VIRY.CZ

Dobry den nevim co si pocit a tak prosim o radu...
mam tady napadene PC wirem Malware protection a blokuje to snad uz skoro vsechny programy.
zkousel jsem udelat logy ale nejde ( combofix,RSIT)
PC nejde spustit v nozovem rezimu nebot se restartuje pri nacitani.
antivir na PC je Avast ale se zastaralou databazi :-/ kdyz dam kontrolu disků po restartu PC tak kontrola nedobehne protoze se PC restartuje.... dekuji predem za rady.

ahoj,
ak sa nedostanes ani do nudzoveho rezimu, tak pouzi bootCD http://www.viry.cz/forum/viewtopic.php?f=29&t=66880 vyber necham na Teba

dekuji za odpoved.. ted uz jsem se dostal konecne do nouzoveho rezimu a udelal jsem log...prosim tedy o kontrolu logu.. tady je,,, moc dekuji...

Logfile of random's system information tool 1.08 (written by random/random)
Run by Administrator at 2011-06-03 01:06:32
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 890 MB (1%) free of 148 GB
Total RAM: 1977 MB (88% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-01 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-01-01 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-06-17 150040]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-06-17 170520]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-06-17 141848]
"AzMixerSel"=C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe [2006-07-17 53248]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-02-22 1032192]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-05-16 16862720]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2008-06-09 870920]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2009-12-21 39424]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-21 30192]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2010-01-01 149280]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-06-03 1144104]
"Imukogoloputu"=C:\WINDOWS\ujuzocij.dll [2004-08-17 372736]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-06-11 212992]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SMR162]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SMR162.SYS]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Google\Google Earth\client\googleearth.exe"="C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"

======List of files/folders created in the last 1 months======

2011-06-05 22:17:07 ----D---- C:\WINDOWS\system32\LogFiles
2011-06-03 01:06:33 ----D---- C:\Program Files\trend micro
2011-06-03 01:06:31 ----D---- C:\rsit
2011-06-03 01:04:24 ----ASH---- C:\pagefile.sys
2011-06-02 19:00:20 ----SD---- C:\32788R22FWJFW
2011-06-02 18:59:57 ----SD---- C:\ComboFix
2011-06-02 18:17:02 ----D---- C:\Documents and Settings\Administrator\Data aplikací\WinRAR
2011-06-02 17:51:53 ----A---- C:\Boot.bak
2011-06-02 17:51:48 ----RASHD---- C:\cmdcons
2011-06-02 17:50:11 ----A---- C:\WINDOWS\zip.exe
2011-06-02 17:50:11 ----A---- C:\WINDOWS\SWXCACLS.exe
2011-06-02 17:50:11 ----A---- C:\WINDOWS\SWSC.exe
2011-06-02 17:50:11 ----A---- C:\WINDOWS\SWREG.exe
2011-06-02 17:50:11 ----A---- C:\WINDOWS\sed.exe
2011-06-02 17:50:11 ----A---- C:\WINDOWS\PEV.exe
2011-06-02 17:50:11 ----A---- C:\WINDOWS\NIRCMD.exe
2011-06-02 17:50:11 ----A---- C:\WINDOWS\MBR.exe
2011-06-02 17:50:11 ----A---- C:\WINDOWS\grep.exe
2011-06-02 17:50:00 ----D---- C:\WINDOWS\ERDNT
2011-06-02 04:34:04 ----D---- C:\Qoobox
2011-05-31 04:19:51 ----SHD---- C:\WINDOWS\CSC
2011-05-31 04:19:46 ----A---- C:\WINDOWS\ntbtlog.txt
2011-05-31 04:04:02 ----A---- C:\Documents and Settings\All Users\Data aplikací\defender.exe
2011-05-31 04:04:02 ----A---- C:\Documents and Settings\All Users\Data aplikací\C87F.tmp
2011-05-31 04:04:02 ----A---- C:\Documents and Settings\All Users\Data aplikací\86D8.tmp
2011-05-31 04:04:02 ----A---- C:\Documents and Settings\All Users\Data aplikací\78DE.tmp
2011-05-31 04:04:02 ----A---- C:\Documents and Settings\All Users\Data aplikací\5FF7.tmp
2011-05-31 00:02:03 ----A---- C:\Documents and Settings\All Users\Data aplikací\mgrparseboot.exe
2011-05-30 23:52:59 ----D---- C:\Adobe
2011-05-28 22:22:09 ----D---- C:\Documents and Settings\All Users\Data aplikací\Easybits GO

======List of files/folders modified in the last 1 months======

2011-06-11 02:23:41 ----D---- C:\Program Files\Mozilla Firefox
2011-06-05 20:51:44 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-06-03 01:06:34 ----D---- C:\WINDOWS\Temp
2011-06-03 01:06:33 ----RD---- C:\Program Files
2011-06-02 18:44:28 ----D---- C:\WINDOWS\system32\drivers
2011-06-02 18:09:56 ----D---- C:\WINDOWS\system32\CatRoot2
2011-06-02 18:09:06 ----D---- C:\Documents and Settings\All Users\Data aplikací\Norton
2011-06-02 17:51:53 ----RASH---- C:\boot.ini
2011-06-02 17:50:11 ----D---- C:\WINDOWS
2011-06-02 03:38:58 ----D---- C:\Documents and Settings
2011-06-02 03:30:08 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-05-31 04:16:57 ----D---- C:\WINDOWS\system32
2011-05-31 04:04:13 ----D---- C:\WINDOWS\Prefetch
2011-05-30 22:54:45 ----D---- C:\WINDOWS\system32\ReinstallBackups
2011-05-30 03:33:46 ----D---- C:\WINDOWS\system32\drivers\etc
2011-05-29 20:40:47 ----SHD---- C:\WINDOWS\Installer
2011-05-16 01:31:34 ----D---- C:\WINDOWS\Minidump

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-04-27 45648]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-04 8832]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\WINDOWS\system32\DRIVERS\DKbFltr.sys [2006-01-20 17408]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 O2MDRDR;O2MDRDR; C:\WINDOWS\system32\DRIVERS\o2media.sys [2008-05-13 51288]
R3 O2SDRDR;O2SDRDR; C:\WINDOWS\system32\DRIVERS\o2sd.sys [2008-06-12 43608]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2008-02-22 222400]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S0 SMR162;Symantec SMR Utility Service 1.6.2; C:\WINDOWS\System32\drivers\SMR162.SYS []
S0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-12-25 691696]
S1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
S1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-09-15 114768]
S1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
S1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-17 39936]
S2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
S2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-09-15 94160]
S2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
S3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athw.sys [2008-04-08 1309504]
S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
S3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2008-03-19 175104]
S3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2009-12-23 539072]
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2009-12-23 37424]
S3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2009-12-23 876384]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2009-12-23 149123]
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2009-12-23 55352]
S3 btwmodem;Bluetooth Modem; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2009-12-23 37280]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2009-12-23 67960]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-12-22 988800]
S3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-12-22 209664]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-06-11 6021184]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-05-20 4800000]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-03 67584]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2010-01-21 13056]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2010-01-21 20864]
S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2010-01-21 24960]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-04 78464]
S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-12-22 730112]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
S2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2007-04-01 273256]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-06-14 136176]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-01-01 153376]
S2 LGScsiCommandService;LG SCSI command service; C:\WINDOWS\system32\LGScsiCommandService.exe [2010-04-12 47616]
S2 o2flash;O2Micro Flash Memory Card Service; C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe [2007-02-12 65536]
S2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-21 30192]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-06-14 136176]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------

ComboFix 11-06-01.07 - Administrator 03.06.2011 1:40.2.2 - x86 MINIMAL
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Předchozí spuštění -------
.
c:\documents and settings\All Users\Data aplikací\5FF7.tmp
c:\documents and settings\All Users\Data aplikací\78DE.tmp
c:\documents and settings\All Users\Data aplikací\86D8.tmp
c:\documents and settings\All Users\Data aplikací\C87F.tmp
c:\documents and settings\All Users\Data aplikací\defender.exe
c:\documents and settings\Erunis\Data aplikací\1E905CF431FD4FC5FC53ADA3073153F0
c:\documents and settings\Erunis\Data aplikací\1E905CF431FD4FC5FC53ADA3073153F0\enemies-names.txt
c:\documents and settings\Erunis\Data aplikací\1E905CF431FD4FC5FC53ADA3073153F0\local.ini
c:\documents and settings\Erunis\Data aplikací\1E905CF431FD4FC5FC53ADA3073153F0\lss700dbgg.exe
c:\documents and settings\Erunis\Data aplikací\1E905CF431FD4FC5FC53ADA3073153F0\upd_debug.exe
c:\documents and settings\Erunis\Data aplikací\Adobe\plugs
c:\documents and settings\Erunis\Data aplikací\Adobe\shed
c:\documents and settings\Erunis\Data aplikací\PriceGong
c:\documents and settings\Erunis\Data aplikací\PriceGong\Data\1.xml
c:\documents and settings\Erunis\Data aplikací\PriceGong\Data\a.xml
c:\documents and settings\Erunis\Data aplikací\PriceGong\Data\b.xml
c:\documents and settings\Erunis\Data aplikací\PriceGong\Data\c.xml
c:\documents and settings\Erunis\Data aplikací\PriceGong\Data\d.xml
c:\documents and settings\Erunis\Data aplikací\PriceGong\Data\e.xml
c:\documents and settings\Erunis\Data aplikací\PriceGong\Data\f.xml
c:\documents and settings\Erunis\Data aplikací\PriceGong\Data\g.xml
c:\documents and settings\Erunis\Data aplikací\PriceGong\Data\h.xml
c:\documents and settings\Erunis\Data aplikací\PriceGong\Data\i.xml
c:\documents and settings\Erunis\Data aplikací\PriceGong\Data\J.xml
c:\documents and settings\Erunis\Data aplikací\PriceGong\Data\k.xml
c:\documents and settings\Erunis\Data aplikací\PriceGong\Data\l.xml
c:\documents and settings\Erunis\Data aplikací\PriceGong\Data\m.xml
c:\documents and settings\Erunis\Data aplikací\PriceGong\Data\mru.xml
c:\documents and settings\Erunis\Data aplikací\PriceGong\Data\n.xml
c:\documents and settings\Erunis\Data aplikací\PriceGong\Data\o.xml
c:\documents and settings\Erunis\Data aplikací\PriceGong\Data\p.xml
c:\documents and settings\Erunis\Data aplikací\PriceGong\Data\q.xml
c:\documents and settings\Erunis\Data aplikací\PriceGong\Data\r.xml
c:\documents and settings\Erunis\Data aplikací\PriceGong\Data\s.xml
c:\documents and settings\Erunis\Data aplikací\PriceGong\Data\t.xml
c:\documents and settings\Erunis\Data aplikací\PriceGong\Data\u.xml
c:\documents and settings\Erunis\Data aplikací\PriceGong\Data\v.xml
c:\documents and settings\Erunis\Data aplikací\PriceGong\Data\w.xml
c:\documents and settings\Erunis\Data aplikací\PriceGong\Data\x.xml
c:\documents and settings\Erunis\Data aplikací\PriceGong\Data\y.xml
c:\documents and settings\Erunis\Data aplikací\PriceGong\Data\z.xml
c:\documents and settings\Erunis\Local Settings\Data aplikací\{1452B0C7-9A9A-4FE1-A0D9-DAF95680DD06}
c:\documents and settings\Erunis\Local Settings\Data aplikací\{1452B0C7-9A9A-4FE1-A0D9-DAF95680DD06}\chrome.manifest
c:\documents and settings\Erunis\Local Settings\Data aplikací\{1452B0C7-9A9A-4FE1-A0D9-DAF95680DD06}\chrome\content\_cfg.js
c:\documents and settings\Erunis\Local Settings\Data aplikací\{1452B0C7-9A9A-4FE1-A0D9-DAF95680DD06}\chrome\content\overlay.xul
c:\documents and settings\Erunis\Local Settings\Data aplikací\{1452B0C7-9A9A-4FE1-A0D9-DAF95680DD06}\install.rdf
c:\documents and settings\NetworkService\Local Settings\Data aplikací\ata.exe
c:\windows\mpicshsr.dll
c:\windows\ujuzocij.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-05-02 do 2011-06-02 )))))))))))))))))))))))))))))))
.
.
2011-06-05 20:17 . 2011-06-05 20:17 -------- d-----w- c:\windows\system32\LogFiles
2011-06-04 19:16 . 2004-08-17 13:49 25600 ----a-w- c:\documents and settings\LocalService\Data aplikací\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2011-06-02 23:06 . 2011-06-02 23:06 -------- d-----w- c:\program files\trend micro
2011-06-02 23:06 . 2011-06-02 23:06 -------- d-----w- C:\rsit
2011-06-02 01:38 . 2011-06-02 02:33 -------- d-----w- c:\documents and settings\Administrator
2011-05-31 23:35 . 2011-06-01 18:21 -------- d-----w- c:\documents and settings\Erunis\Local Settings\Data aplikací\NPE
2011-05-31 02:18 . 2011-05-31 02:18 -------- d-----r- c:\documents and settings\LocalService\Oblíbené položky
2011-05-30 22:02 . 2011-05-30 22:02 181760 ----a-w- c:\documents and settings\All Users\Data aplikací\mgrparseboot.exe
2011-05-30 21:52 . 2011-05-30 21:52 -------- d-----w- C:\Adobe
2011-05-30 21:18 . 2011-05-30 21:18 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2011-05-30 01:35 . 2011-06-01 23:31 0 ----a-w- c:\windows\Bxudexuguje.bin
2011-05-28 20:22 . 2011-06-02 01:17 -------- d-----w- c:\documents and settings\Erunis\Data aplikací\go
2011-05-28 20:22 . 2011-06-02 01:17 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Easybits GO
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-21 19:00 . 2009-12-23 21:05 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-17 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-17 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-17 141848]
"AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-17 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-22 1032192]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-06-09 870920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-12-21 39424]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-21 30192]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-01 149280]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 SMR162;Symantec SMR Utility Service 1.6.2;c:\windows\System32\drivers\SMR162.SYS [x]
R1 aswSP;avast! Self Protection; [x]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-14 136176]
R2 LGScsiCommandService;LG SCSI command service;c:\windows\system32\LGScsiCommandService.exe [2010-04-12 47616]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-21 30192]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-14 136176]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-25 691696]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-05-13 51288]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2008-06-12 43608]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MDMXSDK
.
Obsah adresáře 'Naplánované úlohy'
.
2011-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-14 18:16]
.
2011-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-14 18:16]
.
.
------- Doplňkový sken -------
.
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath -
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-Imukogoloputu - c:\windows\ujuzocij.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-03 01:46
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Hitachi_HTS543232L9A300 rev.FB4OC40C -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
error: Read Zařízení připojené k systému nefunguje.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A54553B
\Driver\atapi -> 0x8a6e81f8
user & kernel MBR OK
.
**************************************************************************
.
Celkový čas: 2011-06-03 01:48:21
ComboFix-quarantined-files.txt 2011-06-02 23:48
.
Před spuštěním: 2 402 934 784
Po spuštění: 2 360 459 264
.
- - End Of File - - 63D1253797D41B82DD1E749ABDD8063F

spust detector http://www.greatis.com/unhackme/tdl-roo ... tector.htm

se omlouvam ale nevim jak s timto programem vubec zachazet:-/

ked to spustis, tak Ti po par sekundach napise bud "you are clean ,,,," alebo "TDL Rootkit Detected"
co napisalo Tebe

spustil jsem ten detector a po prozkoumani nasel ten malware ale nedokaze ho odstranit..pise ze potrebuje pro odstraneni- regrun warrior ... nevite kde ho stahnout free?:-)

Zdravim a pekny den preji

Omlouvam se kolegovi za vstup

Stahnete si TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe

Utilitu spustte a prikazte ji, at skenuje - klik na Start Scan
Pokud utilita najde infikekci, bude ji chtit lecit (Cure), povolte leceni kliknutim na Continue
Pokud utilita najde podezrely soubor (suspicious), bude jej chtit preskocit (Skip), povolte preskoceni kliknutim na Continue
Po dokonceni skenu bude mozna nutny restart PC, povolte jej kliknutim na Reboot now
Po restartu na Vas vyskoci log, pokud se tak nestane, najdete jej primo na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt - jeho obsah sem vlozte
Pokud restart nebude vyzadovan, kliknete na Close a nasledne na Report - vytvori se log - jeho obsah sem vlozte

super:-) diky moc za pomoc snad pujde smazat tu svinu:-)

2011/06/06 02:34:04.0578 0620 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/06/06 02:34:06.0578 0620 ================================================================================
2011/06/06 02:34:06.0578 0620 SystemInfo:
2011/06/06 02:34:06.0578 0620
2011/06/06 02:34:06.0578 0620 OS Version: 5.1.2600 ServicePack: 2.0
2011/06/06 02:34:06.0578 0620 Product type: Workstation
2011/06/06 02:34:06.0578 0620 ComputerName: DENISA
2011/06/06 02:34:06.0578 0620 UserName: Administrator
2011/06/06 02:34:06.0578 0620 Windows directory: C:\WINDOWS
2011/06/06 02:34:06.0578 0620 System windows directory: C:\WINDOWS
2011/06/06 02:34:06.0578 0620 Processor architecture: Intel x86
2011/06/06 02:34:06.0578 0620 Number of processors: 2
2011/06/06 02:34:06.0578 0620 Page size: 0x1000
2011/06/06 02:34:06.0578 0620 Boot type: Safe boot with network
2011/06/06 02:34:06.0578 0620 ================================================================================
2011/06/06 02:34:08.0093 0620 Initialize success
2011/06/06 02:34:16.0906 3952 ================================================================================
2011/06/06 02:34:16.0906 3952 Scan started
2011/06/06 02:34:16.0906 3952 Mode: Manual;
2011/06/06 02:34:16.0906 3952 ================================================================================
2011/06/06 02:34:21.0000 3952 ACPI (fa2fbcda96d2385f773b059fe5a125a6) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/06 02:34:21.0328 3952 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/06/06 02:34:21.0875 3952 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
2011/06/06 02:34:22.0265 3952 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
2011/06/06 02:34:24.0406 3952 AR5416 (0297af4b89769159058b996c21218421) C:\WINDOWS\system32\DRIVERS\athw.sys
2011/06/06 02:34:25.0593 3952 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/06 02:34:26.0031 3952 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/06 02:34:26.0656 3952 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/06 02:34:27.0062 3952 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/06 02:34:27.0468 3952 b57w2k (559ddda2c88459478056174247706deb) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2011/06/06 02:34:28.0015 3952 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/06 02:34:28.0578 3952 btaudio (ecdc40cc54603c711e1a7a1c9255184a) C:\WINDOWS\system32\drivers\btaudio.sys
2011/06/06 02:34:29.0281 3952 BTDriver (58a49bd10e08d3d4333a60dedcb1ced8) C:\WINDOWS\system32\DRIVERS\btport.sys
2011/06/06 02:34:30.0015 3952 BTKRNL (885b6d0f826a216eee4c3ad883809012) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
2011/06/06 02:34:31.0000 3952 BTWDNDIS (b1d350f3f13cf340fce93912d2ba1ebf) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
2011/06/06 02:34:31.0359 3952 btwhid (e48668b4a6a5cf68b33aecad18ee8e1e) C:\WINDOWS\system32\DRIVERS\btwhid.sys
2011/06/06 02:34:31.0812 3952 btwmodem (8bcd7bfe9c70a8ff7444263435b18aa1) C:\WINDOWS\system32\DRIVERS\btwmodem.sys
2011/06/06 02:34:32.0187 3952 BTWUSB (57e91e9925976bbc98984eebaaf1d84c) C:\WINDOWS\system32\Drivers\btwusb.sys
2011/06/06 02:34:32.0593 3952 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/06 02:34:33.0125 3952 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/06/06 02:34:33.0750 3952 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/06 02:34:34.0078 3952 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/06 02:34:34.0437 3952 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/06 02:34:35.0234 3952 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/06/06 02:34:35.0953 3952 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/06/06 02:34:37.0312 3952 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/06 02:34:37.0609 3952 DKbFltr (060db81dfb79c8244eb65d10b6c7873f) C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
2011/06/06 02:34:38.0343 3952 dmboot (e1968edec81c430108feb23ab07bdb14) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/06 02:34:39.0078 3952 dmio (1b1520a82e396e46b9ae9fa6b03ff6c6) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/06 02:34:39.0375 3952 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/06 02:34:39.0812 3952 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/06 02:34:40.0328 3952 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/06 02:34:40.0656 3952 eamon (59d9e5dbcfef1e0e3dbac1b55c718f2d) C:\WINDOWS\system32\DRIVERS\eamon.sys
2011/06/06 02:34:41.0093 3952 ehdrv (3bd67a869964bf57266cbbd1dca38c6a) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
2011/06/06 02:34:41.0500 3952 epfwtdir (aa0af2830fc14ffd7e80611614ecac74) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
2011/06/06 02:34:41.0953 3952 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/06 02:34:42.0281 3952 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
2011/06/06 02:34:42.0593 3952 Fips (266dab58619b17bdf37fabbd48d875ca) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/06 02:34:43.0078 3952 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/06/06 02:34:43.0468 3952 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/06/06 02:34:43.0953 3952 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/06 02:34:44.0359 3952 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/06 02:34:44.0875 3952 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/06 02:34:45.0281 3952 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/06/06 02:34:46.0203 3952 HSFHWAZL (6a5c4732d6803f84e2987edd8e4359ce) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2011/06/06 02:34:47.0140 3952 HSF_DPV (21c31273c6cc4826e74be8ae3b09d4a8) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/06/06 02:34:48.0312 3952 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/06 02:34:49.0562 3952 i8042prt (0f42de9909b5dbf2c48dd1a79d491af5) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/06 02:34:52.0437 3952 ialm (b2768350bb50469aeb1afe694372b613) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/06/06 02:34:55.0359 3952 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/06 02:34:57.0828 3952 IntcAzAudAddService (19afbb8427ce65042599555e578170df) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/06/06 02:35:00.0265 3952 intelppm (10a3ac0f0df720ad3c3fd13861d50eb9) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/06/06 02:35:00.0578 3952 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/06/06 02:35:01.0046 3952 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/06/06 02:35:01.0375 3952 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/06 02:35:01.0812 3952 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/06 02:35:02.0109 3952 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/06 02:35:02.0421 3952 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/06 02:35:02.0843 3952 isapnp (1091528512e4dd7ed5fddcc4df1c53d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/06 02:35:03.0156 3952 Kbdclass (6f877bf8dc01a550cd666f3bedb2213c) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/06 02:35:03.0531 3952 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/06 02:35:04.0000 3952 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/06 02:35:04.0703 3952 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/06/06 02:35:05.0031 3952 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/06 02:35:05.0359 3952 Modem (60210deb037846afe521ebf349964f6b) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/06 02:35:05.0750 3952 Mouclass (b160ec94114715675509115986400fd9) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/06 02:35:06.0015 3952 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/06/06 02:35:06.0343 3952 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/06 02:35:07.0015 3952 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/06 02:35:07.0515 3952 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/06 02:35:07.0921 3952 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/06 02:35:08.0234 3952 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/06 02:35:08.0578 3952 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/06 02:35:08.0937 3952 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/06 02:35:09.0250 3952 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/06 02:35:09.0546 3952 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/06/06 02:35:09.0953 3952 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/06 02:35:10.0281 3952 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/06/06 02:35:10.0687 3952 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/06 02:35:11.0015 3952 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/06/06 02:35:11.0312 3952 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/06 02:35:11.0593 3952 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/06 02:35:12.0000 3952 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/06 02:35:12.0312 3952 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/06 02:35:12.0609 3952 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/06 02:35:13.0031 3952 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/06 02:35:13.0437 3952 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/06 02:35:14.0000 3952 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/06 02:35:14.0296 3952 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/06 02:35:14.0593 3952 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/06 02:35:14.0953 3952 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/06 02:35:15.0296 3952 O2MDRDR (f1072a203fb1e246be62d736a5b88dfd) C:\WINDOWS\system32\DRIVERS\o2media.sys
2011/06/06 02:35:15.0625 3952 O2SDRDR (5472c48f44b49f07b16b421899e550f8) C:\WINDOWS\system32\DRIVERS\o2sd.sys
2011/06/06 02:35:16.0000 3952 Parport (76a18caa2fefb28a4ced38d76837e86e) C:\WINDOWS\system32\drivers\Parport.sys
2011/06/06 02:35:16.0390 3952 Partizan (6ddcf3f801ec15fe698f6a215cf30a1f) C:\WINDOWS\system32\drivers\Partizan.sys
2011/06/06 02:35:16.0843 3952 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/06 02:35:17.0140 3952 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/06 02:35:17.0468 3952 PCI (b7979f37bb7b9df2230046134955e6e7) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/06 02:35:18.0000 3952 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/06/06 02:35:18.0359 3952 Pcmcia (90505755634407d4ef4c6dea60fc1df9) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/06/06 02:35:20.0265 3952 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/06 02:35:20.0578 3952 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/06 02:35:20.0906 3952 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/06 02:35:21.0265 3952 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/06/06 02:35:23.0046 3952 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/06 02:35:23.0390 3952 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/06 02:35:23.0796 3952 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/06 02:35:24.0093 3952 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/06 02:35:24.0484 3952 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/06 02:35:24.0828 3952 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/06 02:35:25.0218 3952 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/06/06 02:35:25.0578 3952 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/06 02:35:26.0046 3952 redbook (aba13d33e1f888c9a68599a48a8840d6) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/06 02:35:26.0390 3952 RegGuard (37ecebdd930395a9c399fb18a3c236d3) C:\WINDOWS\system32\Drivers\regguard.sys
2011/06/06 02:35:26.0859 3952 sdbus (02fc71b020ec8700ee8a46c58bc6f276) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/06/06 02:35:27.0203 3952 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/06 02:35:27.0578 3952 Serial (c1ddbc85251551a840212999da3d95f3) C:\WINDOWS\system32\drivers\Serial.sys
2011/06/06 02:35:28.0031 3952 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/06 02:35:28.0921 3952 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/06/06 02:35:29.0265 3952 SMR162 (c095b3058efd44c9f635c28e64c9c0f1) C:\WINDOWS\system32\drivers\SMR162.SYS
2011/06/06 02:35:29.0984 3952 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/06 02:35:30.0718 3952 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
2011/06/06 02:35:30.0718 3952 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/06/06 02:35:30.0750 3952 sptd - detected LockedFile.Multi.Generic (1)
2011/06/06 02:35:31.0265 3952 sr (a74035ea526db97d9d50d2143a55f5cf) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/06 02:35:31.0921 3952 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/06 02:35:32.0375 3952 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/06/06 02:35:33.0156 3952 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/06 02:35:33.0843 3952 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/06 02:35:36.0312 3952 SynTP (0389b6b5ba4bd0ddf9e1744b6adc8c97) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/06/06 02:35:36.0656 3952 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/06 02:35:37.0406 3952 Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/06 02:35:38.0078 3952 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/06 02:35:38.0484 3952 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/06 02:35:39.0281 3952 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/06 02:35:40.0250 3952 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/06 02:35:41.0234 3952 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/06 02:35:41.0781 3952 usbbus (8ef48ff1c23b1ce6f96d09a45959eb20) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
2011/06/06 02:35:42.0312 3952 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/06 02:35:42.0937 3952 UsbDiag (a0e24c5c2d0cff04bbd3753a72fae80b) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
2011/06/06 02:35:43.0359 3952 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/06 02:35:44.0359 3952 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/06 02:35:44.0796 3952 USBModem (cc09a1132b1f6a8362107cc134e90d0b) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
2011/06/06 02:35:45.0187 3952 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/06/06 02:35:45.0546 3952 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/06 02:35:46.0031 3952 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/06/06 02:35:46.0406 3952 usbvideo (8968ff3973a883c49e8b564200f565b9) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/06/06 02:35:46.0984 3952 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/06/06 02:35:47.0890 3952 VolSnap (cd8cce067f7e9cbd762c00bdddecaa34) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/06 02:35:48.0359 3952 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/06 02:35:49.0531 3952 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/06 02:35:50.0453 3952 winachsf (307d248f97835b6879bdd361086924fe) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/06/06 02:35:51.0343 3952 WmiAcpi (ae2c8544e747c20062db27456ea2d67a) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/06/06 02:35:51.0953 3952 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/06/06 02:35:52.0406 3952 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/06/06 02:35:52.0546 3952 MBR (0x1B8) (fa3e224d531459ed6945202f74c7b075) \Device\Harddisk0\DR0
2011/06/06 02:35:52.0562 3952 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/06/06 02:35:52.0578 3952 MBR (0x1B8) (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk1\DR4
2011/06/06 02:35:52.0609 3952 ================================================================================
2011/06/06 02:35:52.0609 3952 Scan finished
2011/06/06 02:35:52.0609 3952 ================================================================================
2011/06/06 02:35:52.0656 3696 Detected object count: 2
2011/06/06 02:35:52.0656 3696 Actual detected object count: 2
2011/06/06 02:36:01.0406 3696 LockedFile.Multi.Generic(sptd) - User select action: Skip
2011/06/06 02:36:01.0468 3696 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/06/06 02:36:01.0468 3696 \Device\Harddisk0\DR0 - ok
2011/06/06 02:36:01.0468 3696 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/06/06 02:36:06.0218 1480 Deinitialize success

citat:
stáhněte MBR
http://www2.gmer.net/mbr/mbr.exe
-uložte ho na plochu a spusťte
-vytvoří se log s názvem mbr.log, vložte ho zde

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Hitachi_HTS543232L9A300 rev.FB4OC40C -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

Jeste prosim pro muj klid udelejte toto:

Presunte mbr na plochu

Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R

Vyskoci na Vas okenko, do ktereho zkopirujte text nize
Kód: Vybrat vše
```
"%userprofile%\plocha\mbr" -t -s
```
Kliknete na OK
Na plose se Vam vytvori log s nazvem mbr.txt, jeho obsah mi sem vlozte

dekuji za ochotu

)

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Hitachi_HTS543232L9A300 rev.FB4OC40C -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A6EC1F8]<<
_asm { MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX; PUSH 0x8a6ec008; MOV EAX, 0xf74f5fee; CALL EAX; }
1 nt!IofCallDriver[0x804E19BC] -> \Device\Harddisk0\DR0[0x8A62EAB8]
3 CLASSPNP[0xF763805B] -> nt!IofCallDriver[0x804E19BC] -> \Device\Ide\IdeDeviceP0T0L0-3[0x8A6DFD98]
\Driver\atapi[0x8A6E1E38] -> IRP_MJ_CREATE -> 0x8A6EC1F8
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi -> 0x8a6ec1f8
user & kernel MBR OK
Warning: possible MBR rootkit infection !

jeste poprosim o toto

Stahnete SPTD http://www.duplexsecure.com/en/downloads

Vyberte z uvedene stranky verzi dle sveho operacniho systemu (32(x86)bit ci 64(x64)bit)
Ulozte na plochu a spustte
Zvolte moznost Uninstall a restartujte PC - pokud nepujde kliknout (tlacitko bude sede), krok preskocte

Stahnete Defogger http://www.jpshortstuff.247fixes.com/Defogger.exe

Ulozte na plochu a spustte
Kliknete na Disable a restartujte PC - pokud nepujde kliknout (tlacitko bude sede), krok preskocte

Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R

Vyskoci na Vas okenko, do ktereho zkopirujte text nize
Kód: Vybrat vše
```
"%userprofile%\plocha\mbr" -t -s
```
Kliknete na OK
Na plose se Vam vytvori log s nazvem mbr.txt, jeho obsah mi sem vlozte

VIRY.CZ

Malware Protection

Malware Protection

Re: Malware Protection

Re: Malware Protection

Re: Malware Protection

Re: Malware Protection

Re: Malware Protection

Re: Malware Protection

Re: Malware Protection

Re: Malware Protection

Re: Malware Protection

Re: Malware Protection

Re: Malware Protection

Re: Malware Protection

Re: Malware Protection

Re: Malware Protection