Win32/agent.sdg.gen v MBR sektoru disku - prosim o pomoc

Zpráva

MaVolt · #1 Příspěvek od **MaVolt** » 12 zář 2011 20:20

Dobrý den všem,

antivir NOD32 mi hlásí Win32/agent.sdg.gen v 0. a 1.MBR sektoru disku.
Mám dva fyzické disky (C: a D:) a při kontrole bootsektoru se mi vir hlásí na obou discích.
První disk (C:) není problém zformátovat, ale na druhém mám data, o která nechci přijít.
Je nějaké řešení i bez vymazání dat?

Děkuji moc za ochotu.

#2 Příspěvek od **Rudy** » 12 zář 2011 20:43

Zdravím vás!
Nejprve dejte log z RSIT: http://www.viry.cz/forum/viewtopic.php?f=13&t=105895 .

MaVolt · #3 Příspěvek od **MaVolt** » 12 zář 2011 20:46

Zde je:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Marek at 2011-09-12 21:45:27
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 75 GB (65%) free of 114 GB
Total RAM: 1983 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:45:36, on 12.9.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Marek\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\Marek.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: kikin Plugin - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files\kikin\ie_kikin.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Aktualizovat ESET licenci.lnk = C:\Qoobox\Quarantine\C\Program Files\ESET\MiNODLogin\MiNODLogin.exe.vir
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll
O9 - Extra 'Tools' menuitem: My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {377B5106-3B4E-4A2D-8520-8767590CAC86} (SVG Document) - http://download.adobe.com/pub/adobe/mag ... VGView.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 7719 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\HPpromotions journeysoftware.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Marek\Data aplikací\Mozilla\Firefox\Profiles\48o7ee95.default

prefs.js - "browser.startup.homepage" - "http://www.google.cz/"
prefs.js - "extensions.enabledItems" - "{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}:1.1.2, {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2, {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17, {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, jqs@sun.com:1.0, {20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.11"

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{AB2CE124-6272-4b12-94A9-7303C7397BD1}
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
NPOFF12.DLL
nppdf32.DEU
nppdf32.FRA

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\Marek\Data aplikací\Mozilla\Firefox\Profiles\48o7ee95.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b}
{AA994882-F391-4d2e-806F-8908DA4814ED}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2010-09-22 61888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-23 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-18 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]
kikin Plugin - C:\Program Files\kikin\ie_kikin.dll [2010-08-16 799472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-18 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-23 321120]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-06-25 17887232]
"amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2008-07-22 77824]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-08-17 13877248]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Aktualizovat ESET licenci.lnk - C:\Qoobox\Quarantine\C\Program Files\ESET\MiNODLogin\MiNODLogin.exe.vir

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Google\Google SketchUp 6\SketchUp.exe"="C:\Program Files\Google\Google SketchUp 6\SketchUp.exe:*:Enabled:SketchUp Application"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"$INSTDIR\FlvDetector.exe"="C:\Program Files\FlashGet Network\FlashGet 3\FlvDetector.exe:*:Enabled:FGFlvDetector"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.yv12"=DivX.dll
"vidc.VP60"=C:\WINDOWS\system32\vp6vfw.dll
"vidc.VP61"=C:\WINDOWS\system32\vp6vfw.dll
"VIDC.FPS1"=frapsvid.dll
"VIDC.XVID"=xvidvfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll
"vidc.DIVX"=DivX.dll

======List of files/folders created in the last 1 month======

2011-09-12 21:45:27 ----D---- C:\rsit
2011-09-12 21:45:27 ----D---- C:\Program Files\trend micro
2011-09-12 21:04:19 ----A---- C:\MBRWiz.exe
2011-09-12 20:43:00 ----SHD---- C:\RECYCLER
2011-09-12 20:27:08 ----A---- C:\ComboFix.txt
2011-09-12 20:15:23 ----A---- C:\Boot.bak
2011-09-12 20:15:19 ----RASHD---- C:\cmdcons
2011-09-12 20:11:04 ----A---- C:\WINDOWS\zip.exe
2011-09-12 20:11:04 ----A---- C:\WINDOWS\SWXCACLS.exe
2011-09-12 20:11:04 ----A---- C:\WINDOWS\SWSC.exe
2011-09-12 20:11:04 ----A---- C:\WINDOWS\SWREG.exe
2011-09-12 20:11:04 ----A---- C:\WINDOWS\sed.exe
2011-09-12 20:11:04 ----A---- C:\WINDOWS\PEV.exe
2011-09-12 20:11:04 ----A---- C:\WINDOWS\NIRCMD.exe
2011-09-12 20:11:04 ----A---- C:\WINDOWS\MBR.exe
2011-09-12 20:11:04 ----A---- C:\WINDOWS\grep.exe
2011-09-12 20:10:56 ----D---- C:\WINDOWS\ERDNT
2011-09-12 20:10:55 ----D---- C:\ComboFix
2011-09-12 20:10:25 ----D---- C:\Qoobox
2011-09-12 20:10:15 ----D---- C:\32788R22FWJFW
2011-09-12 14:22:03 ----D---- C:\Program Files\Common Files\Symantec Shared
2011-09-12 14:21:58 ----D---- C:\Documents and Settings\All Users\Data aplikací\Norton
2011-09-12 14:21:56 ----D---- C:\Documents and Settings\All Users\Data aplikací\NortonInstaller
2011-09-10 15:58:27 ----D---- C:\Program Files\Ultimate Process Manager
2011-09-09 17:50:43 ----D---- C:\Program Files\Trojan Remover
2011-09-09 17:50:43 ----D---- C:\Documents and Settings\All Users\Data aplikací\Simply Super Software
2011-09-09 11:04:08 ----D---- C:\Program Files\CPUID
2011-09-09 11:04:08 ----A---- C:\WINDOWS\system32\drivers\cpuz135_x32.sys
2011-09-06 20:47:20 ----D---- C:\Program Files\SIW
2011-09-06 15:13:37 ----D---- C:\Documents and Settings\All Users\Data aplikací\SUPERSetup
2011-09-06 14:28:19 ----D---- C:\Documents and Settings\All Users\Data aplikací\STOPzilla!
2011-09-06 13:37:02 ----D---- C:\Documents and Settings\Marek\Data aplikací\PCTools
2011-09-06 13:06:08 ----A---- C:\WINDOWS\system32\drivers\Cat.DB
2011-09-06 13:05:43 ----D---- C:\Program Files\PC Tools Security
2011-09-06 12:09:32 ----D---- C:\Documents and Settings\Marek\Data aplikací\Malwarebytes
2011-09-06 12:09:26 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2011-09-06 11:55:07 ----D---- C:\Documents and Settings\All Users\Data aplikací\PC Tools
2011-08-23 11:41:14 ----D---- C:\Program Files\MikiSoft
2011-08-23 11:28:47 ----D---- C:\Program Files\Tabulky
2011-08-20 15:12:27 ----HDC---- C:\WINDOWS\$NtUninstallWudf01009$
2011-08-20 15:12:00 ----A---- C:\WINDOWS\system32\drivers\usbser.sys
2011-08-20 15:11:40 ----N---- C:\WINDOWS\system32\spmsgXP_2k3.dll
2011-08-20 15:11:39 ----HDC---- C:\WINDOWS\$NtUninstallWdf01009$
2011-08-20 15:10:57 ----D---- C:\Documents and Settings\Marek\Data aplikací\Nokia
2011-08-20 15:10:28 ----D---- C:\Program Files\Common Files\PCSuite
2011-08-20 15:10:25 ----D---- C:\Program Files\Common Files\Nokia
2011-08-20 15:10:09 ----D---- C:\Program Files\PC Connectivity Solution
2011-08-20 15:09:51 ----A---- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys
2011-08-20 15:09:50 ----A---- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys
2011-08-20 15:09:48 ----A---- C:\WINDOWS\system32\drivers\ccdcmbo.sys
2011-08-20 15:09:45 ----A---- C:\WINDOWS\system32\wdfcoinstaller01009.dll
2011-08-20 15:09:45 ----A---- C:\WINDOWS\system32\nmwcdcocls.dll
2011-08-20 15:09:45 ----A---- C:\WINDOWS\system32\drivers\ccdcmb.sys
2011-08-20 15:09:45 ----A---- C:\WINDOWS\system32\ccdcmbwu.dll
2011-08-20 15:09:43 ----D---- C:\Program Files\Nokia
2011-08-20 15:09:08 ----D---- C:\Documents and Settings\All Users\Data aplikací\Installations
2011-08-13 10:17:13 ----D---- C:\Program Files\Common Files\Lingea Shared

======List of files/folders modified in the last 1 month======

2011-09-12 21:45:35 ----D---- C:\WINDOWS\Prefetch
2011-09-12 21:45:30 ----D---- C:\WINDOWS\Temp
2011-09-12 21:45:27 ----RD---- C:\Program Files
2011-09-12 21:15:46 ----D---- C:\Documents and Settings\Marek\Data aplikací\GetRightToGo
2011-09-12 20:49:27 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-09-12 20:25:17 ----D---- C:\WINDOWS
2011-09-12 20:25:17 ----A---- C:\WINDOWS\system.ini
2011-09-12 20:25:09 ----D---- C:\WINDOWS\system32\drivers\etc
2011-09-12 20:24:25 ----D---- C:\Program Files\ESET
2011-09-12 20:24:24 ----D---- C:\WINDOWS\system32
2011-09-12 20:24:22 ----D---- C:\WINDOWS\ehome
2011-09-12 20:22:40 ----D---- C:\WINDOWS\system32\drivers
2011-09-12 20:22:40 ----D---- C:\WINDOWS\AppPatch
2011-09-12 20:22:36 ----D---- C:\Program Files\Common Files
2011-09-12 20:19:44 ----D---- C:\WINDOWS\system32\CatRoot2
2011-09-12 20:15:23 ----RASH---- C:\boot.ini
2011-09-12 20:11:03 ----SHD---- C:\System Volume Information
2011-09-12 20:11:03 ----D---- C:\WINDOWS\system32\Restore
2011-09-12 19:52:07 ----D---- C:\Documents and Settings\Marek\Data aplikací\vlc
2011-09-12 18:43:35 ----D---- C:\Documents and Settings\Marek\Data aplikací\Skype
2011-09-12 16:08:20 ----D---- C:\Documents and Settings\Marek\Data aplikací\skypePM
2011-09-12 14:31:34 ----SD---- C:\WINDOWS\Tasks
2011-09-09 18:15:02 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2011-09-09 14:24:29 ----D---- C:\Documents and Settings\Marek\Data aplikací\dvdcss
2011-09-08 14:22:46 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-09-08 14:21:20 ----HD---- C:\WINDOWS\inf
2011-09-07 10:08:12 ----D---- C:\Program Files\PokerStars
2011-09-07 07:46:42 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-09-07 07:45:47 ----HD---- C:\WINDOWS\$hf_mig$
2011-09-06 14:47:03 ----SHD---- C:\WINDOWS\Installer
2011-09-06 14:47:03 ----D---- C:\Config.Msi
2011-09-06 14:45:43 ----D---- C:\WINDOWS\Minidump
2011-09-06 14:10:46 ----D---- C:\Program Files\CCleaner
2011-09-06 13:05:51 ----D---- C:\WINDOWS\WinSxS
2011-09-03 12:17:22 ----A---- C:\WINDOWS\system32\crypt32.dll
2011-08-23 18:12:54 ----A---- C:\WINDOWS\disney.ini
2011-08-23 09:42:01 ----A---- C:\WINDOWS\winamp.ini
2011-08-20 15:12:15 ----D---- C:\Documents and Settings\Marek\Data aplikací\PC Suite
2011-08-20 15:12:12 ----D---- C:\WINDOWS\system32\drivers\UMDF
2011-08-20 15:12:11 ----D---- C:\Documents and Settings\All Users\Data aplikací\PC Suite
2011-08-20 15:10:43 ----DC---- C:\WINDOWS\system32\DRVSTORE
2011-08-19 17:26:30 ----AT---- C:\WINDOWS\system32\SIntfNT.dll
2011-08-19 17:26:30 ----AT---- C:\WINDOWS\system32\SIntf32.dll
2011-08-19 17:26:30 ----AT---- C:\WINDOWS\system32\SIntf16.dll
2011-08-16 14:15:01 ----D---- C:\Documents and Settings\Marek\Data aplikací\Thinstall
2011-08-13 10:16:34 ----D---- C:\Program Files\Lingea

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\WINDOWS\system32\DRIVERS\PxHelp20.sys [2005-01-26 20576]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-10-12 436792]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-07-13 91904]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-05-14 107256]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-05-14 94360]
R1 LUMDriver;LUMDriver; \??\C:\WINDOWS\system32\drivers\LUMDriver.sys []
R2 cpuz135;cpuz135; \??\C:\WINDOWS\system32\drivers\cpuz135_x32.sys []
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-05-14 114472]
R2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R3 AmdLLD;AMD Low Level Device Driver; C:\WINDOWS\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-06-25 5095936]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-18 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-08-17 7729568]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-11-27 58368]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-11-27 19968]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-10-28 47360]
S0 is3srv;is3srv; C:\WINDOWS\system32\drivers\is3srv.sys []
S0 szkg5;szkg5; C:\WINDOWS\system32\DRIVERS\szkg.sys []
S0 szkgfs;szkgfs; C:\WINDOWS\system32\drivers\szkgfs.sys []
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys []
S3 ab9vu2cv;ab9vu2cv; C:\WINDOWS\system32\drivers\ab9vu2cv.sys []
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-06-25 1684736]
S3 catchme;catchme; \??\C:\DOCUME~1\Marek\LOCALS~1\Temp\catchme.sys []
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys []
S3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-08 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-08 21744]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-06-25 1389056]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\WINDOWS\system32\drivers\ccdcmb.sys [2011-05-18 18176]
S3 nmwcdc;Nokia USB Communication Driver; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2011-05-18 23168]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 pfsvgae;pfsvgae; \??\C:\DOCUME~1\Marek\LOCALS~1\Temp\pfsvgae.sys []
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\WINDOWS\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys []
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2011-05-18 8192]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2011-05-18 8192]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CTDevice_Srv;CT Device Query service; C:\Program Files\Creative\Shared Files\CTDevSrv.exe [2007-04-02 61440]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-05-14 731840]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-18 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-08-17 168004]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
R2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2010-03-10 189728]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-05-14 20680]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-01-04 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2011-06-08 633856]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-29 935208]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#4 Příspěvek od **Rudy** » 12 zář 2011 20:52

Nepochlubil jste se, že jste dělal sken ComboFix. Dejte z něj log, najdete ho v C:\combofix.txt. Používání CF laiky, není zrovna bezpečná činnost.

MaVolt · #5 Příspěvek od **MaVolt** » 12 zář 2011 20:56

Rudy píše:Nepochlubil jste se, že jste dělal sken ComboFix. Dejte z něj log, najdete ho v C:\combofix.txt. Používání CF laiky, není zrovna bezpečná činnost.

Zkoušel jsem laicky pár věcí, Combofix dokonce dnes, ale nic z toho nepomohlo

Zde je Combofix log:

ComboFix 11-09-12.02 - Marek 12.09.2011 20:20:03.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1983.1172 [GMT 2:00]
Spuštěný z: c:\documents and settings\Marek\Dokumenty\Sta×enÚ soubory\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Marek\Recent\Mind Reading Secrets Revealed Mind - Ultimate mind reading tricks & mentalism secrets revealed. Perform mind reading tricks like Derren Brown, Criss Angel &.url
c:\documents and settings\Marek\Recent\Silvestr.comicdoc.pif
c:\documents and settings\Marek\WINDOWS
c:\program files\ESET\MiNODLogin
c:\program files\ESET\MiNODLogin\[thread 728 also had an error]
c:\program files\ESET\MiNODLogin\MiNODLogin.exe
c:\program files\ESET\MiNODLogin\MiNODLogin.jar
c:\program files\ESET\MiNODLogin\MiNODLoginLib.dll
c:\program files\ESET\MiNODLogin\MiNODLoginUninst.exe
c:\program files\ESET\MiNODLogin\servidores.xml
c:\windows\ehome\medctrro.exe
c:\windows\IsUn0405.exe
c:\windows\IsUn0407.exe
c:\windows\iun6002.exe
c:\windows\system32\_000011_.tmp.dll
c:\windows\system32\_000012_.tmp.dll
c:\windows\system32\_000013_.tmp.dll
c:\windows\system32\BReWErS.dll
c:\windows\system32\TZLog.log
c:\windows\system32\UNWISE.EXE
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-08-12 do 2011-09-12 )))))))))))))))))))))))))))))))
.
.
2011-09-12 18:10 . 2011-09-12 18:10 -------- d-----w- C:\32788R22FWJFW
2011-09-12 12:22 . 2011-09-12 12:31 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-09-12 12:21 . 2011-09-12 12:31 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Norton
2011-09-12 12:21 . 2011-09-12 12:21 -------- d-----w- c:\program files\NortonInstaller
2011-09-10 13:58 . 2011-09-10 13:58 -------- d-----w- c:\program files\Ultimate Process Manager
2011-09-09 15:50 . 2011-09-09 16:15 -------- d-----w- c:\program files\Trojan Remover
2011-09-09 15:50 . 2011-09-09 15:50 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Simply Super Software
2011-09-09 09:04 . 2011-09-09 09:04 -------- d-----w- c:\program files\CPUID
2011-09-09 09:04 . 2010-11-09 13:35 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x32.sys
2011-09-06 18:47 . 2011-09-06 18:47 -------- d-----w- c:\program files\SIW
2011-09-06 13:13 . 2011-09-06 13:13 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SUPERSetup
2011-09-06 12:28 . 2011-09-06 12:47 -------- d-----w- c:\documents and settings\All Users\Data aplikací\STOPzilla!
2011-09-06 11:37 . 2011-09-06 11:37 -------- d-----w- c:\documents and settings\Marek\Data aplikací\PCTools
2011-09-06 11:05 . 2011-09-06 13:42 -------- d-----w- c:\program files\PC Tools Security
2011-09-06 10:09 . 2011-09-06 10:09 -------- d-----w- c:\documents and settings\Marek\Data aplikací\Malwarebytes
2011-09-06 10:09 . 2011-09-06 10:09 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-09-06 09:55 . 2011-09-06 13:26 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PC Tools
2011-09-05 17:08 . 2011-09-05 17:08 -------- d-----w- c:\documents and settings\Marek\Local Settings\Data aplikací\Unity
2011-09-03 10:17 . 2011-09-03 10:17 602112 -c----w- c:\windows\system32\dllcache\crypt32.dll
2011-08-23 09:41 . 2011-08-23 09:41 -------- d-----w- c:\program files\MikiSoft
2011-08-23 09:28 . 2011-08-23 09:29 -------- d-----w- c:\program files\Tabulky
2011-08-20 13:12 . 2008-04-13 22:15 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2011-08-20 13:12 . 2008-04-13 22:15 26112 ----a-w- c:\windows\system32\drivers\usbser.sys
2011-08-20 13:11 . 2008-11-07 16:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2011-08-20 13:10 . 2011-08-20 13:10 -------- d-----w- c:\documents and settings\Marek\Data aplikací\Nokia
2011-08-20 13:10 . 2011-08-20 13:10 -------- d-----w- c:\program files\Common Files\PCSuite
2011-08-20 13:10 . 2011-08-20 13:10 -------- d-----w- c:\program files\Common Files\Nokia
2011-08-20 13:10 . 2011-08-20 13:10 -------- d-----w- c:\program files\PC Connectivity Solution
2011-08-20 13:09 . 2011-05-18 08:12 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2011-08-20 13:09 . 2011-05-18 08:12 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2011-08-20 13:09 . 2011-05-18 08:12 23168 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2011-08-20 13:09 . 2011-05-18 08:13 123904 ----a-w- c:\windows\system32\ccdcmbwu.dll
2011-08-20 13:09 . 2011-05-18 08:13 605696 ----a-w- c:\windows\system32\nmwcdcocls.dll
2011-08-20 13:09 . 2011-05-18 08:12 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2011-08-20 13:09 . 2011-05-18 08:09 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2011-08-20 13:09 . 2011-08-20 13:10 -------- d-----w- c:\program files\Nokia
2011-08-20 13:09 . 2011-08-20 13:09 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Installations
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-03 10:17 . 2004-08-18 12:00 602112 ----a-w- c:\windows\system32\crypt32.dll
2011-08-19 15:26 . 2009-10-01 15:06 21840 ----atw- c:\windows\system32\SIntfNT.dll
2011-08-19 15:26 . 2009-10-01 15:06 17212 ----atw- c:\windows\system32\SIntf32.dll
2011-08-19 15:26 . 2009-10-01 15:06 12067 ----atw- c:\windows\system32\SIntf16.dll
2011-08-15 19:11 . 2011-05-15 07:18 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29 . 2004-08-18 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2004-08-18 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2009-09-05 16:52 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:31 . 2004-08-18 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:31 . 2004-08-18 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:31 . 2004-08-18 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2004-08-18 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2004-08-18 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-16 13:27 . 2011-04-06 10:20 416 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2011-07-08 07:29 . 2011-07-30 11:14 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]
2010-08-16 19:35 799472 ----a-w- c:\program files\kikin\ie_kikin.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-06-25 17887232]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-17 13877248]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Aktualizovat ESET licenci.lnk - c:\program files\ESET\MiNODLogin\MiNODLogin.exe [N/A]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Google\\Google SketchUp 6\\SketchUp.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"$INSTDIR\\FlvDetector.exe"= c:\\Program Files\\FlashGet Network\\FlashGet 3\\FlvDetector.exe
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"24654:UDP"= 24654:UDP:Enfocus Port
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6.9.2009 0:53 436792]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.5.2009 15:47 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14.5.2009 15:49 94360]
R1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [24.4.2007 17:52 16688]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [9.9.2011 11:04 21992]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14.5.2009 15:47 731840]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys --> c:\windows\system32\drivers\is3srv.sys [?]
S0 szkg5;szkg5;c:\windows\system32\DRIVERS\szkg.sys --> c:\windows\system32\DRIVERS\szkg.sys [?]
S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys --> c:\windows\system32\drivers\szkgfs.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [5.9.2009 19:04 1684736]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [24.12.2009 20:44 36608]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 pfsvgae;pfsvgae;\??\c:\docume~1\Marek\LOCALS~1\Temp\pfsvgae.sys --> c:\docume~1\Marek\LOCALS~1\Temp\pfsvgae.sys [?]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [24.12.2009 20:44 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [24.12.2009 20:44 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [24.12.2009 20:44 121856]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - 20866635
*NewlyCreated* - EECTRL
*Deregistered* - 20866635
.
Obsah adresáře 'Naplánované úlohy'
.
2011-09-12 c:\windows\Tasks\HPpromotions journeysoftware.job
- c:\program files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe [2005-04-22 15:36]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll
TCP: DhcpNameServer = 213.46.172.36 192.168.1.254
DPF: {377B5106-3B4E-4A2D-8520-8767590CAC86} - hxxp://download.adobe.com/pub/adobe/magic/svgviewer/win/3.x/3.03/en/SVGView.exe
FF - ProfilePath - c:\documents and settings\Marek\Data aplikací\Mozilla\Firefox\Profiles\48o7ee95.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
Notify-TPSvc - TPSvc.dll
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Donald Duck - c:\windows\IsUn0405.exe
AddRemove-HASP HL Device Driver - c:\windows\system32\UNWISE.EXE
AddRemove-MiNODLogin - c:\program files\ESET\MiNODLogin\MiNODLoginUninst.exe
AddRemove-{86604C06-DA30-425E-AECE-47304FE81C45} - c:\documents and settings\All Users\Data aplikací\{615DB4DC-B7C1-4125-9858-78EF460B76D2}\setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-12 20:25
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-507921405-616249376-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5F070B20-58BE-2FF7-0087-B673F531FFE0}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iamdmfejibbhpldhbp"=hex:69,61,69,6a,6c,6c,64,63,68,61,66,63,66,6d,6d,63,6b,68,
00,ff
"hacechkkppcolhkl"=hex:69,61,69,6a,6c,6c,64,63,68,61,66,63,66,6d,6d,63,6b,68,
00,ff
"hankcnkohcmojohf"=hex:61,63,63,69,6b,61,6f,69,6b,67,6d,67,6b,66,65,6e,6b,61,
61,69,6e,6d,70,67,63,6c,6b,62,6a,66,63,6d,68,6a,64,6a,63,68,6f,66,6b,6f,61,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5F070B20-58BE-2FF7-0087-B673F531FFE0}\InProcServer32*]
"jageljhejhgbdejflomk"=hex:69,61,69,6a,6c,6c,64,63,68,61,66,63,66,6d,6d,63,6b,
68,00,00
"iagebknffihhlnahlp"=hex:69,61,69,6a,6c,6c,64,63,68,61,66,63,66,6d,6d,63,6b,68,
00,ff
.
Celkový čas: 2011-09-12 20:27:07
ComboFix-quarantined-files.txt 2011-09-12 18:26
.
Před spuštěním: Volných bajtů: 77 283 233 792
Po spuštění: Volných bajtů: 77 667 319 808
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - F3BB02FDC95E8F1AAFB6B637CDC944C9

#6 Příspěvek od **Rudy** » 12 zář 2011 21:43

Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Collect::
c:\docume~1\Marek\LOCALS~1\Temp\pfsvgae.sys

Driver::
pfsvgae
20866635

Regnull::
[HKEY_USERS\S-1-5-21-507921405-616249376-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5F070B20-58BE-2FF7-0087-B673F531FFE0}*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5F070B20-58BE-2FF7-0087-B673F531FFE0}\InProcServer32*]

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

MaVolt · #7 Příspěvek od **MaVolt** » 12 zář 2011 22:03

Provedl jsem, jak jste napsal. Spustil jsem pak NOD a hláška je tam bohužel i nadále.

Tohle je Log:
----------------------------------------------
ComboFix 11-09-12.03 - Marek 12.09.2011 22:47:57.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1983.1317 [GMT 2:00]
Spuštěný z: c:\documents and settings\Marek\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Marek\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\XSxS
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_20866635
-------\Legacy_PFSVGAE
-------\Service_pfsvgae
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-08-12 do 2011-09-12 )))))))))))))))))))))))))))))))
.
.
2011-09-12 19:45 . 2011-09-12 19:52 -------- d-----w- c:\program files\trend micro
2011-09-12 19:45 . 2011-09-12 19:45 -------- d-----w- C:\rsit
2011-09-12 12:22 . 2011-09-12 12:31 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-09-12 12:21 . 2011-09-12 12:31 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Norton
2011-09-10 13:58 . 2011-09-10 13:58 -------- d-----w- c:\program files\Ultimate Process Manager
2011-09-09 15:50 . 2011-09-09 16:15 -------- d-----w- c:\program files\Trojan Remover
2011-09-09 15:50 . 2011-09-09 15:50 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Simply Super Software
2011-09-09 09:04 . 2011-09-09 09:04 -------- d-----w- c:\program files\CPUID
2011-09-09 09:04 . 2010-11-09 13:35 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x32.sys
2011-09-06 18:47 . 2011-09-06 18:47 -------- d-----w- c:\program files\SIW
2011-09-06 13:13 . 2011-09-06 13:13 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SUPERSetup
2011-09-06 12:28 . 2011-09-06 12:47 -------- d-----w- c:\documents and settings\All Users\Data aplikací\STOPzilla!
2011-09-06 11:37 . 2011-09-06 11:37 -------- d-----w- c:\documents and settings\Marek\Data aplikací\PCTools
2011-09-06 11:05 . 2011-09-06 13:42 -------- d-----w- c:\program files\PC Tools Security
2011-09-06 10:09 . 2011-09-06 10:09 -------- d-----w- c:\documents and settings\Marek\Data aplikací\Malwarebytes
2011-09-06 10:09 . 2011-09-06 10:09 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-09-06 09:55 . 2011-09-06 13:26 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PC Tools
2011-09-05 17:08 . 2011-09-05 17:08 -------- d-----w- c:\documents and settings\Marek\Local Settings\Data aplikací\Unity
2011-09-03 10:17 . 2011-09-03 10:17 602112 -c----w- c:\windows\system32\dllcache\crypt32.dll
2011-08-23 09:41 . 2011-08-23 09:41 -------- d-----w- c:\program files\MikiSoft
2011-08-23 09:28 . 2011-08-23 09:29 -------- d-----w- c:\program files\Tabulky
2011-08-20 13:12 . 2008-04-13 22:15 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2011-08-20 13:12 . 2008-04-13 22:15 26112 ----a-w- c:\windows\system32\drivers\usbser.sys
2011-08-20 13:11 . 2008-11-07 16:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2011-08-20 13:10 . 2011-08-20 13:10 -------- d-----w- c:\documents and settings\Marek\Data aplikací\Nokia
2011-08-20 13:10 . 2011-08-20 13:10 -------- d-----w- c:\program files\Common Files\PCSuite
2011-08-20 13:10 . 2011-08-20 13:10 -------- d-----w- c:\program files\Common Files\Nokia
2011-08-20 13:10 . 2011-08-20 13:10 -------- d-----w- c:\program files\PC Connectivity Solution
2011-08-20 13:09 . 2011-05-18 08:12 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2011-08-20 13:09 . 2011-05-18 08:12 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2011-08-20 13:09 . 2011-05-18 08:12 23168 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2011-08-20 13:09 . 2011-05-18 08:13 123904 ----a-w- c:\windows\system32\ccdcmbwu.dll
2011-08-20 13:09 . 2011-05-18 08:13 605696 ----a-w- c:\windows\system32\nmwcdcocls.dll
2011-08-20 13:09 . 2011-05-18 08:12 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2011-08-20 13:09 . 2011-05-18 08:09 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2011-08-20 13:09 . 2011-08-20 13:10 -------- d-----w- c:\program files\Nokia
2011-08-20 13:09 . 2011-08-20 13:09 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Installations
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-03 10:17 . 2004-08-18 12:00 602112 ----a-w- c:\windows\system32\crypt32.dll
2011-08-19 15:26 . 2009-10-01 15:06 21840 ----atw- c:\windows\system32\SIntfNT.dll
2011-08-19 15:26 . 2009-10-01 15:06 17212 ----atw- c:\windows\system32\SIntf32.dll
2011-08-19 15:26 . 2009-10-01 15:06 12067 ----atw- c:\windows\system32\SIntf16.dll
2011-08-15 19:11 . 2011-05-15 07:18 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29 . 2004-08-18 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2004-08-18 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2009-09-05 16:52 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:31 . 2004-08-18 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:31 . 2004-08-18 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:31 . 2004-08-18 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2004-08-18 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2004-08-18 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-16 13:27 . 2011-04-06 10:20 416 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2011-07-08 07:29 . 2011-07-30 11:14 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-09-12_18.25.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-09-12 20:56 . 2011-09-12 20:56 16384 c:\windows\Temp\Perflib_Perfdata_6c0.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]
2010-08-16 19:35 799472 ----a-w- c:\program files\kikin\ie_kikin.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-06-25 17887232]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-17 13877248]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Aktualizovat ESET licenci.lnk - c:\qoobox\Quarantine\C\Program Files\ESET\MiNODLogin\MiNODLogin.exe.vir [2011-7-18 125952]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Google\\Google SketchUp 6\\SketchUp.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"$INSTDIR\\FlvDetector.exe"= c:\\Program Files\\FlashGet Network\\FlashGet 3\\FlvDetector.exe
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"24654:UDP"= 24654:UDP:Enfocus Port
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6.9.2009 0:53 436792]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.5.2009 15:47 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14.5.2009 15:49 94360]
R1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [24.4.2007 17:52 16688]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [9.9.2011 11:04 21992]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14.5.2009 15:47 731840]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys --> c:\windows\system32\drivers\is3srv.sys [?]
S0 szkg5;szkg5;c:\windows\system32\DRIVERS\szkg.sys --> c:\windows\system32\DRIVERS\szkg.sys [?]
S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys --> c:\windows\system32\drivers\szkgfs.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [5.9.2009 19:04 1684736]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [24.12.2009 20:44 36608]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [24.12.2009 20:44 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [24.12.2009 20:44 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [24.12.2009 20:44 121856]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-09-12 c:\windows\Tasks\HPpromotions journeysoftware.job
- c:\program files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe [2005-04-22 15:36]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll
TCP: DhcpNameServer = 213.46.172.36 192.168.1.254
DPF: {377B5106-3B4E-4A2D-8520-8767590CAC86} - hxxp://download.adobe.com/pub/adobe/magic/svgviewer/win/3.x/3.03/en/SVGView.exe
FF - ProfilePath - c:\documents and settings\Marek\Data aplikací\Mozilla\Firefox\Profiles\48o7ee95.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-12 22:56
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(1104)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Creative\Shared Files\CTDevSrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Celkový čas: 2011-09-12 23:00:03 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-09-12 21:00
ComboFix2.txt 2011-09-12 18:27
.
Před spuštěním: Volných bajtů: 78 154 256 384
Po spuštění: Volných bajtů: 78 016 573 440
.
- - End Of File - - 0045D0A0948F79CAF9C9C8912251083E

MaVolt · #8 Příspěvek od **MaVolt** » 13 zář 2011 17:06

Je prosím ještě nějaká naděje na zlikvidování viru nebo mě čeká likvidace dat?

#9 Příspěvek od **Rudy** » 13 zář 2011 17:28

Zkusíme ještě TDSSKiller: http://www.softpedia.com/get/Antivirus/TDSSKiller.shtml . Postupujte podle kolegova návodu:

Utilitu spustte a prikazte ji, at skenuje - klik na Start Scan
Pokud utilita najde infikekci, bude ji chtit lecit (Cure), povolte leceni kliknutim na Continue
Pokud utilita najde podezrely soubor (suspicious), bude jej chtit preskocit (Skip), povolte preskoceni kliknutim na Continue
Po dokonceni skenu bude mozna nutny restart PC, povolte jej kliknutim na Reboot now
Po restartu na Vas vyskoci log, pokud se tak nestane, najdete jej primo na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt - jeho obsah sem vlozte
Pokud restart nebude vyzadovan, kliknete na Close a nasledne na Report - vytvori se log - jeho obsah sem vlozte

MaVolt · #10 Příspěvek od **MaVolt** » 13 zář 2011 17:53

Provedl jsem, restart nevyžadován. Zde je log:

2011/09/13 18:51:38.0383 3324 TDSS rootkit removing tool 2.5.22.0 Sep 13 2011 15:55:17
2011/09/13 18:51:38.0679 3324 ================================================================================
2011/09/13 18:51:38.0679 3324 SystemInfo:
2011/09/13 18:51:38.0679 3324
2011/09/13 18:51:38.0679 3324 OS Version: 5.1.2600 ServicePack: 3.0
2011/09/13 18:51:38.0679 3324 Product type: Workstation
2011/09/13 18:51:38.0679 3324 ComputerName: MAREK-A3C30D064
2011/09/13 18:51:38.0679 3324 UserName: Marek
2011/09/13 18:51:38.0679 3324 Windows directory: C:\WINDOWS
2011/09/13 18:51:38.0679 3324 System windows directory: C:\WINDOWS
2011/09/13 18:51:38.0679 3324 Processor architecture: Intel x86
2011/09/13 18:51:38.0679 3324 Number of processors: 2
2011/09/13 18:51:38.0679 3324 Page size: 0x1000
2011/09/13 18:51:38.0679 3324 Boot type: Normal boot
2011/09/13 18:51:38.0679 3324 ================================================================================
2011/09/13 18:51:39.0851 3324 Initialize success
2011/09/13 18:51:42.0944 2144 ================================================================================
2011/09/13 18:51:42.0944 2144 Scan started
2011/09/13 18:51:42.0944 2144 Mode: Manual;
2011/09/13 18:51:42.0944 2144 ================================================================================
2011/09/13 18:51:44.0241 2144 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/09/13 18:51:44.0288 2144 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/09/13 18:51:44.0381 2144 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/09/13 18:51:44.0444 2144 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/09/13 18:51:44.0616 2144 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
2011/09/13 18:51:44.0678 2144 AmdLLD (ad8fa28d8ed0d0a689a0559085ce0f18) C:\WINDOWS\system32\DRIVERS\AmdLLD.sys
2011/09/13 18:51:44.0819 2144 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/09/13 18:51:44.0881 2144 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/09/13 18:51:45.0131 2144 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/09/13 18:51:45.0272 2144 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/09/13 18:51:45.0334 2144 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/09/13 18:51:45.0412 2144 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/09/13 18:51:45.0475 2144 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/09/13 18:51:45.0522 2144 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/09/13 18:51:45.0569 2144 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/09/13 18:51:45.0709 2144 cpuz135 (c2eb4539a4f6ab6edd01bdc191619975) C:\WINDOWS\system32\drivers\cpuz135_x32.sys
2011/09/13 18:51:45.0803 2144 CrystalSysInfo (f054744f67576a01139885173392502b) C:\Program Files\MediaCoder\SysInfo.sys
2011/09/13 18:51:45.0881 2144 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/09/13 18:51:45.0928 2144 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
2011/09/13 18:51:46.0006 2144 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
2011/09/13 18:51:46.0053 2144 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/09/13 18:51:46.0100 2144 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/09/13 18:51:46.0147 2144 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/09/13 18:51:46.0193 2144 eamon (e31464ce787e3a0ffea55baa591897f0) C:\WINDOWS\system32\DRIVERS\eamon.sys
2011/09/13 18:51:46.0240 2144 ehdrv (2c95a7a87e4272c1fff9baf579677db3) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
2011/09/13 18:51:46.0303 2144 epfwtdir (4699a50183b792d994be657c68f18e9e) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
2011/09/13 18:51:46.0396 2144 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/09/13 18:51:46.0475 2144 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/09/13 18:51:46.0506 2144 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
2011/09/13 18:51:46.0568 2144 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/09/13 18:51:46.0631 2144 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/09/13 18:51:46.0678 2144 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\WINDOWS\system32\FsUsbExDisk.SYS
2011/09/13 18:51:46.0740 2144 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/09/13 18:51:46.0771 2144 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/09/13 18:51:46.0834 2144 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/09/13 18:51:46.0912 2144 Hardlock (d95554949082fd29a04d351b58396718) C:\WINDOWS\system32\drivers\hardlock.sys
2011/09/13 18:51:47.0006 2144 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/09/13 18:51:47.0084 2144 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/09/13 18:51:47.0178 2144 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/09/13 18:51:47.0240 2144 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/09/13 18:51:47.0271 2144 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/09/13 18:51:47.0334 2144 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/09/13 18:51:47.0459 2144 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/09/13 18:51:47.0584 2144 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/09/13 18:51:47.0818 2144 IntcAzAudAddService (512cc914475348d774d1bb9f866396a5) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/09/13 18:51:47.0912 2144 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/09/13 18:51:47.0959 2144 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/09/13 18:51:48.0005 2144 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/09/13 18:51:48.0068 2144 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/09/13 18:51:48.0146 2144 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/09/13 18:51:48.0193 2144 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/09/13 18:51:48.0271 2144 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/09/13 18:51:48.0318 2144 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/09/13 18:51:48.0365 2144 kbdhid (86c8f23616c6c6e5b2776901c17b945b) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/09/13 18:51:48.0427 2144 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/09/13 18:51:48.0474 2144 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/09/13 18:51:48.0552 2144 LUMDriver (ca020db361524d1182138efeaa8cf8f3) C:\WINDOWS\system32\drivers\LUMDriver.sys
2011/09/13 18:51:48.0646 2144 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/09/13 18:51:48.0708 2144 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
2011/09/13 18:51:48.0802 2144 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
2011/09/13 18:51:48.0865 2144 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/09/13 18:51:48.0912 2144 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/09/13 18:51:48.0943 2144 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/09/13 18:51:48.0974 2144 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/09/13 18:51:49.0037 2144 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/09/13 18:51:49.0068 2144 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/09/13 18:51:49.0115 2144 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/09/13 18:51:49.0146 2144 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/09/13 18:51:49.0193 2144 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/09/13 18:51:49.0255 2144 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/09/13 18:51:49.0302 2144 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/09/13 18:51:49.0349 2144 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/09/13 18:51:49.0396 2144 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/09/13 18:51:49.0474 2144 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/09/13 18:51:49.0552 2144 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/09/13 18:51:49.0661 2144 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/09/13 18:51:49.0724 2144 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/09/13 18:51:49.0802 2144 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/09/13 18:51:49.0880 2144 nmwcd (cfe3462a9e94a57dcd9676f6b7fe7f67) C:\WINDOWS\system32\drivers\ccdcmb.sys
2011/09/13 18:51:49.0927 2144 nmwcdc (8f2a94f991f8c73cec26b4b5620d1edc) C:\WINDOWS\system32\drivers\ccdcmbo.sys
2011/09/13 18:51:49.0943 2144 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/09/13 18:51:49.0989 2144 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/09/13 18:51:50.0036 2144 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/09/13 18:51:50.0333 2144 nv (4f15e1e56703f59c0ac00022162e5308) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/09/13 18:51:50.0474 2144 NVENETFD (0ae6258709d58fb53638e8d28f4480d4) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2011/09/13 18:51:50.0521 2144 nvnetbus (1296b33c223a58485d5eaa779752216a) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2011/09/13 18:51:50.0599 2144 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/09/13 18:51:50.0630 2144 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/09/13 18:51:50.0677 2144 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/09/13 18:51:50.0739 2144 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/09/13 18:51:50.0802 2144 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/09/13 18:51:50.0864 2144 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
2011/09/13 18:51:50.0896 2144 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/09/13 18:51:50.0927 2144 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/09/13 18:51:50.0974 2144 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/09/13 18:51:51.0067 2144 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
2011/09/13 18:51:51.0239 2144 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/09/13 18:51:51.0286 2144 Processor (7eb15dce4ec3a0220bd796a15c18186e) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/09/13 18:51:51.0333 2144 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/09/13 18:51:51.0380 2144 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/09/13 18:51:51.0427 2144 PxHelp20 (7c81ae3c9b82ba2da437ed4d31bc56cf) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
2011/09/13 18:51:51.0552 2144 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/09/13 18:51:51.0583 2144 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/09/13 18:51:51.0630 2144 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/09/13 18:51:51.0661 2144 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/09/13 18:51:51.0739 2144 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/09/13 18:51:51.0817 2144 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/09/13 18:51:51.0864 2144 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/09/13 18:51:51.0942 2144 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/09/13 18:51:52.0005 2144 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/09/13 18:51:52.0098 2144 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/09/13 18:51:52.0145 2144 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/09/13 18:51:52.0176 2144 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/09/13 18:51:52.0270 2144 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/09/13 18:51:52.0380 2144 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/09/13 18:51:52.0458 2144 sptd (a199171385be17973fd800fa91f8f78a) C:\WINDOWS\system32\Drivers\sptd.sys
2011/09/13 18:51:52.0536 2144 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: a199171385be17973fd800fa91f8f78a
2011/09/13 18:51:52.0536 2144 sptd - detected LockedFile.Multi.Generic (1)
2011/09/13 18:51:52.0598 2144 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/09/13 18:51:52.0676 2144 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/09/13 18:51:52.0754 2144 ss_bbus (eaa66218cd39f5bb1b4853a78c67c787) C:\WINDOWS\system32\DRIVERS\ss_bbus.sys
2011/09/13 18:51:52.0801 2144 ss_bmdfl (91765f99914ed8693d8bc76524f21581) C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys
2011/09/13 18:51:52.0864 2144 ss_bmdm (840e7b738b03c10ee91d9b7d3d6eff15) C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys
2011/09/13 18:51:52.0989 2144 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/09/13 18:51:53.0067 2144 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/09/13 18:51:53.0239 2144 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/09/13 18:51:53.0332 2144 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/09/13 18:51:53.0395 2144 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/09/13 18:51:53.0473 2144 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/09/13 18:51:53.0536 2144 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/09/13 18:51:53.0676 2144 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/09/13 18:51:53.0754 2144 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/09/13 18:51:53.0832 2144 upperdev (ec01da44b090d2651fc032c8b9257232) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
2011/09/13 18:51:53.0864 2144 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/09/13 18:51:53.0911 2144 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/09/13 18:51:53.0973 2144 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/09/13 18:51:54.0035 2144 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/09/13 18:51:54.0067 2144 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/09/13 18:51:54.0098 2144 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/09/13 18:51:54.0160 2144 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
2011/09/13 18:51:54.0192 2144 UsbserFilt (4abd37cfbd710e64f01f9da8710c73f7) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
2011/09/13 18:51:54.0239 2144 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/09/13 18:51:54.0285 2144 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/09/13 18:51:54.0348 2144 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/09/13 18:51:54.0395 2144 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/09/13 18:51:54.0473 2144 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/09/13 18:51:54.0551 2144 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/09/13 18:51:54.0645 2144 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/09/13 18:51:54.0692 2144 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/09/13 18:51:54.0770 2144 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/09/13 18:51:54.0801 2144 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/09/13 18:51:54.0848 2144 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/09/13 18:51:55.0020 2144 MBR (0x1B8) (9c603bc3977968c891de319283e1e7af) \Device\Harddisk1\DR1
2011/09/13 18:51:55.0129 2144 Boot (0x1200) (5141133a87d35f1d1286b62bcbece1cb) \Device\Harddisk0\DR0\Partition0
2011/09/13 18:51:55.0145 2144 Boot (0x1200) (4a5aee0122ee62d914169a7890cd9ec4) \Device\Harddisk1\DR1\Partition0
2011/09/13 18:51:55.0145 2144 ================================================================================
2011/09/13 18:51:55.0145 2144 Scan finished
2011/09/13 18:51:55.0145 2144 ================================================================================
2011/09/13 18:51:55.0145 2276 Detected object count: 1
2011/09/13 18:51:55.0145 2276 Actual detected object count: 1
2011/09/13 18:51:58.0941 2276 LockedFile.Multi.Generic(sptd) - User select action: Skip

-- Konec logu --

MaVolt · #11 Příspěvek od **MaVolt** » 13 zář 2011 19:11

Naughty píše:zdravím pánové,
já se vetřu, je možnost opravit nultý sektor i datového disku, kde není OS. Jednalo by se o opravu přes HxD z bootCd, kde by se opravilo prvních 440 bytů za null data. Muselo by se opravovat precizně. Ztráta dat hrozí vždy, ono přeci jen se zasahuje do "struktury" disku. Bylo by dobré ověřit i skutečnost, zdali si av nevymýšlí.
edit: omlouvám se za vstup

Žádné vtírání nebo omlouvání, každá pomoc nebo rada je vítaná a vážím si času každého, kdo se mi snaží pomoci. Akorát že vaše rada je pro mě trochu složitá

Ale zaujala mě věta "...ověřit i skutečnost, zdali si av nevymýšlí." - jak bych si mohl ověřit, zda si nevymýšlí?

Ještě jednou díky všem za ochotu pomoci.

MaVolt · #12 Příspěvek od **MaVolt** » 13 zář 2011 19:59

Díky za detailní postup: provedeno, snad správně. Musel jsem si to ale rozděli na fáze

FÁZE 1: Stažení a spuštění OTL s vlastním skenováním

OTL logfile created on: 13.9.2011 20:37:03 - Run 1
OTL by OldTimer - Version 3.2.28.0 Folder = C:\Documents and Settings\Marek\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1,94 Gb Total Physical Memory | 1,21 Gb Available Physical Memory | 62,22% Memory free
3,25 Gb Paging File | 2,75 Gb Available in Paging File | 84,66% Paging File free
Paging file location(s): C:\pagefile.sys 1500 1500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111,78 Gb Total Space | 72,37 Gb Free Space | 64,74% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 36,74 Gb Free Space | 15,77% Space Free | Partition Type: NTFS

Computer Name: MAREK-A3C30D064 | User Name: Marek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Custom Scans ==========

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2011.09.13 20:37:03 | 000,000,512 | ---- | M] () MD5=C3F4332DFEA7E39B031B70560AFB446A -- C:\PhysicalMBR.bin

< End of report >
**********************************************************************
FÁZE 2: Online test souboru PhysicalMBR.bin

Odkaz na kontrolu souboru PhysicalMBR.bin:
http://www.virustotal.com/file-scan/rep ... 1315938883

Zkopírovaný výpis z obrazovky:
Antivirus Version Last Update Result
AhnLab-V3 2011.09.13.00 2011.09.13 -
AntiVir 7.11.14.189 2011.09.13 -
Antiy-AVL 2.0.3.7 2011.09.13 -
Avast 4.8.1351.0 2011.09.13 -
Avast5 5.0.677.0 2011.09.13 -
AVG 10.0.0.1190 2011.09.13 -
BitDefender 7.2 2011.09.13 -
ByteHero 1.0.0.1 2011.09.13 -
CAT-QuickHeal 11.00 2011.09.13 -
ClamAV 0.97.0.0 2011.09.13 -
Commtouch 5.3.2.6 2011.09.13 -
Comodo 10098 2011.09.13 -
DrWeb 5.0.2.03300 2011.09.13 -
Emsisoft 5.1.0.11 2011.09.13 -
eSafe 7.0.17.0 2011.09.13 -
eTrust-Vet 36.1.8556 2011.09.13 -
F-Prot 4.6.2.117 2011.09.13 -
F-Secure 9.0.16440.0 2011.09.13 -
Fortinet 4.3.370.0 2011.09.11 -
GData 22 2011.09.13 -
Ikarus T3.1.1.107.0 2011.09.13 -
Jiangmin 13.0.900 2011.09.13 -
K7AntiVirus 9.112.5128 2011.09.13 -
Kaspersky 9.0.0.837 2011.09.13 -
McAfee 5.400.0.1158 2011.09.13 -
McAfee-GW-Edition 2010.1D 2011.09.13 -
Microsoft 1.7604 2011.09.13 -
NOD32 6461 2011.09.13 -
Norman 6.07.11 2011.09.13 -
nProtect 2011-09-13.01 2011.09.13 -
Panda 10.0.3.5 2011.09.13 -
PCTools 8.0.0.5 2011.09.13 -
Prevx 3.0 2011.09.13 -
Rising 23.74.03.03 2011.09.09 -
Sophos 4.69.0 2011.09.13 -
SUPERAntiSpyware 4.40.0.1006 2011.09.13 -
Symantec 20111.2.0.82 2011.09.13 -
TheHacker 6.7.0.1.293 2011.09.10 -
TrendMicro 9.500.0.1008 2011.09.13 -
TrendMicro-HouseCall 9.500.0.1008 2011.09.13 -
VBA32 3.12.16.4 2011.09.13 -
VIPRE 10465 2011.09.13 -
ViRobot 2011.9.10.4666 2011.09.13 -
VirusBuster 14.0.211.0 2011.09.13 -

Additional information
MD5 : c3f4332dfea7e39b031b70560afb446a
SHA1 : 83f056de339f4096a94081fc03707a1a5a8fde12
SHA256: 53f5ce99a955f51c4dc9ea6e24a56cc29243c594a9247f999c0eb876bb2e699b
ssdeep: 6:5ekYu/DswUoypNTJzRuYvo4nxaYRV800xB9w1qk5n0DRTk08bebY3os6pxJtAKC4:0T4ioypl
5v/c8i0HYkosStYcWLTlJQ
File size : 512 bytes
First seen: 2011-09-13 18:34:43
Last seen : 2011-09-13 18:34:43
TrID:
Unknown!
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
**********************************************************************
FÁZE 3: Přejmenování souboru PhysicalMBR.bin na PhysicalMBR0.bin a start OTL s vlastním skenováním

OTL logfile created on: 13.9.2011 20:43:29 - Run 2
OTL by OldTimer - Version 3.2.28.0 Folder = C:\Documents and Settings\Marek\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1,94 Gb Total Physical Memory | 1,21 Gb Available Physical Memory | 62,28% Memory free
3,25 Gb Paging File | 2,75 Gb Available in Paging File | 84,67% Paging File free
Paging file location(s): C:\pagefile.sys 1500 1500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111,78 Gb Total Space | 72,37 Gb Free Space | 64,74% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 36,74 Gb Free Space | 15,77% Space Free | Partition Type: NTFS

Computer Name: MAREK-A3C30D064 | User Name: Marek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
PhysicalDisk1 MBR saved to C:\PhysicalMBR.bin

========== Custom Scans ==========

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2011.09.13 20:43:29 | 000,000,512 | ---- | M] () MD5=7BFB776D45C6636AA3C24A6127C20049 -- C:\PhysicalMBR.bin

< End of report >

**********************************************************************
FÁZE 4: Online test souboru PhysicalMBR.bin

Odkaz na kontrolu souboru PhysicalMBR.bin:
http://www.virustotal.com/file-scan/rep ... 1315938911

Zkopírovaný výpis z obrazovky:
Antivirus Version Last Update Result
AhnLab-V3 2011.09.13.00 2011.09.13 -
AntiVir 7.11.14.189 2011.09.13 BOO/Whistler
Antiy-AVL 2.0.3.7 2011.09.13 -
Avast 4.8.1351.0 2011.09.13 MBR:Whistler-C [Rtk]
Avast5 5.0.677.0 2011.09.13 MBR:Whistler-C [Rtk]
AVG 10.0.0.1190 2011.09.13 -
BitDefender 7.2 2011.09.13 -
ByteHero 1.0.0.1 2011.09.13 -
CAT-QuickHeal 11.00 2011.09.13 BootKit.Wistler
ClamAV 0.97.0.0 2011.09.13 -
Commtouch 5.3.2.6 2011.09.13 -
Comodo 10098 2011.09.13 -
DrWeb 5.0.2.03300 2011.09.13 -
Emsisoft 5.1.0.11 2011.09.13 Trojan.DOS.Shetwirl!IK
eSafe 7.0.17.0 2011.09.13 -
eTrust-Vet 36.1.8556 2011.09.13 -
F-Prot 4.6.2.117 2011.09.13 -
F-Secure 9.0.16440.0 2011.09.13 -
Fortinet 4.3.370.0 2011.09.11 -
GData 22 2011.09.13 MBR:Whistler-C
Ikarus T3.1.1.107.0 2011.09.13 Trojan.DOS.Shetwirl
Jiangmin 13.0.900 2011.09.13 -
K7AntiVirus 9.112.5128 2011.09.13 -
Kaspersky 9.0.0.837 2011.09.13 -
McAfee 5.400.0.1158 2011.09.13 -
McAfee-GW-Edition 2010.1D 2011.09.13 -
Microsoft 1.7604 2011.09.13 -
NOD32 6461 2011.09.13 -
Norman 6.07.11 2011.09.13 -
nProtect 2011-09-13.01 2011.09.13 -
Panda 10.0.3.5 2011.09.13 -
PCTools 8.0.0.5 2011.09.13 -
Prevx 3.0 2011.09.13 -
Rising 23.74.03.03 2011.09.09 -
Sophos 4.69.0 2011.09.13 -
SUPERAntiSpyware 4.40.0.1006 2011.09.13 -
Symantec 20111.2.0.82 2011.09.13 -
TheHacker 6.7.0.1.293 2011.09.10 -
TrendMicro 9.500.0.1008 2011.09.13 -
TrendMicro-HouseCall 9.500.0.1008 2011.09.13 -
VBA32 3.12.16.4 2011.09.13 -
VIPRE 10465 2011.09.13 -
ViRobot 2011.9.10.4666 2011.09.13 -
VirusBuster 14.0.211.0 2011.09.13 -

Additional information
MD5 : 7bfb776d45c6636aa3c24a6127c20049
SHA1 : 8933c5e850657f568fb3fe4576eed61bc51d43aa
SHA256: 0b2103f47b453d3db7cdd31ae3e38a964f0e15d8f0bf954253a930bc0d635f67
ssdeep: 6:lroHSO98m3pJU1RIOCZlR9fgUWrHSLbAhUi1w0gvSWIJuc6p/xJtAKCFWYGAKCFq:lGSOl5JR
ZSUMU8UirI6ucStYf7Y
File size : 512 bytes
First seen: 2011-09-13 18:35:11
Last seen : 2011-09-13 18:35:11
TrID:
Unknown!
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

*********************** KONEC *********************************

MaVolt · #13 Příspěvek od **MaVolt** » 14 zář 2011 14:28

Ok, dopředu díky za trpělivost.

Staženo, nainstalováno.

Zde je označenec v kode:

Kód: Vybrat vše

90 31 C0 90 8E D8 8E C0 90 8E D0 BC 00 7C BE 00 7C 90 BF 00 06 90 B9 80 00 90 FC F3 66 A5 90 EA 26 06 00 00 90 90 66 31 C0 90 BE BE 07 B1 04 66 39 44 08 90 72 08 66 8B 44 08 66 03 44 0C 83 C6 10 90 83 2E 8B 06 04 E2 E6 66 09 C0 74 40 66 83 C0 02 90 B9 40 00 BB 00 7C BF 12 07 90 83 2E 8B 06 04 E8 71 00 72 27 66 68 83 C4 14 90 90 66 68 04 46 E2 F9 90 66 68 80 FF D7 30 90 66 68 89 C3 B9 00 90 66 68 BE 00 7C 66 0F 83 73 75 E8 BE BE 07 B1 04 80 3C 80 74 0F 38 2C 0F 85 96 00 83 C6 10 E2 F0 90 CD 18 90 66 8B 44 08 89 E3 B9 01 00 90 E8 22 00 73 0E 8B 4C 02 B8 01 02 90 CD 13 0F 82 8B 00 90 81 3E FE 7D 55 AA 90 0F 85 A0 00 90 EA 00 7C 00 00 90 66 60 90 BB AA 55 B4 41 CD 13 90 73 04 F9 66 61 C3 81 FB 55 AA 75 F6 90 F6 C1 01 74 F0 66 61 90 66 60 6A 00 90 6A 00 66 50 06 90 53 51 90 6A 10 B4 42 90 89 E6 CD 13 61 90 66 61 C3 66 69 DB FD 43 03 00 90 66 81 C3 C3 9E 26 00 90 66 89 D8 90 66 C1 E8 10 90 66 25 FF 00 00 00 90 C3 90 49 6E 76 61 6C 69 64 20 70 61 72 74 69 74 69 6F 6E 20 74 61 62 6C 65 00 90 90 45 72 72 6F 72 20 6C 6F 61 64 69 6E 67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74 65 6D 00 90 90 4D 69 73 73 69 6E 67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74 65 6D 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 D1 0F 53 86 00 00 00 01 01 00 07 FE FF FF 3F 00 00 00 42 45 1C 1D 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA

Tady je screen:
http://www.urimage.net/?v=jt0kw.jpg

Ještě píšeš: - vyber Physical disk -> Hard Disk 2 (nepopleť to - určo máš datový jako fyzický druhý disk?)
Doufám, že v tom není nějaký figl v označení. Fyzicky mám skutečně zapojené 2 disky; C: je systémový, na D: jsou jen data
Tak jestli se D hlásí jako HArd disk 2, je to on

Pro jistotu screen:
http://www.urimage.net/?v=FCmU6.jpg

MaVolt · #14 Příspěvek od **MaVolt** » 14 zář 2011 14:43

eště se zeptám, nejedná se o nějakou sestavu HP, Dell, Lenovo? na druhém nyní datovém disku nebyl nainstalován OS? Ptám se, abych pak nemusel obnovovat zavaděč ze záloh, které se vytvořily přes OTL.

Sestava je skládaná a různě doplňovaná, žádná značka jako HP, Dell nebo Lenovo. Kdysi to bylo něco od Barbone, ale z toho zbyl už jen case

:)

Alea iacta est

No... a s kostkama i moje nervy ... tak tohle mi chvilku zabere... už teď se potím nervozitou

Říká ti něco port 24654 viz
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"24654:UDP"= 24654:UDP:Enfocus Port

Neříká - jen ten poslední název Enfocus Pitstop je program, jakási nádstavba k pdf prohlížeči, který umoˇžnujě editovat pdfka. Včera jsem ho shodou okolností odinstaloval, protože nebyl potřebný.

Jinak bude to ještě malinko trvat - dostal jsem před hodinou laický nápad, na chvíli vypnul NODa, nainstalil trial ale neosekanou verzi Nortona a spustil scan - zatím našel 13x virus, 3x tracking cookies a 12x Heuristic viry. Nechám ho dopotit a pak jdu na tvůj postup.

A ještě zajímavost - v době, kdy se mi poprve ukázal vir, jsem měl k PC připojený externí HDD. Na něm mi také NOD ukázal vira v MBR sektoru. Dnes po dohodě s jedním známým jsem disk připojil k PC, který se bude likvidovat, ale který nicméně je zcela chráněn (také aktuální placený NOD, všechny aktualizace...) a spustil scan... a vir to nenašlo. Zrestartoval jsem, pustil znova...nenašlo. Není to divné?

MaVolt · #15 Příspěvek od **MaVolt** » 14 zář 2011 15:04

No jasněže tvůj nápad byl a je řešení

, hned jak dojede norton, postnu report a odinstaluju ho, nechám NODa.

Jen malinko k historii viru (pořád by se mi líbila varianta, že nejde o vir, ale třeba vadnou desku nebo tak něco

)
Pracoval jsem na PC, měl rozjeté hafo grafických programů a internet (ale tam jen mejl na seznamu a online přístup do pracovního mejlu). PC se zničehonic sám zrestartil a po naběhnutí už nod hlásilo vir.
Po chvilce paniky jsem stáhnul spyware doktora a ještě další "zaručené" odstraňovače - po každé chtěl každý program restart PC.
A po jednom restartu PC už nenaběhnul, byla černá obrazovka, žádné pípání, jen zevnitř šel zvuk, jako kdyby se něco chtělo načíst (dá se to přirovnat ke zvuku poškrábaného CD), ale nic se nedělo.
Tak jsem postupně metodou pokus-omyl postupně odpojoval hardware, dokonce i zresetoval bios (snad - vyndáním baterie) až se nakonec zdálo, že odešel jeden slot na RAM a PCI-e slot na grafiku. Jel jsem tedy na jednu RAM a na interní grafiku. PC fungovalo, ale vir to psalo. Doměnka - špatný motherboard.
Druhý den ráno po zapnutí tam vir byl pořád, ale PC měl jakýsi lepší zvuk, tak jsem zkusmo hodil druhou RAM do včera vadného slotu a ono se to rozjelo. Ale slot na grafiku ne-e. TAk nevím, jestli je špatná deska nebo grafárna nebo obojí a do toho všeho vir.

Tohle píšu proto, že ten pitomý norton furt ještě jede a já zabíjím čas

***********************************************************
UPDATE: Norton dojel, hodil report. Je to dost dlouhý txt, mám ho nahodit?
Tady je zatím aspoň obrázek:
http://www.urimage.net/?v=Riqj.jpg

VIRY.CZ

Win32/agent.sdg.gen v MBR sektoru disku - prosim o pomoc

Win32/agent.sdg.gen v MBR sektoru disku - prosim o pomoc

Re: Win32/agent.sdg.gen v MBR sektoru disku - prosim o pomoc

Re: Win32/agent.sdg.gen v MBR sektoru disku - prosim o pomoc

Re: Win32/agent.sdg.gen v MBR sektoru disku - prosim o pomoc

Re: Win32/agent.sdg.gen v MBR sektoru disku - prosim o pomoc

Re: Win32/agent.sdg.gen v MBR sektoru disku - prosim o pomoc

Re: Win32/agent.sdg.gen v MBR sektoru disku - prosim o pomoc

Re: Win32/agent.sdg.gen v MBR sektoru disku - prosim o pomoc

Re: Win32/agent.sdg.gen v MBR sektoru disku - prosim o pomoc

Re: Win32/agent.sdg.gen v MBR sektoru disku - prosim o pomoc

Re: Win32/agent.sdg.gen v MBR sektoru disku - prosim o pomoc

Re: Win32/agent.sdg.gen v MBR sektoru disku - prosim o pomoc

Re: Win32/agent.sdg.gen v MBR sektoru disku - prosim o pomoc

Re: Win32/agent.sdg.gen v MBR sektoru disku - prosim o pomoc

Re: Win32/agent.sdg.gen v MBR sektoru disku - prosim o pomoc