VIRY.CZ

Chtěl bych poprosit o kontrolu logu, mám problém se spuštěním WIN XP. Děkuji

SmallARK
================================================================
[R]NtClose -> D:\windows\system32\drivers\aswSP.SYS
[R]NtCreateFile -> D:\windows\system32\drivers\SbFw.sys
[R]NtCreateKey -> D:\windows\system32\drivers\aswSP.SYS
[R]NtCreateProcess -> D:\windows\system32\drivers\SbFw.sys
[R]NtCreateProcessEx -> D:\windows\system32\drivers\SbFw.sys
[R]NtCreateThread -> D:\windows\system32\drivers\SbFw.sys
[R]NtDeleteFile -> D:\windows\system32\drivers\SbFw.sys
[R]NtDeleteKey -> D:\windows\system32\drivers\aswSP.SYS
[R]NtDeleteValueKey -> D:\windows\system32\drivers\aswSP.SYS
[R]NtDuplicateObject -> D:\windows\system32\drivers\aswSP.SYS
[R]NtLoadDriver -> D:\windows\system32\drivers\sbhips.sys
[R]NtMapViewOfSection -> D:\windows\system32\drivers\sbhips.sys
[R]NtOpenFile -> D:\windows\system32\drivers\SbFw.sys
[R]NtOpenKey -> D:\windows\system32\drivers\aswSP.SYS
[R]NtOpenProcess -> D:\windows\system32\drivers\aswSP.SYS
[R]NtOpenThread -> D:\windows\system32\drivers\aswSP.SYS
[R]NtQueryValueKey -> D:\windows\system32\drivers\aswSP.SYS
[R]NtRenameKey -> D:\windows\system32\drivers\aswSP.SYS
[R]NtRestoreKey -> D:\windows\system32\drivers\aswSP.SYS
[R]NtResumeThread -> D:\windows\system32\drivers\SbFw.sys
[R]NtSetInformationFile -> D:\windows\system32\drivers\SbFw.sys
[R]NtSetValueKey -> D:\windows\system32\drivers\aswSP.SYS
[R]NtWriteFile -> D:\windows\system32\drivers\SbFw.sys

MBR ROOTKIT DETECTED!

Běžící procesy
================================================================

Scanner
================================================================
[S] explorer.exe
Spouští se po startu HKLM Winlogon [Shell]

[R] AvastUI.exe
Spouští se po startu HKLM Run [avast5]

[R] jusched.exe
Spouští se po startu HKLM Run [SunJavaUpdateSched]

[R] schedhlp.exe
Spouští se po startu HKLM Run [Acronis Scheduler2 Service]

[S] ctfmon.exe
Spouští se po startu HKCU Run [CTFMON.EXE]

Po spuštění
================================================================

HKCU Run
|_ [X][SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

HKLM Run
|_ [R][avast5] D:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
|_ [X][ATIModeChange] Ati2mdxx.exe (Soubor nenalezen)
|_ [X][KernelFaultCheck] D:\windows\system32\dumprep 0 -k (Soubor nenalezen)

HKLM IC
|_ [X][>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP (Soubor nenalezen)
|_ [?][{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] D:\WINDOWS\INF\mplayer2.inf ,PerUserStub.NT
|_ [?][{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] D:\WINDOWS\INF\msnetmtg.inf ,NetMtg.Install.PerUser.NT
|_ [?][{5945c046-1e7d-11d1-bc44-00c04fd912be}] D:\WINDOWS\INF\msmsgs.inf ,BLC.QuietInstall.PerUser
|_ [?][{6BF52A52-394A-11d3-B153-00C04F79FAA6}] D:\WINDOWS\INF\wmp.inf ,PerUserStub
|_ [?][{89820200-ECBD-11cf-8B85-00AA005B4340}] regsvr32.exe /s /n /i:U shell32.dll

HKLM Winlogon Notify
|_ [X][AtiExtEvent] Ati2evxx.dll (Soubor nenalezen)

Služby (Zobraz běžící: True, Zobraz zastavené: False, Zobraz i bezpečné služby: False)
================================================================
[X] Ati HotKey Poller
|_ Cesta: D:\windows\System32\Ati2evxx.exe
| |_ Výrobce:
| |_ Popis:
| |_ MD5:
|
|_ Jméno: Ati HotKey Poller
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Zastaveno
|_ Typ:
|_ Dependency:

[X] Java Quick Starter
|_ Cesta: D:\Program Files\Java\jre6\bin\jqs.exe -service -config D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf
| |_ Výrobce:
| |_ Popis:
| |_ MD5:
|
|_ Jméno: JavaQuickStarterService
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ: Win32 Own Process
|_ Dependency:

Ovladače (Zobraz běžící: True, Zobraz zastavené: False, Zobraz i bezpečné služby: False)
================================================================
[?] AMD Processor Driver
|_ Cesta: D:\windows\System32\DRIVERS\AmdK8.sys
| |_ Výrobce: Advanced Micro Devices
| |_ Popis: AMD Processor Driver
| |_ MD5: 59301936898AE62245A6F09C0ABA9475
|
|_ Jméno: AmdK8
|_ StartName:
|_ Typ spouštění: System Start
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:

[?] Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver
|_ Cesta: D:\windows\System32\DRIVERS\Rtenicxp.sys
| |_ Výrobce: Realtek Semiconductor Corporation
| |_ Popis: Realtek 10/100/1000 NDIS 5.1 Driver
| |_ MD5: BB0AE2171F08129F4F3FF9DF20FFBF89
|
|_ Jméno: RTLE8023xp
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:

[?] SVKP
|_ Cesta: D:\windows\System32\SVKP.sys
| |_ Výrobce: AntiCracking
| |_ Popis: SVKP driver for NT
| |_ MD5: F05028B163B92C302A74409D683AC9B0
|
|_ Jméno: SVKP
|_ StartName:
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:

lNetStat
================================================================
Typ: PID Proces Local <-> Remote Status
-----------------------------------------------------------------------------------------
TCP (1176) svchost.exe 0.0.0.0:135 LISTENING
TCP (4) Systém 0.0.0.0:445 LISTENING
TCP (1304) svchost.exe 0.0.0.0:1026 LISTENING
TCP (4) Systém 0.0.0.0:1028 LISTENING
TCP (456) SbPFCl.exe 0.0.0.0:1029 LISTENING
TCP (456) SbPFCl.exe 0.0.0.0:1031 LISTENING
TCP (1228) SbPFSvc.exe 0.0.0.0:1033 LISTENING
TCP (2908) firefox.exe 0.0.0.0:1049 LISTENING
TCP (2908) firefox.exe 0.0.0.0:1053 LISTENING
TCP (1760) AvastSvc.exe 0.0.0.0:1340 LISTENING
TCP (1760) AvastSvc.exe 0.0.0.0:2819 LISTENING
TCP (1552) svchost.exe 0.0.0.0:5000 LISTENING
TCP (1228) SbPFSvc.exe 0.0.0.0:44334 LISTENING
TCP (1228) SbPFSvc.exe 0.0.0.0:44501 LISTENING
TCP (456) SbPFCl.exe 127.0.0.1:1029 <-> 127.0.0.1:44334 ESTABLISHED
TCP (456) SbPFCl.exe 127.0.0.1:1031 <-> 127.0.0.1:1033 ESTABLISHED
TCP (1228) SbPFSvc.exe 127.0.0.1:1033 <-> 127.0.0.1:1031 ESTABLISHED
TCP (2908) firefox.exe 127.0.0.1:1048 LISTENING
TCP (2908) firefox.exe 127.0.0.1:1048 <-> 127.0.0.1:1049 ESTABLISHED
TCP (2908) firefox.exe 127.0.0.1:1049 <-> 127.0.0.1:1048 ESTABLISHED
TCP (2908) firefox.exe 127.0.0.1:1052 LISTENING
TCP (2908) firefox.exe 127.0.0.1:1052 <-> 127.0.0.1:1053 ESTABLISHED
TCP (2908) firefox.exe 127.0.0.1:1053 <-> 127.0.0.1:1052 ESTABLISHED
TCP (0) 127.0.0.1:2822 TIME_WAIT
TCP (0) 127.0.0.1:2824 TIME_WAIT
TCP (0) 127.0.0.1:2829 TIME_WAIT
TCP (0) 127.0.0.1:2831 TIME_WAIT
TCP (0) 127.0.0.1:2833 TIME_WAIT
TCP (0) 127.0.0.1:2836 TIME_WAIT
TCP (800) jqs.exe 127.0.0.1:5152 LISTENING
TCP (800) jqs.exe 127.0.0.1:5152 CLOSE_WAIT
TCP (0) 127.0.0.1:12080 TIME_WAIT
TCP (0) 127.0.0.1:12080 TIME_WAIT
TCP (0) 127.0.0.1:12080 TIME_WAIT
TCP (0) 127.0.0.1:12080 TIME_WAIT
TCP (1228) SbPFSvc.exe 127.0.0.1:44334 <-> 127.0.0.1:1029 ESTABLISHED
TCP (0) 127.0.0.1:44501 TIME_WAIT
TCP (4) Systém 192.168.2.200:139 LISTENING
UDP (1176) svchost.exe 0.0.0.0:135 TIME_WAIT
UDP (4) Systém 0.0.0.0:445
UDP (988) lsass.exe 0.0.0.0:500
UDP (1516) svchost.exe 0.0.0.0:1025
UDP (1304) svchost.exe 0.0.0.0:1027
UDP (456) SbPFCl.exe 0.0.0.0:1030
UDP (456) SbPFCl.exe 0.0.0.0:1032
UDP (1516) svchost.exe 0.0.0.0:1057
UDP (1516) svchost.exe 0.0.0.0:1065
UDP (456) SbPFCl.exe 0.0.0.0:1975
UDP (1228) SbPFSvc.exe 0.0.0.0:44334
UDP (1304) svchost.exe 127.0.0.1:123
UDP (1552) svchost.exe 127.0.0.1:1900
UDP (1304) svchost.exe 192.168.2.200:123
UDP (4) Systém 192.168.2.200:137
UDP (4) Systém 192.168.2.200:138
UDP (1552) svchost.exe 192.168.2.200:1900

Moduly (Zobraz i bezpečné DLL: False, Jen bez výrobce: True, Zobraz registrované: False)
================================================================
[?] softokn3.dll
|_ Cesta: C:\Program Files\Mozilla Firefox\softokn3.dll
|_ MD5: 222AFED911CBF5F9A454ADEE53D31B30
|_ Výrobce: Mozilla Foundation
|_ Procesy
|_ firefox.exe (2908)

[?] nssdbm3.dll
|_ Cesta: C:\Program Files\Mozilla Firefox\nssdbm3.dll
|_ MD5: DCE543B6B3FF516BD65C1030E4B933FF
|_ Výrobce: Mozilla Foundation
|_ Procesy
|_ firefox.exe (2908)

[?] freebl3.dll
|_ Cesta: C:\Program Files\Mozilla Firefox\freebl3.dll
|_ MD5: 10BED437023F93DD1AD8EFA80E71280F
|_ Výrobce: Mozilla Foundation
|_ Procesy
|_ firefox.exe (2908)

================================================================
Ultimate Process Manager v4.1.3 - [ Lodus Software ]

Zdravim, pekny vecer preji a vitam Vas u nas na foru Obrázek

Prectete si pravidla fora a dejte log ze RSITu - vizte muj podpis

Co presneji si mam predstavit pod pojmem "problem se spustenim XP"

Po startu PC je možné max. dostat se do Biosu, nouzový režim nefunguje, WiN XP se nechtějí nastartovat ukáže se pouze černá obrazovka. HD jsem vložil do jiného PC kde sem ho otevřel, přověřil všem možnými antiviry a nic.

Logfile of random's system information tool 1.08 (written by random/random)
Run by Vlk at 2010-07-30 18:53:43
Systém Microsoft Windows XP Professional Service Pack 1
System drive D: has 14 GB (74%) free of 19 GB
Total RAM: 2047 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:53:49, on 30.7.2010
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
D:\windows\System32\smss.exe
D:\windows\system32\winlogon.exe
D:\windows\system32\services.exe
D:\windows\system32\lsass.exe
D:\windows\system32\svchost.exe
D:\windows\System32\svchost.exe
D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
D:\windows\Explorer.EXE
D:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
D:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
D:\windows\System32\ctfmon.exe
D:\windows\system32\spoolsv.exe
D:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
D:\Program Files\ICQ6Toolbar\ICQ Service.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
D:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
D:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\Vlk\Dokumenty\Stažené soubory\RSIT.exe
D:\Program Files\trend micro\Vlk.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/sm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - D:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [avast5] D:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [adm_tray.exe] D:\Program Files\Acronis\DriveMonitor\adm_tray.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "D:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\windows\System32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\windows\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\windows\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\windows\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\windows\System32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - D:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Ati HotKey Poller - Unknown owner - D:\windows\System32\Ati2evxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: ICQ Service - Unknown owner - D:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - D:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - D:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe

--
End of file - 5387 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - D:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - D:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-07-29 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-07-29 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - &Rádio - D:\WINDOWS\System32\msdxm.ocx [2002-09-20 844828]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - D:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-06-21 1018680]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast5"=D:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-06-28 2837864]
"ATIModeChange"=Ati2mdxx.exe []
"SunJavaUpdateSched"=D:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"KernelFaultCheck"=D:\windows\system32\dumprep 0 -k []
"adm_tray.exe"=D:\Program Files\Acronis\DriveMonitor\adm_tray.exe [2010-06-04 530768]
"Acronis Scheduler2 Service"=D:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [2009-10-27 365560]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=D:\windows\System32\ctfmon.exe [2002-09-20 13312]
"SpybotSD TeaTimer"=D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

D:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Microsoft Office.lnk - D:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
Ati2evxx.dll []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=91
"NoViewContextMenu"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoViewContextMenu"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2010-07-30 18:53:44 ----D---- D:\Program Files\trend micro
2010-07-30 18:53:43 ----D---- D:\rsit
2010-07-30 18:27:36 ----D---- D:\Program Files\Ultimate Process Manager
2010-07-30 17:27:43 ----A---- D:\windows\System32\drivers\SbFwIm.sys
2010-07-30 17:27:42 ----RA---- D:\windows\System32\drivers\SbFw.sys
2010-07-30 17:27:27 ----D---- D:\Program Files\Sunbelt Software
2010-07-30 17:23:13 ----D---- D:\Documents and Settings\All Users\Data aplikací\Acronis
2010-07-30 17:23:09 ----D---- D:\Program Files\Common Files\Acronis
2010-07-30 17:23:08 ----D---- D:\Program Files\Acronis
2010-07-29 21:12:42 ----D---- D:\windows\Minidump
2010-07-29 19:43:08 ----D---- D:\Program Files\TweakNow RegCleaner
2010-07-29 19:43:08 ----D---- D:\Documents and Settings\Vlk\Data aplikací\TweakNow RegCleaner
2010-07-29 19:33:47 ----D---- D:\Documents and Settings\All Users\Data aplikací\Sun
2010-07-29 19:33:42 ----D---- D:\Program Files\Common Files\Java
2010-07-29 19:33:02 ----A---- D:\windows\System32\javaws.exe
2010-07-29 19:33:02 ----A---- D:\windows\System32\deployJava1.dll
2010-07-29 19:33:01 ----A---- D:\windows\System32\javaw.exe
2010-07-29 19:33:01 ----A---- D:\windows\System32\java.exe
2010-07-29 19:32:30 ----D---- D:\Program Files\Java
2010-07-29 19:31:20 ----D---- D:\Documents and Settings\Vlk\Data aplikací\Sun
2010-07-29 18:22:14 ----D---- D:\Program Files\ICQ6Toolbar
2010-07-29 18:22:11 ----D---- D:\Documents and Settings\All Users\Data aplikací\ICQ
2010-07-29 18:21:46 ----D---- D:\Documents and Settings\Vlk\Data aplikací\ICQ
2010-07-29 18:21:26 ----D---- D:\Program Files\ICQ7.2
2010-07-29 10:18:56 ----A---- D:\windows\System32\drivers\amdide.sys
2010-07-29 09:52:37 ----D---- D:\Program Files\Driver Magician Lite
2010-07-29 09:52:37 ----A---- D:\windows\System32\msvbvm60.dll
2010-07-29 09:49:57 ----D---- D:\windows\System32\appmgmt
2010-07-29 09:33:37 ----A---- D:\windows\System32\drivers\stgswx.sys
2010-07-29 09:01:07 ----D---- D:\Documents and Settings\Vlk\Data aplikací\Macromedia
2010-07-29 09:01:07 ----D---- D:\Documents and Settings\Vlk\Data aplikací\Adobe
2010-07-29 08:52:21 ----D---- D:\Documents and Settings\Vlk\Data aplikací\Malwarebytes
2010-07-29 08:52:17 ----A---- D:\windows\System32\drivers\mbamswissarmy.sys
2010-07-29 08:52:16 ----D---- D:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-07-29 08:52:15 ----D---- D:\Program Files\Malwarebytes' Anti-Malware
2010-07-29 08:52:15 ----A---- D:\windows\System32\drivers\mbam.sys
2010-07-29 08:40:47 ----A---- D:\windows\System32\SVKP.sys
2010-07-29 08:40:43 ----D---- D:\Program Files\Disk Medic
2010-07-29 08:31:11 ----D---- D:\Program Files\Spybot - Search & Destroy
2010-07-29 08:31:11 ----D---- D:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-07-29 08:23:35 ----D---- D:\WUTemp
2010-07-29 08:23:31 ----A---- D:\windows\System32\iuengine.dll
2010-07-29 07:44:21 ----A---- D:\windows\System32\drivers\aswSP.sys
2010-07-29 07:44:19 ----A---- D:\windows\System32\drivers\aswRdr.sys
2010-07-29 07:44:18 ----A---- D:\windows\System32\drivers\aswTdi.sys
2010-07-29 07:44:15 ----A---- D:\windows\System32\drivers\aswmon2.sys
2010-07-29 07:44:15 ----A---- D:\windows\System32\drivers\aswmon.sys
2010-07-29 07:44:15 ----A---- D:\windows\System32\drivers\aavmker4.sys
2010-07-29 07:43:50 ----A---- D:\windows\System32\aswBoot.exe
2010-07-29 07:43:34 ----D---- D:\Program Files\Alwil Software
2010-07-29 07:43:34 ----D---- D:\Documents and Settings\All Users\Data aplikací\Alwil Software
2010-07-29 07:38:30 ----D---- D:\windows\LastGood
2010-07-29 07:35:04 ----D---- D:\Program Files\CCleaner

======List of files/folders modified in the last 1 months======

2010-07-30 18:53:44 ----RD---- D:\Program Files
2010-07-30 18:41:38 ----D---- D:\windows\Prefetch
2010-07-30 18:28:43 ----D---- D:\windows\System32\CatRoot2
2010-07-30 17:45:30 ----D---- D:\windows\Temp
2010-07-30 17:30:46 ----D---- D:\windows\Debug
2010-07-30 17:28:08 ----A---- D:\windows\SchedLgU.Txt
2010-07-30 17:27:55 ----SHD---- D:\windows\Installer
2010-07-30 17:27:47 ----HD---- D:\windows\inf
2010-07-30 17:27:43 ----D---- D:\windows\System32\drivers
2010-07-30 17:27:42 ----D---- D:\windows\system32
2010-07-30 17:23:14 ----D---- D:\windows\WinSxS
2010-07-30 17:23:09 ----D---- D:\Program Files\Common Files
2010-07-30 06:46:08 ----D---- D:\windows\System32\ReinstallBackups
2010-07-30 06:43:54 ----HD---- D:\Program Files\InstallShield Installation Information
2010-07-29 21:12:43 ----D---- D:\WINDOWS
2010-07-29 20:07:02 ----D---- D:\Program Files\Registrar Registry Manager
2010-07-29 19:57:26 ----D---- D:\windows\System32\config
2010-07-29 19:50:28 ----D---- D:\windows\security
2010-07-29 19:30:20 ----SD---- D:\windows\Downloaded Program Files
2010-07-29 09:50:27 ----A---- D:\windows\System32\PerfStringBackup.INI
2010-07-29 08:23:28 ----HD---- D:\Program Files\WindowsUpdate
2010-07-29 07:44:02 ----D---- D:\Program Files\Common Files\Microsoft Shared
2010-07-29 07:40:58 ----RSHDC---- D:\windows\System32\dllcache

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amdide;amdide; D:\windows\System32\DRIVERS\amdide.sys [2007-10-12 9096]
R1 Aavmker4;avast! Asynchronous Virus Monitor; D:\windows\System32\drivers\Aavmker4.sys [2010-06-28 28880]
R1 AmdK8;AMD Processor Driver; D:\windows\System32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 aswSP;aswSP; D:\windows\System32\drivers\aswSP.sys [2010-06-28 165456]
R1 aswTdi;avast! Network Shield Support; D:\windows\System32\drivers\aswTdi.sys [2010-06-28 46672]
R1 kbdhid;Ovladač klávesnice standardu HID; D:\windows\System32\DRIVERS\kbdhid.sys [2001-10-25 13952]
R1 SbFw;SbFw; D:\windows\system32\drivers\SbFw.sys [2008-07-16 269736]
R1 sbhips;Sunbelt HIPS Driver; D:\windows\system32\drivers\sbhips.sys [2008-06-21 66600]
R2 aswMon2;aswMon2; D:\windows\System32\drivers\aswMon2.sys [2010-06-28 100176]
R2 SVKP;SVKP; \??\D:\windows\System32\SVKP.sys []
R3 aswRdr;aswRdr; D:\windows\System32\drivers\aswRdr.sys [2010-06-28 23376]
R3 hidusb;Ovladač třídy standardu HID; D:\windows\System32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 mouhid;Ovladač myši standardu HID; D:\windows\System32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; D:\windows\System32\DRIVERS\Rtenicxp.sys [2007-02-06 90880]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport; D:\windows\System32\DRIVERS\sbfwim.sys [2008-06-21 65576]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; D:\windows\System32\DRIVERS\usbccgp.sys [2002-08-29 28160]
R3 usbprint;Třída USB Printer; D:\windows\System32\DRIVERS\usbprint.sys [2002-08-29 24960]
S3 ati2mtag;ati2mtag; D:\windows\System32\DRIVERS\ati2mtag.sys []
S3 GMSIPCI;GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS []
S3 rrSpy;rrSpy; D:\windows\system32\drivers\rrSpy.sys []
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; D:\windows\System32\DRIVERS\USBSTOR.SYS [2002-08-29 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcrSch2Svc;Acronis Scheduler2 Service; D:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2009-10-27 660504]
R2 avast! Antivirus;avast! Antivirus; D:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
R2 ICQ Service;ICQ Service; D:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-06-21 246584]
R2 JavaQuickStarterService;Java Quick Starter; D:\Program Files\Java\jre6\bin\jqs.exe [2010-07-29 153376]
R2 SbPF.Launcher;SbPF.Launcher; D:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-07-30 95528]
R2 SPF4;Sunbelt Personal Firewall 4; D:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-07-30 1361192]
S2 Ati HotKey Poller;Ati HotKey Poller; D:\windows\System32\Ati2evxx.exe []
S3 avast! Mail Scanner;avast! Mail Scanner; D:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
S3 avast! Web Scanner;avast! Web Scanner; D:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]

-----------------EOF-----------------

Odinstalujte vsechny emulatory virtualnich jednotek (Deamon Tools, Alcohol 120%, PowerISO apod)

Stahnete SPTD http://www.duplexsecure.com/en/downloads

Vyberte z uvedene stranky verzi dle sveho operacniho systemu (32(x86)bit ci 64(x64)bit)
Ulozte na plochu a spustte
Zvolte moznost Uninstall a restartujte PC - pokud nepujde kliknout (tlacitko bude sede), krok preskocte

Stahnete Defogger http://www.jpshortstuff.247fixes.com/Defogger.exe

Ulozte na plochu a spustte
Kliknete na Disable a restartujte PC - pokud nepujde kliknout (tlacitko bude sede), krok preskocte

Stahnete MBR na plochu http://www2.gmer.net/mbr/mbr.exe

Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R

Vyskoci na Vas okenko, do ktereho zkopirujte text nize
Kód: Vybrat vše
```
"%userprofile%\plocha\mbr" -t
```
Kliknete na OK
Na plose se Vam vytvori log s nazvem mbr.txt, jeho obsah mi sem vlozte

Dejte logy z Gmeru - viz muj podpis

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys amdide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK

Tak a ted gmer

Jeste takova drobnost ne-li spise podstatna vec. Kdyz jste se do XPecek nedostal tak jak jste z nich dostal ten RSIT

Pokud je disk jen pripojen do jineho PC a je na nem udelan RSIT, tak z nej nic nevyctem - dela sken beziciho systemu...

disk jen pripojen do jineho PC, mate pravdu

Ale jen jako vedlejsi, system z nej nebezi ze

Tudiz testujeme zdrave PC

Samozrejme jej dokoncime a na ty poskozene XP bychom koukli pak...

Ovsem kdyz popisujete v jakem sjou stavu, tak bych zazalohoval dulezita data, zkusil opravnou instalaci a pak reinstal ci spise bych zakoupil W7 a XPecka bych tam uz necpal...

JJ ,už to tak bude. Gmer beží už hodinu a pořád to nebere konce. Z napadeného HD potřebuji jen pár věcí co mám na ploše, ale nejde se tam dostat (háže mi to přístup odepřen)

jinak bych to celé zformátoval..

Riff ma v navodu na gmer par minut, ale muze trvat i hodiny - "rekord" mam u uzivatele 4,5 hodiny

K datum v uzivatelskych uctech (plocha, dokumenty) se dostava velmi tezko, ne-li je to nemozne, prave diky tomu pristupu ze je to ucet pro uzivatele a jen on tam na nem ma co pohledavat, vas to bere jako ciziho....

VIRY.CZ

Prosím o kontrolu logu

Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu