SEXYREPLAY
-------\Legacy_SFC
-------\Service_SexyReplay
-------\Service_sfc

((((((((((((((((((((((((( Soubory vytvořené od 2000-06-14 do 2000-07-14 )))))))))))))))))))))))))))))))
.

2010-03-12 18:42 . 2000-03-19 22:19 -------- d-----w- d:\program files\MyFantasyMaker
2010-03-12 18:42 . 2010-03-12 18:42 -------- d-----w- d:\windows\Downloaded Installations
2010-03-10 19:29 . 2010-03-10 19:29 94208 ----a-w- d:\windows\system32\dpl100.dll
2010-03-10 10:29 . 2010-03-10 10:29 45 -c-h--w- d:\windows\dsez4455.dat
2010-03-10 10:29 . 2010-03-10 11:19 -------- d-----w- d:\program files\PhotoFiltre Studio
2010-03-07 11:25 . 2010-03-07 11:55 -------- d-----w- d:\program files\VSTplugins
2010-03-07 11:09 . 2002-01-05 15:37 344064 ----a-w- d:\windows\system32\msvcr70.dll
2010-03-07 11:06 . 2010-03-07 11:06 -------- d-----w- d:\program files\Common Files\Skype
2010-03-06 21:02 . 2010-03-06 21:02 -------- d-----w- d:\program files\Realtek
2010-03-06 21:02 . 2009-11-02 12:48 831488 -c--a-w- d:\windows\RtlExUpd.dll
2010-03-06 20:49 . 2010-03-06 20:49 -------- d-----w- d:\program files\Realtek AC97
2010-02-27 21:00 . 2010-02-27 21:00 -------- d-----w- d:\windows\system32\wbem\Repository
2010-02-27 20:59 . 2010-02-27 20:59 -------- d-----w- d:\program files\Xvid CZ
2010-02-27 20:59 . 2010-02-27 20:59 -------- d-----w- d:\windows\system32\custom matrices
2010-02-27 20:58 . 2010-02-27 20:59 -------- d-----w- d:\windows\system32\C2MP
2010-02-27 20:58 . 2010-02-27 20:58 -------- d-----w- d:\program files\XP Codec Pack
2010-02-27 20:46 . 2010-02-27 20:58 -------- d-----w- d:\program files\XP Codec Pack(2)
2010-02-27 18:39 . 2000-07-14 06:38 -------- d-----w- d:\program files\Trend Micro
2010-02-25 22:26 . 2010-02-27 20:59 -------- d-----w- d:\program files\Spybot - Search & Destroy
2010-02-25 22:23 . 2010-02-25 22:23 -------- d-----w- d:\program files\Alwil Software
2010-02-25 19:49 . 2010-03-11 12:54 -------- d-----w- d:\program files\Common Files\Adobe
2010-02-22 20:27 . 2010-02-22 20:27 -------- d-----w- d:\program files\Nero
2010-02-22 20:27 . 2010-02-22 20:30 -------- d-----w- d:\program files\Common Files\Ahead
2010-02-22 19:19 . 2010-02-27 20:58 -------- d-----w- d:\program files\DAEMON Tools Toolbar
2010-02-22 19:19 . 2010-02-22 19:19 691696 ----a-w- d:\windows\system32\drivers\sptd.sys
2010-02-20 09:46 . 2010-02-20 09:46 56 ---ha-w- d:\windows\system32\ezsidmv.dat
2010-02-20 09:35 . 2010-02-22 19:53 -------- d-----r- d:\program files\Skype
2010-02-19 19:27 . 2010-02-19 19:27 720384 ----a-w- d:\windows\system32\DivX.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- d:\windows\system32\divx_xx0c.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- d:\windows\system32\divx_xx07.dll
2010-02-19 19:27 . 2010-02-19 19:27 847872 ----a-w- d:\windows\system32\divx_xx0a.dll
2010-02-19 19:27 . 2010-02-19 19:27 843776 ----a-w- d:\windows\system32\divx_xx16.dll
2010-02-19 19:27 . 2010-02-19 19:27 839680 ----a-w- d:\windows\system32\divx_xx11.dll
2010-02-19 14:15 . 2003-05-23 12:28 1060864 ----a-w- d:\windows\system32\mfc71.dll
2010-02-19 14:15 . 2010-02-19 14:15 -------- d-----w- d:\program files\Rockstar Games
2010-02-17 20:18 . 2010-02-17 20:58 -------- d-----w- d:\program files\TO2SAM
2010-02-17 20:17 . 2010-02-17 20:58 -------- d-----w- d:\program files\Common Files\Motive
2010-02-13 17:35 . 2000-06-09 20:05 -------- d-----w- d:\program files\MaxKO
2010-02-11 21:12 . 2010-03-06 20:56 -------- d-----w- d:\program files\Essentials Codec Pack
2010-02-11 20:59 . 2010-02-11 21:00 -------- d-----w- d:\program files\The KMPlayer
2010-02-11 20:57 . 2003-06-23 00:44 1415680 ----a-w- d:\windows\system32\wmv9vcm.dll
2010-02-11 20:57 . 2001-05-16 15:54 309616 ----a-w- d:\windows\system32\wmv8dmod.dll
2010-02-11 20:53 . 2010-02-11 20:53 -------- d-----w- d:\program files\Crystal Player
2010-02-11 20:46 . 2010-02-11 20:46 -------- d-----w- d:\windows\system32\QuickTime
2010-02-11 16:10 . 2010-02-04 09:01 238936 ----a-w- d:\windows\system32\xactengine3_6.dll
2010-02-11 16:10 . 2010-02-04 09:01 22360 ----a-w- d:\windows\system32\X3DAudio1_7.dll
2010-02-10 10:11 . 2009-11-27 17:25 17920 -c----w- d:\windows\system32\dllcache\msyuv.dll
2010-02-10 10:11 . 2009-11-27 16:29 8704 -c----w- d:\windows\system32\dllcache\tsbyuv.dll
2010-02-10 10:11 . 2009-11-27 16:29 48128 -c----w- d:\windows\system32\dllcache\iyuv_32.dll
2010-02-10 10:11 . 2009-12-04 17:25 456832 -c----w- d:\windows\system32\dllcache\mrxsmb.sys
2010-02-10 10:11 . 2009-12-09 10:03 2147328 -c----w- d:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-10 10:11 . 2009-12-09 10:03 2025984 -c----w- d:\windows\system32\dllcache\ntkrpamp.exe
2010-02-07 13:27 . 2007-04-09 13:23 28552 ----a-w- d:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2010-02-07 13:27 . 2007-04-09 13:23 28040 ----a-w- d:\windows\system32\mdimon.dll
2010-02-07 13:22 . 2010-02-07 13:23 -------- d-----w- d:\windows\SHELLNEW
2010-02-07 13:22 . 2010-02-07 13:22 -------- d-----w- d:\program files\Microsoft.NET
2010-02-07 09:41 . 2010-02-07 10:06 -------- d-----w- d:\program files\Scorpions WinCheater
2010-02-04 17:03 . 2010-02-04 17:03 -------- d-----w- d:\program files\Guitar Pro 5
2010-02-04 15:11 . 2009-11-20 16:10 -------- d-----w- d:\program files\QIP Infium RičrdssonPack
2010-02-04 09:46 . 2010-02-04 15:08 -------- d-----w- d:\program files\Common Files\Symantec Shared
2010-02-04 09:42 . 2010-02-04 13:19 -------- d-----w- d:\windows\system32\Adobe
2010-02-03 20:50 . 2010-02-03 20:50 -------- d-----w- d:\windows\Sun
2010-02-03 20:38 . 2010-02-03 20:38 -------- d-----w- d:\program files\Common Files\Java
2010-02-03 20:37 . 2010-02-03 20:36 411368 ----a-w- d:\windows\system32\deploytk.dll
2010-02-03 20:36 . 2010-02-03 20:50 -------- d-----w- d:\program files\Java
2010-02-03 16:40 . 2010-02-03 16:40 -------- d-----w- d:\program files\Webteh
2010-02-03 16:23 . 2000-06-10 11:30 -------- d-----w- d:\program files\ICQ7.0
2010-02-03 16:18 . 2010-02-11 16:09 -------- d--h--w- d:\windows\msdownld.tmp
2010-02-03 16:18 . 2010-02-11 16:10 -------- d-----w- d:\windows\Logs
2010-02-03 15:50 . 2010-02-03 15:50 -------- d-----w- d:\windows\system32\NVSYS
2010-02-03 13:12 . 2010-02-03 13:12 -------- d-----w- d:\windows\ie8updates
2010-02-03 13:12 . 2010-03-12 02:03 -------- d--h--w- d:\windows\$hf_mig$
2010-02-02 23:00 . 2008-04-13 23:15 6272 ----a-w- d:\windows\system32\drivers\splitter.sys
2010-02-02 23:00 . 2008-04-13 21:09 142592 ----a-w- d:\windows\system32\drivers\aec.sys
2010-02-02 23:00 . 2008-04-13 23:15 2944 ----a-w- d:\windows\system32\drivers\drmkaud.sys
2010-02-02 23:00 . 2008-04-13 23:15 56576 ----a-w- d:\windows\system32\drivers\swmidi.sys
2010-02-02 23:00 . 2008-04-13 23:09 4992 ----a-w- d:\windows\system32\drivers\MSPQM.sys
2010-02-02 23:00 . 2008-04-13 23:47 83072 ----a-w- d:\windows\system32\drivers\wdmaud.sys
2010-02-02 23:00 . 2008-04-13 23:15 172416 ----a-w- d:\windows\system32\drivers\kmixer.sys
2010-02-02 23:00 . 2008-04-13 23:15 52864 ----a-w- d:\windows\system32\drivers\DMusic.sys
2010-02-02 23:00 . 2008-04-13 23:45 60800 ----a-w- d:\windows\system32\drivers\sysaudio.sys
2010-02-02 23:00 . 2008-04-13 23:09 5376 ----a-w- d:\windows\system32\drivers\MSPCLOCK.sys
2010-02-02 23:00 . 2008-04-13 23:09 7552 ----a-w- d:\windows\system32\drivers\MSKSSRV.sys
2010-02-02 23:00 . 2001-08-17 20:59 3072 ----a-w- d:\windows\system32\drivers\audstub.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-28 20:57 . 2000-07-13 21:00 38848 ----a-w- d:\windows\avastSS.scr
2010-06-28 20:57 . 2000-07-13 21:00 165032 ----a-w- d:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2000-07-13 21:00 46672 ----a-w- d:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2000-07-13 21:00 165456 ----a-w- d:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2000-07-13 21:00 23376 ----a-w- d:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2000-07-13 21:00 100176 ----a-w- d:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2000-07-13 21:00 94544 ----a-w- d:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2000-07-13 21:00 17744 ----a-w- d:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 20:32 . 2000-07-13 21:00 28880 ----a-w- d:\windows\system32\drivers\aavmker4.sys
2010-03-31 01:58 . 2010-02-03 16:29 9200 ------w- d:\windows\system32\drivers\cdralw2k.sys
2010-03-31 01:58 . 2010-02-03 16:29 9072 ------w- d:\windows\system32\drivers\cdr4_xp.sys
2010-03-31 01:58 . 2010-02-03 16:29 44944 ----a-w- d:\windows\system32\drivers\PxHelp20.sys
2010-03-31 01:58 . 2010-02-03 16:29 133616 ------w- d:\windows\system32\pxafs.dll
2010-03-31 01:58 . 2010-02-03 16:29 125424 ------w- d:\windows\system32\pxinsi64.exe
2010-03-31 01:58 . 2010-02-03 16:29 123888 ------w- d:\windows\system32\pxcpyi64.exe
2010-02-12 10:03 . 2000-03-13 09:49 293376 -c----w- d:\windows\system32\browserchoice.exe
2010-02-04 09:09 . 2010-02-20 23:58 183448 ----a-w- d:\windows\pchealth\helpctr\Config\Cache\Professional_32_1029.dat
2010-02-04 09:08 . 2010-02-02 22:12 86327 ----a-w- d:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-02-04 09:08 . 2010-02-02 22:12 2426 ----a-w- d:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-02-04 09:07 . 2010-02-02 22:13 8972 ----a-w- d:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-02-03 15:50 . 2010-02-02 22:33 -------- d-----w- d:\program files\Common Files\InstallShield
2010-02-02 22:19 . 2010-02-02 22:19 -------- d-----w- d:\program files\microsoft frontpage
2010-02-02 22:17 . 2010-02-02 22:17 -------- d-----w- d:\program files\MSBuild
2010-02-02 22:17 . 2010-02-02 22:17 -------- d-----w- d:\program files\Reference Assemblies
2010-02-02 22:11 . 2010-02-02 22:11 -------- d-----w- d:\program files\Windows Media Connect 2
2010-02-02 22:06 . 2010-02-02 22:06 21812 ----a-w- d:\windows\system32\emptyregdb.dat
2010-02-02 22:05 . 2010-02-02 22:05 -------- d-----w- d:\program files\Windows Desktop Search
2010-02-02 22:05 . 2010-02-02 22:05 -------- d-----w- d:\program files\MSXML 4.0
2010-02-02 22:04 . 2010-02-02 22:04 -------- d-----w- d:\program files\Microsoft Silverlight
2010-01-18 06:30 . 2010-01-18 06:30 348160 ----a-w- d:\windows\system32\msvcr71.dll
2010-01-18 06:30 . 2010-01-18 06:30 499712 ----a-w- d:\windows\system32\msvcp71.dll
2010-01-14 17:13 . 2001-10-24 11:25 77891 ----a-w- d:\windows\system32\usrmlnka.exe
2010-01-14 17:07 . 2010-02-02 22:06 1676288 ----a-w- d:\windows\system32\xpssvcs.dll
2010-01-14 17:06 . 2010-02-02 22:06 581192 ----a-w- d:\windows\system32\winUsbCoinstaller.dll
2010-01-14 17:05 . 2010-02-02 22:05 44032 ----a-w- d:\windows\system32\msstrc.dll
2010-01-14 17:05 . 2010-02-02 22:05 1418240 ----a-w- d:\windows\system32\mssrch.dll
2010-01-14 17:05 . 2010-02-02 22:05 32768 -c--a-w- d:\windows\system32\mssprxy.dll
2010-01-14 17:05 . 2010-02-02 22:05 350208 ----a-w- d:\windows\system32\mssph.dll
2010-01-14 17:05 . 2010-02-02 22:05 203776 -c--a-w- d:\windows\system32\mssphtb.dll
2010-01-14 17:05 . 2010-02-02 22:05 231936 ----a-w- d:\windows\system32\msshsq.dll
2010-01-14 17:05 . 2010-02-02 22:05 11776 ----a-w- d:\windows\system32\msshooks.dll
2010-01-14 17:05 . 2010-02-02 22:05 34816 ----a-w- d:\windows\system32\msscb.dll
2010-01-14 17:05 . 2010-02-02 22:05 87552 ----a-w- d:\windows\system32\mssitlb.dll
2010-01-14 17:05 . 2010-02-02 22:05 60416 ----a-w- d:\windows\system32\msscntrs.dll
2010-01-14 17:05 . 2010-02-02 22:06 323696 ----a-w- d:\windows\system32\msdrm.dll
2010-01-14 17:05 . 2010-01-14 17:05 312128 ----a-w- d:\windows\system32\msdelta.dll
2010-01-14 17:05 . 2010-01-14 17:05 265720 ----a-w- d:\windows\system32\msdbg2.dll
2010-01-14 17:03 . 2010-02-02 22:05 3851784 ----a-w- d:\windows\system32\D3DX9_39.dll
2010-01-14 17:02 . 2010-01-14 17:02 96792 ----a-w- d:\windows\system32\basecsp.dll
2010-01-14 17:01 . 2010-01-14 17:01 290304 ----a-w- d:\windows\system32\ulib.dll
2010-01-14 17:00 . 2010-01-14 17:00 48128 ----a-w- d:\windows\system32\mshtmler.dll
2010-01-14 16:59 . 2010-01-14 16:59 56320 ----a-w- d:\windows\system32\dot3msm.dll
2010-01-14 11:48 . 2010-01-14 11:48 4463 ----a-w- d:\windows\system32\oembios.dat
2010-01-14 11:48 . 2010-01-14 11:48 13107200 ----a-w- d:\windows\system32\oembios.bin
2010-01-01 07:58 . 2010-01-14 17:01 353792 ----a-w- d:\windows\system32\drivers\srv.sys
2009-12-21 19:02 . 2010-01-14 17:02 916480 ----a-w- d:\windows\system32\wininet.dll
2009-12-17 07:42 . 2010-02-02 22:02 343552 ----a-w- d:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2008-04-14 13:00 33280 ----a-w- d:\windows\system32\csrsrv.dll
2009-12-09 14:33 . 2009-08-04 21:53 2068352 ----a-w- d:\windows\system32\ntkrnlpa.exe
2009-12-09 14:33 . 2010-01-14 17:01 2191488 ----a-w- d:\windows\system32\ntoskrnl.exe
2009-12-04 17:25 . 2010-01-14 17:00 456832 ----a-w- d:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:25 . 2010-01-14 17:01 1294336 ----a-w- d:\windows\system32\quartz.dll
2009-11-27 17:25 . 2008-04-14 07:51 17920 ----a-w- d:\windows\system32\msyuv.dll
2009-11-27 16:29 . 2010-01-14 16:59 84992 ----a-w- d:\windows\system32\avifil32.dll
2009-11-27 16:29 . 2008-04-14 13:00 28672 ----a-w- d:\windows\system32\msvidc32.dll
2009-11-27 16:29 . 2008-04-14 13:00 11264 ----a-w- d:\windows\system32\msrle32.dll
2009-11-27 16:29 . 2008-04-14 07:51 48128 ----a-w- d:\windows\system32\iyuv_32.dll
2009-11-27 16:29 . 2001-10-24 11:25 8704 ----a-w- d:\windows\system32\tsbyuv.dll
2009-10-09 11:51 . 2009-10-09 11:52 997376 ----a-w- d:\windows\system32\syssetup.dll
2009-09-04 15:43 . 2010-02-02 22:02 195712 ----a-w- d:\windows\system32\drivers\rdpdr.sys
2009-08-06 18:23 . 2010-02-02 22:04 274288 ----a-w- d:\windows\system32\mucltui.dll
2009-08-04 18:52 . 2009-08-04 18:52 1193832 ----a-w- d:\windows\system32\FM20.DLL
2009-06-24 11:28 . 2009-06-24 11:28 92928 ----a-w- d:\windows\system32\drivers\ksecdd.sys
2009-06-15 12:14 . 2009-06-15 12:14 78336 ----a-w- d:\windows\system32\telnet.exe
2009-03-23 11:55 . 2009-03-23 11:55 576512 ----a-w- d:\windows\system32\drivers\ntfs.sys
2009-02-09 11:59 . 2009-02-09 11:59 710144 ----a-w- d:\windows\system32\ntdll.dll
2008-07-31 18:45 . 2008-07-31 18:45 20616 ----a-w- d:\windows\system32\drivers\BtHidBus.sys
2008-07-29 20:10 . 2008-07-29 20:10 73720 ----a-w- d:\windows\system32\dxva2.dll
2008-07-29 20:10 . 2008-07-29 20:10 493048 ----a-w- d:\windows\system32\evr.dll
2008-07-29 20:10 . 2008-07-29 20:10 26112 ----a-w- d:\windows\system32\TsWpfWrp.exe
2008-07-29 19:35 . 2008-07-29 19:35 326160 ----a-w- d:\windows\system32\PresentationHost.exe
2008-07-29 18:59 . 2008-07-29 18:59 781344 ----a-w- d:\windows\system32\PresentationNative_v0300.dll
2008-07-29 18:59 . 2008-07-29 18:59 43544 ----a-w- d:\windows\system32\PresentationHostProxy.dll
2008-07-29 18:59 . 2008-07-29 18:59 105016 ----a-w- d:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2008-07-29 18:24 . 2008-07-29 18:24 97800 ----a-w- d:\windows\system32\infocardapi.dll
2008-07-29 18:24 . 2008-07-29 18:24 622080 ----a-w- d:\windows\system32\icardagt.exe
2008-07-29 18:24 . 2008-07-29 18:24 11264 ----a-w- d:\windows\system32\icardres.dll
2008-07-25 10:16 . 2008-07-25 10:16 83968 ----a-w- d:\windows\system32\mscories.dll
2008-07-25 10:16 . 2008-07-25 10:16 282112 ----a-w- d:\windows\system32\mscoree.dll
2008-07-25 10:16 . 2008-07-25 10:16 158720 ----a-w- d:\windows\system32\mscorier.dll
2008-07-25 10:16 . 2008-07-25 10:16 96760 ----a-w- d:\windows\system32\dfshim.dll
2008-07-02 12:58 . 2008-07-02 12:58 26248 ----a-w- d:\windows\system32\drivers\IvtBtBus.sys
2008-04-14 13:00 . 2010-02-02 22:56 89456 ---h--w- d:\windows\Fonts\sserifft.fon
2008-04-14 07:52 . 2010-02-02 22:58 75264 ----a-w- d:\windows\system32\usbui.dll
2008-04-14 07:52 . 2010-02-02 22:56 75264 ----a-w- d:\windows\system32\storprop.dll
2008-04-14 07:51 . 2008-04-14 13:00 29184 ----a-w- d:\windows\system32\sdhcinst.dll
2008-04-14 07:51 . 2008-04-14 13:00 30208 ----a-w- d:\windows\system32\bthserv.dll
2008-04-14 07:51 . 2008-04-14 13:00 20992 ----a-w- d:\windows\system32\bthci.dll
2008-04-14 06:53 . 2010-02-02 22:02 40840 ----a-w- d:\windows\system32\drivers\termdd.sys
2008-04-14 06:53 . 2008-04-14 07:53 294912 ----a-w- d:\windows\system32\msh263.drv
.

------- Sigcheck -------

[-] 2000-07-14 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . d:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "d:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2010-01-14 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
d:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTCheck]
2007-11-06 10:08 397312 ------w- d:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 13:00 15360 ----a-w- d:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- d:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-09 17:53 153136 ----a-w- d:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2003-05-02 07:19 323584 ----a-r- d:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Documents and Settings\\mateffy\\Data aplikací\\uTorrent\\utorrent.exe"=
"d:\\Program Files\\ICQ7.0\\ICQ.exe"=
"d:\\Program Files\\ICQ7.0\\aolload.exe"=
"d:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\Program Files\\QIP Infium RičrdssonPack\\infium.exe"=
"d:\\Program Files\\Metin2\\metin2.bin"=
"d:\\Program Files\\Metin2\\metin2client.bin"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"4156:TCP"= 4156:TCP:Services
"6812:TCP"= 6812:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop

R0 BtHidBus;Bluetooth HID Bus Service;d:\windows\system32\drivers\BtHidBus.sys [31.7.2008 20:45 20616]
S0 sptd;sptd;d:\windows\system32\drivers\sptd.sys [22.2.2010 21:19 691696]
S1 aswSP;aswSP;d:\windows\system32\drivers\aswSP.sys [13.7.2000 23:00 165456]
S1 DumpDrv;Crash Dump Driver;d:\windows\system32\drivers\dumpdrv.sys [14.1.2010 19:04 9472]
S2 aswFsBlk;aswFsBlk;d:\windows\system32\drivers\aswFsBlk.sys [13.7.2000 23:00 17744]
S3 IvtBtBUs;IVT Bluetooth Bus Service;d:\windows\system32\drivers\IvtBtBus.sys [2.7.2008 14:58 26248]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"d:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe" --> d:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [?]
S3 WinRM;Windows Remote Management (WS-Management);d:\windows\system32\svchost.exe -k WINRM [14.1.2010 19:01 14848]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
.
------- Doplňkový sken -------
.
FF - ProfilePath - d:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\cnp130y1.default\
FF - plugin: d:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- NASTAVENÍ FIREFOXU ----
d:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2000-07-14 13:26
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8649D78A]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7873f28
\Driver\ACPI -> ACPI.sys @ 0xf76dbcb8
\Driver\atapi -> ntoskrnl.exe @ 0x805c7a1e
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a9
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a9
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
NDIS: Intel(R) PRO/100 S Desktop Adapter -> SendCompleteHandler -> 0x86503b60
PacketIndicateHandler -> NDIS.sys @ 0xf7573b21
SendHandler -> NDIS.sys @ 0xf755187b
copy of MBR has been found in sector 0x02546841
malicious code @ sector 0x02546844 !
PE file found in sector at 0x0254685A !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cf,59,f5,11,cc,bf,93,48,bc,e8,ae,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cf,59,f5,11,cc,bf,93,48,bc,e8,ae,\
.
Celkový čas: 2000-07-14 13:30:53 - počítač byl restartován
ComboFix-quarantined-files.txt 2000-07-14 11:30
ComboFix2.txt 2000-07-14 05:58

Před spuštěním: Volných bajtů: 21 603 061 760
Po spuštění: Volných bajtů: 21 604 540 416

- - End Of File - - 708CEBAF48925F40D6F26FAD9A22F97F
____________________________________________
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4312

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

14.7.2000 13:47:53
mbam-log-2000-07-14 (13-47-53).txt

Typ skenu: Rychlý sken
Skenované objekty: 130335
Uplynulý čas: 10 minuta(y), 5 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 1

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
D:\WINDOWS\system32\jHbeDl8hn8.txt (Trojan.Inject) -> No action taken.

polozku najdenu v MBAM odstran
+
scan s http://www2.gmer.net/mbr/mbr.exe log vloz

Posílám log po odstranění. Za chvilku sem dám log z MBR.exe

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4312

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

15.7.2000 11:18:18
mbam-log-2000-07-15 (11-18-18).txt

Scan type: Quick scan
Objects scanned: 131344
Time elapsed: 34 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
D:\WINDOWS\system32\jHbeDl8hn8.txt (Trojan.Inject) -> Quarantined and deleted successfully.

A tady je další log. Nejspíš se tam něco oběvilo

Poraďte prosím

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
copy of MBR has been found in sector 0x02546841
malicious code @ sector 0x02546844 !
PE file found in sector at 0x0254685A !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.

skopiruj mbr.exe napr. na c: a spust ho tam s prikazoveho riadku mbr.exe -f

Jestly jsem to pochopil správně tak sem mbr.exe spustil v pecnem disku D:
prosim o polopatické vysvětlení

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 0x02546841
malicious code @ sector 0x02546844 !
PE file found in sector at 0x0254685A !

ak mas subor priamo na d: - tak start-spustit-cmd<enter>
otvori sa okno prikazoveho riadku
tam 2x zadas cd .. <enter>
mal by si mat d:
tam napises mbr.exe -f <enter>

Tak sem to snad zvládl.

tady je log z D:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 0x02546841
malicious code @ sector 0x02546844 !
PE file found in sector at 0x0254685A !
_______________________________________________________________________
tady je log z C:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 0x02546841
malicious code @ sector 0x02546844 !
PE file found in sector at 0x0254685A !

pouzi Caroprd111 22:17 - okrem testovania suboru vsetky ostatne body http://www.viry.cz/forum/viewtopic.php? ... ky#p832298

Připravuji log z GMER, prosím o chvilku strpení

1. SPTD - jsem udělal

2. Deffoger - jsem také udělal

3. Log z MBR:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 0x02546841
malicious code @ sector 0x02546844 !
PE file found in sector at 0x0254685A !

4a. Malý log z GMER

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2000-07-15 12:37:25
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: D:\DOCUME~1\mateffy\LOCALS~1\Temp\pwwoqaob.sys

---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xF1576B9C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xF15769C0]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xF1576AFA]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----

4b. Velký log z GMER

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2000-07-15 14:12:40
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: D:\DOCUME~1\mateffy\LOCALS~1\Temp\pwwoqaob.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF1569CD2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF1569B8E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xF156A142]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF156A06C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF1569764]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF1569C68]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF15696A4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF1569708]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF1569D88]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xF156A210]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF1569D48]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF1569EC8]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xF1576B9C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xF15769C0]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xF1576AFA]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + B0 804E271C 2 Bytes [D2, 9C]
.text ntoskrnl.exe!_abnormal_termination + B3 804E271F 1 Byte [F1] {INT1 }
.text ntoskrnl.exe!_abnormal_termination + 228 804E2894 2 Bytes [68, 9C]
.text ntoskrnl.exe!_abnormal_termination + 22B 804E2897 1 Byte [F1] {INT1 }
.text ntoskrnl.exe!_abnormal_termination + 310 804E297C 2 Bytes [88, 9D]
.text ...
PAGE ntoskrnl.exe!ObInsertObject 8056503A 5 Bytes JMP F1573F6C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!NtCreateSection 805652B3 7 Bytes JMP F15769C4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 80581030 7 Bytes JMP F1576BA0 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 8059F85E 5 Bytes JMP F15725B4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!ZwLoadDriver 805A3B01 7 Bytes JMP F1576AFE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
? D:\DOCUME~1\mateffy\LOCALS~1\Temp\mbr.sys Systém nemůže nalézt uvedený soubor. !

---- User code sections - GMER 1.0.15 ----

.text D:\Program Files\Mozilla Firefox\firefox.exe[4000] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 004013F0 D:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT D:\WINDOWS\system32\services.exe[700] @ D:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002
IAT D:\WINDOWS\system32\services.exe[700] @ D:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x06 0xFA 0xC0 0xE7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x9E 0xAB 0x9C 0xA6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x0C 0x48 0x6D 0xB7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x56 0xCC 0x1C 0xA9 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x70 0x20 0xB1 0xDC ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x9E 0xAB 0x9C 0xA6 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x56 0xCC 0x1C 0xA9 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x56 0xCC 0x1C 0xA9 ...

---- EOF - GMER 1.0.15 ----

Snad sem nic nevynechal

Omlouvám se za vstup, Maffy mě požádal přes SZ.

Zazálohujte si důležitá data

Stáhněte HxD portable http://mh-nexus.de/downloads/HxDsk.zip nebo ftp://wa651f4:*****@mh-nexus.de/HxDsk.zip na plochu.

Rozbalte tak, aby se nenacházel v žádné složce (nejlépe na systémový disk).
Spusťte, potvrďte hlášku kliknutím na "OK".
Klikněte na "Otvor disk" (ikonka disku nahoře), zvolte "Fyzické disky" - "Pevný Disk 1"
Odklikněte možnost "Otvor jen na čítanie".
Klikněte na "OK, varování potvrďte kliknutím na "OK".
Přejděte na Offset "02546841" a přepište ho nulami (jen dva znaky!)
To samé proveďte s Offsetem 02546844 a 0254685A.
Program zavřete a uložte změny.
Restartujte PC a dejte nový log z MBR -t.

VIRY.CZ

Zpomalený internet i aplikace

Zpomalený internet i aplikace

Re: Zpomalený internet i aplikace

Re: Zpomalený internet i aplikace

Re: Zpomalený internet i aplikace

Re: Zpomalený internet i aplikace

Re: Zpomalený internet i aplikace

Re: Zpomalený internet i aplikace

Re: Zpomalený internet i aplikace

Re: Zpomalený internet i aplikace

Re: Zpomalený internet i aplikace

Re: Zpomalený internet i aplikace

Re: Zpomalený internet i aplikace

Re: Zpomalený internet i aplikace

Re: Zpomalený internet i aplikace

Re: Zpomalený internet i aplikace