Prosím o kontrolu logu - problém s Firefoxem

[34regulus]

Možná bych zkusil odintalovat firefox a znovu naistalovat, já vím, že příjdeš o nastavení , ale připadá mi to jako schůdná cesta!

Neraď v této sekci pokud nejsi skutečně odborník na viry. Díky za pochopení! Pic

[Reklama]

[bledulka]

Otestuj na www.virustotal.com
d:\users\Petr\AppData\Roaming\anyname.exe
-Do okénka zkopíruj cestu k souboru , pokud napíše, že soubor byl už testován, dej otestovat znovu.
-Sem vlož link s výsledky.

Ještě tam máš rootkita, otestuj ten soubor a jdeme mazat.

[Lunaris]

Zjistil jsem, že se ten soubor vytvoří pouze jen když dám ve správci úloh příkaz "vytvořit soubor výpisu" takže jsem se asi spletl... tím xxxx.DMP to není

[bledulka]

To určitě není, máš tam ještě rootkita. Prosím Tě otestuj ten soubor, ať můžeme mazat.

[Lunaris]

tak tady to máš slečno :

http://www.virustotal.com/cs/analisis/7 ... 1277065151

[bledulka]

Děkuji, jdeme na to .


Combofix přesuň na plochu
-otevři si Poznámkový blok
-Do něj zkopíruj text z tohoto okénka

Kód: Vybrat vše


Collect::
D:\Users\Petr\AppData\Roaming\winlogon.exe
D:\Users\Petr\AppData\Roaming\anyname.exe
d:\programdata\Microsoft\Windows\Start Menu\Programs\winlogon\svchost.exe
d:\windows\system32\GameMon.des
d:\program files\Winlogon\svhost.exe

Folder::
D:\Program Files\Winlogon

Dirlook::
D:\Windows\system32\NDF

Driver::
svhost
npggsvc

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{48E9C7DB-BE8A-CECC-8064-8ACAFF7CBDDD}]
 [-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5JKQA-FJKLNLK-7A3CM-VWYRLQ-HA38ZA75G}]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{OYFPO357-XV3I-J121-K400-78I4LF7RH585}]
[-HKEY_CURRENT_USER\software\microsoft\active setup\installed components\{D1FD0EAE-B0CA-BB21-4C4B-F48B9F2BAD1D}]


-vytvořený TXT soubor ulož jako CFScript.txt na plochu a levým myšítkem přesuň nad ikonu Combofixu, kde ho upustíš

-Po proběhnutí skenu a ukončení combofixu by se měl objevit log, vlož ho zde.

Upozornění : Může se stát, že po aplikaci skriptu a restartu počítače Windows nenaběhnou, pak znovu restartuj počítač, mačkej F8 a pak zvol poslední známou funkční konfiguraci.

****

Stahni Mbam http://download.cnet.com/3001-8022_4-10 ... l-10804572
-nainstaluj, aktualizuj
-udělej uplný sken a vlož sem log

[Lunaris]

táta mě včera vyhnal, promiň . Tak tady to je:

ComboFix 10-06-19.03 - Petr 21.06.2010 19:00:21.2.2 - x86 MINIMAL
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.2047.1171 [GMT 2:00]
Spuštěný z: d:\users\Petr\Desktop\ComboFix.exe
Použité ovládací přepínače :: d:\users\Petr\Desktop\CFScript.txt
* Vytvořen nový Bod Obnovení

file zipped: d:\program files\Winlogon\svhost.exe
file zipped: d:\programdata\Microsoft\Windows\Start Menu\Programs\winlogon\svchost.exe
file zipped: d:\users\Petr\AppData\Roaming\anyname.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\program files\Winlogon
d:\program files\Winlogon\svhost.exe
d:\programdata\Microsoft\Windows\Start Menu\Programs\winlogon\svchost.exe
d:\users\Petr\AppData\Roaming\anyname.exe
d:\users\Petr\AppData\Roaming\cglogs.dat
d:\users\Petr\AppData\Roaming\SQLite3.dll
d:\windows\system32\GameMon.des

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_npggsvc
-------\Service_svhost


((((((((((((((((((((((((( Soubory vytvořené od 2010-05-21 do 2010-06-21 )))))))))))))))))))))))))))))))
.

2010-06-21 17:04 . 2010-06-21 17:05 -------- d-----w- d:\users\Petr\AppData\Local\temp
2010-06-21 17:04 . 2010-06-21 17:04 -------- d-----w- d:\users\Public\AppData\Local\temp
2010-06-19 20:20 . 2010-06-19 20:52 -------- d-----w- D:\rsit
2010-06-19 16:30 . 2010-06-19 16:30 -------- d-----w- d:\program files\iPod
2010-06-19 16:30 . 2010-06-19 16:30 -------- d-----w- d:\program files\iTunes
2010-06-19 16:26 . 2010-06-19 16:26 -------- d-----w- d:\program files\Bonjour
2010-06-19 16:24 . 2010-06-19 16:24 72504 ----a-w- d:\programdata\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-09 18:36 . 2010-05-01 14:49 2326528 ----a-w- d:\windows\system32\win32k.sys
2010-06-09 18:36 . 2010-03-05 07:42 67584 ----a-w- d:\windows\system32\asycfilt.dll
2010-06-09 18:36 . 2010-05-21 05:18 977920 ----a-w- d:\windows\system32\wininet.dll
2010-06-09 18:36 . 2010-05-27 03:49 293888 ----a-w- d:\windows\system32\atmfd.dll
2010-06-09 18:36 . 2010-05-27 07:24 34304 ----a-w- d:\windows\system32\atmlib.dll
2010-05-29 12:04 . 2010-05-29 12:04 -------- d-----w- d:\program files\Nuclear Coffee
2010-05-27 15:31 . 2010-06-20 10:15 48648 ----a-w- d:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2010-05-27 15:31 . 2010-05-27 15:31 484160 ----a-w- d:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-05-27 14:29 . 2009-06-22 11:25 221184 ----a-w- d:\windows\system32\RaCoInst.dll
2010-05-27 14:29 . 2009-09-07 20:20 337408 ----a-w- d:\windows\system32\drivers\netr61.sys
2010-05-27 14:29 . 2010-05-27 14:30 -------- d-----w- d:\program files\Ovislink
2010-05-27 14:28 . 2010-05-27 14:28 -------- d-----w- d:\users\Petr\AppData\Roaming\InstallShield
2010-05-26 18:55 . 2010-05-26 18:55 -------- d-----w- d:\users\Petr\AppData\Roaming\Megaupload
2010-05-26 18:55 . 2010-05-26 18:55 -------- d-----w- d:\program files\Megaupload
2010-05-26 13:09 . 2010-04-23 07:13 2048 ----a-w- d:\windows\system32\tzres.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-21 17:05 . 2010-03-17 21:09 0 ----a-w- d:\windows\system32\drivers\lvuvc.hs
2010-06-21 16:53 . 2010-03-16 18:03 -------- d-----w- d:\users\Petr\AppData\Roaming\skypePM
2010-06-21 16:51 . 2010-03-16 18:02 -------- d-----w- d:\users\Petr\AppData\Roaming\Skype
2010-06-20 11:40 . 2009-07-14 08:44 625676 ----a-w- d:\windows\system32\perfh005.dat
2010-06-20 11:40 . 2009-07-14 08:44 119794 ----a-w- d:\windows\system32\perfc005.dat
2010-06-20 10:15 . 2010-04-16 16:02 -------- d-----w- d:\program files\Trend Micro
2010-06-20 10:14 . 2010-04-17 20:22 484160 ----a-w- d:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-06-19 16:30 . 2010-04-17 15:19 -------- d-----w- d:\program files\Common Files\Apple
2010-06-09 20:46 . 2010-03-16 17:21 -------- d-----w- d:\programdata\Microsoft Help
2010-06-08 16:29 . 2010-04-19 17:22 -------- d-----w- d:\program files\Wondershare
2010-06-01 11:43 . 2010-04-17 20:22 48648 ----a-w- d:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2010-05-27 15:37 . 2010-03-23 20:39 -------- d-----w- d:\programdata\HP
2010-05-27 14:29 . 2010-03-17 21:05 -------- d--h--w- d:\program files\InstallShield Installation Information
2010-05-26 20:23 . 2010-03-16 17:28 -------- d-----w- d:\program files\CCleaner
2010-05-21 12:14 . 2010-03-16 17:19 221568 ------w- d:\windows\system32\MpSigStub.exe
2010-05-18 14:35 . 2010-05-18 14:35 91424 ----a-w- d:\windows\system32\dnssd.dll
2010-05-18 14:35 . 2010-05-18 14:35 107808 ----a-w- d:\windows\system32\dns-sd.exe
2010-05-15 15:03 . 2010-05-15 14:59 -------- d-----w- d:\users\Petr\AppData\Roaming\Red Alert 3
2010-05-15 14:47 . 2010-05-15 14:47 -------- d-----w- d:\program files\Electronic Arts
2010-05-15 14:41 . 2010-05-15 14:30 -------- d-----w- d:\users\Petr\AppData\Roaming\DAEMON Tools Lite
2010-05-15 14:33 . 2010-05-15 14:33 -------- d-----w- d:\program files\DAEMON Tools Toolbar
2010-05-15 14:33 . 2010-05-15 14:31 -------- d-----w- d:\program files\DAEMON Tools Lite
2010-05-15 14:32 . 2010-05-15 14:32 691696 ----a-w- d:\windows\system32\drivers\sptd.sys
2010-05-15 14:31 . 2010-05-15 14:30 -------- d-----w- d:\programdata\DAEMON Tools Lite
2010-05-15 10:38 . 2010-04-17 15:22 -------- d-----w- d:\users\Petr\AppData\Roaming\Apple Computer
2010-05-15 10:37 . 2010-05-15 10:37 0 ---ha-w- d:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-05-13 18:54 . 2010-05-13 17:07 -------- d-----w- d:\program files\The KMPlayer
2010-05-12 12:05 . 2009-07-14 02:37 -------- d-----w- d:\program files\Windows Mail
2010-05-06 18:39 . 2010-03-16 17:27 -------- d-----w- d:\program files\Recuva
2010-05-01 19:45 . 2010-03-31 10:16 -------- d-----w- d:\users\Petr\AppData\Roaming\onOne Software
2010-04-30 14:16 . 2010-04-30 14:13 -------- d-----w- d:\program files\ASUS
2010-04-27 16:09 . 2010-04-27 16:09 -------- d-----w- d:\users\Petr\AppData\Roaming\Imagenomic
2010-04-27 16:08 . 2010-04-01 20:51 -------- d-----w- d:\program files\Imagenomic
2010-04-24 21:33 . 2010-04-17 15:19 -------- d-----w- d:\programdata\Apple
2010-04-22 19:32 . 2010-04-19 19:28 -------- d-----w- d:\programdata\xml_param
2010-04-18 20:18 . 2010-04-18 20:18 11526144 ----a-w- d:\programdata\TuneUp Software\TuneUp Utilities\WinStyler\LogonScreens\CoffeeBeans.tls.dll
2010-04-12 16:33 . 2010-04-16 12:01 280440 ----a-w- d:\users\Petr\AppData\Roaming\QipGuard\sqlite3.dll
2010-04-12 16:33 . 2010-04-16 12:01 184272 ----a-w- d:\users\Petr\AppData\Roaming\QipGuard\QipGuard.exe
2010-04-12 16:33 . 2010-04-16 12:01 20944 ----a-w- d:\users\Petr\AppData\Roaming\QipGuard\chrome.dll
2010-04-06 19:01 . 2010-04-06 19:01 38784 ----a-w- d:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-04-01 20:34 . 2010-03-19 19:36 75064 ----a-w- d:\windows\system32\PnkBstrA.exe
2010-03-31 10:04 . 2010-03-16 17:08 109600 ----a-w- d:\users\Petr\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-23 20:45 . 2010-03-23 20:39 231824 ----a-w- d:\windows\hpoins21.dat
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- d:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- d:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of d:\windows\system32\NDF ----

2010-03-16 17:06 . 2010-05-31 16:42 393216 ----a-w- d:\windows\system32\NDF\eventlog.etl


((((((((((((((((((((((((((((( SnapShot@2010-06-20_11.32.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-17 13:59 . 2010-06-21 13:29 37592 d:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2010-06-21 13:29 38334 d:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 04:55 . 2010-06-20 11:20 38334 d:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2010-03-16 16:59 . 2010-06-20 11:19 16384 d:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-16 16:59 . 2010-06-21 17:05 16384 d:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-16 16:59 . 2010-06-21 17:05 32768 d:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-16 16:59 . 2010-06-20 11:19 32768 d:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:41 . 2010-06-21 17:05 16384 d:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:41 . 2010-06-20 11:19 16384 d:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-03-16 17:18 . 2010-06-20 11:23 16384 d:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-16 17:18 . 2010-06-21 16:56 16384 d:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-03-16 17:18 . 2010-06-20 11:23 32768 d:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-03-16 17:18 . 2010-06-21 16:56 32768 d:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-03-16 17:18 . 2010-06-21 16:56 16384 d:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-03-16 17:18 . 2010-06-20 11:23 16384 d:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-03-16 19:02 . 2010-06-21 16:03 16384 d:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-03-16 19:02 . 2010-06-20 11:02 16384 d:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-16 19:02 . 2010-06-21 16:03 32768 d:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-16 19:02 . 2010-06-20 11:02 32768 d:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-16 19:02 . 2010-06-20 11:02 16384 d:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-03-16 19:02 . 2010-06-21 16:03 16384 d:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-03-16 17:03 . 2010-06-20 11:20 6302 d:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-426473828-1720530656-3782696912-1000_UserData.bin
+ 2010-03-16 17:03 . 2010-06-21 13:29 6302 d:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-426473828-1720530656-3782696912-1000_UserData.bin
+ 2010-06-20 11:36 . 2010-06-20 11:36 9560 d:\windows\System32\NetworkList\Icons\{EAA5955F-AB4F-4839-A280-F5A8335C524E}_48.bin
+ 2010-06-20 11:36 . 2010-06-20 11:36 4280 d:\windows\System32\NetworkList\Icons\{EAA5955F-AB4F-4839-A280-F5A8335C524E}_32.bin
+ 2010-06-20 11:36 . 2010-06-20 11:36 2456 d:\windows\System32\NetworkList\Icons\{EAA5955F-AB4F-4839-A280-F5A8335C524E}_24.bin
- 2010-05-31 16:02 . 2010-05-31 16:05 9560 d:\windows\System32\NetworkList\Icons\{1203D0C3-DE0C-41BB-8BEF-E3058B25EF6F}_48.bin
+ 2010-05-31 16:02 . 2010-06-20 11:34 9560 d:\windows\System32\NetworkList\Icons\{1203D0C3-DE0C-41BB-8BEF-E3058B25EF6F}_48.bin
- 2010-05-31 16:02 . 2010-05-31 16:05 4280 d:\windows\System32\NetworkList\Icons\{1203D0C3-DE0C-41BB-8BEF-E3058B25EF6F}_32.bin
+ 2010-05-31 16:02 . 2010-06-20 11:34 4280 d:\windows\System32\NetworkList\Icons\{1203D0C3-DE0C-41BB-8BEF-E3058B25EF6F}_32.bin
- 2010-05-31 16:02 . 2010-05-31 16:05 2456 d:\windows\System32\NetworkList\Icons\{1203D0C3-DE0C-41BB-8BEF-E3058B25EF6F}_24.bin
+ 2010-05-31 16:02 . 2010-06-20 11:34 2456 d:\windows\System32\NetworkList\Icons\{1203D0C3-DE0C-41BB-8BEF-E3058B25EF6F}_24.bin
- 2010-06-20 11:25 . 2010-06-20 11:25 2048 d:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-06-21 16:57 . 2010-06-21 17:05 2048 d:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:05 . 2010-06-07 19:50 609896 d:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2010-06-20 11:40 609896 d:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2010-06-07 19:50 104214 d:\windows\System32\perfc009.dat
+ 2009-07-14 02:05 . 2010-06-20 11:40 104214 d:\windows\System32\perfc009.dat
- 2009-07-14 02:03 . 2010-06-20 09:28 7077888 d:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:03 . 2010-06-21 13:39 7077888 d:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DU Meter"="d:\program files\DU Meter\DUMeter.exe" [2010-03-29 2749984]
"ccleaner"="d:\program files\CCleaner\ccleaner.exe" [2010-05-25 1694520]
"Seznam Postak"="d:\users\Petr\AppData\Local\Seznam.cz\postak.exe" [2010-03-24 462104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="d:\program files\ESET\ESET Smart Security\egui.exe" [2010-02-22 2140880]
"IntelliPoint"="d:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-11 1468256]
"StartCCC"="d:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-02 98304]
"RtHDVCpl"="d:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-05-22 7514656]
"itype"="d:\program files\Microsoft IntelliType Pro\itype.exe" [2009-06-01 1501064]
"Ai Nap"="d:\program files\ASUS\AI Suite\AiNap\AiNap.exe" [2009-12-28 1437312]
"Cpu Level Up help"="d:\program files\ASUS\AI Suite\CpuLevelUpHelp.exe" [2009-12-28 887936]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv

[HKLM\~\startupfolder\D:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AirLive 802.11G Wireless Utility.lnk]
path=d:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AirLive 802.11G Wireless Utility.lnk
backup=d:\windows\pss\AirLive 802.11G Wireless Utility.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\D:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=d:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=d:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\D:^Users^Petr^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Registrace produktu.lnk]
path=d:\users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Registrace produktu.lnk
backup=d:\windows\pss\Logitech . Registrace produktu.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- d:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 05:58 611712 ----a-w- d:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPU Power Monitor]
2009-12-28 19:19 633984 ----a-w- d:\program files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- d:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-03-16 17:08 135664 ----atw- d:\users\Petr\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 09:44 31072 ----a-w- d:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 15:24 54840 ----a-w- d:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-06-15 14:33 141624 ----a-w- d:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 12:36 2793304 ----a-w- d:\program files\Logitech\Logitech WebCam Software\LWS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2009-03-15 10:15 180224 ----a-w- d:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QIP Internet Guardian]
2010-04-12 16:33 184272 ----a-w- d:\users\Petr\AppData\Roaming\QipGuard\QipGuard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53 421888 ----a-w- d:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 10:43 248040 ----a-w- d:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="d:\program files\QuickTime\QTTask.exe" -atboottime

R3 rt61x86;Ovislink WT-2000PCI Driver for Windows Vista;d:\windows\system32\DRIVERS\netr61.sys [2009-09-07 337408]
R3 WatAdminSvc;Služba Technologie aktivace Windows;d:\windows\system32\Wat\WatAdminSvc.exe [2010-05-18 1343400]
S0 sptd;sptd;d:\windows\System32\Drivers\sptd.sys [2010-05-15 691696]
S1 ehdrv;ehdrv;d:\windows\system32\DRIVERS\ehdrv.sys [2010-02-22 114984]
S2 AMD External Events Utility;AMD External Events Utility;d:\windows\system32\atiesrxx.exe [2010-02-03 172032]
S2 DUMeterSvc;DU Meter Service;d:\program files\DU Meter\DUMeterSvc.exe [2009-09-04 1391136]
S2 eamonm;eamonm;d:\windows\system32\DRIVERS\eamonm.sys [2010-02-22 133512]
S2 ekrn;ESET Service;d:\program files\ESET\ESET Smart Security\ekrn.exe [2010-02-22 810120]
S2 epfwwfp;epfwwfp;d:\windows\system32\DRIVERS\epfwwfp.sys [2010-02-22 41312]
S2 TeamViewer5;TeamViewer 5;d:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-03-18 172328]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;d:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-02-25 1047880]
S3 amdkmdag;amdkmdag;d:\windows\system32\DRIVERS\atipmdag.sys [2010-02-03 5313536]
S3 amdkmdap;amdkmdap;d:\windows\system32\DRIVERS\atikmpag.sys [2010-02-03 150016]
S3 dc3d;MS Hardware Device Detection Driver (USB);d:\windows\system32\DRIVERS\dc3d.sys [2009-11-11 22384]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;d:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2010-02-25 10064]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;d:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-06-17 d:\windows\Tasks\Defraggler Volume D Task.job
- d:\program files\Defraggler\df.exe [2010-02-12 14:39]

2010-06-20 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-426473828-1720530656-3782696912-1000Core.job
- d:\users\Petr\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-16 17:08]

2010-06-21 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-426473828-1720530656-3782696912-1000UA.job
- d:\users\Petr\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-16 17:08]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {DE775C82-D1AE-49AF-A404-C663E9EFCD88} = 217.117.216.72,217.117.216.7
FF - ProfilePath - d:\users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\F861DC2F.default\
FF - component: d:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: d:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: d:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: d:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: d:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: d:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: d:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: d:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: d:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: d:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: d:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: d:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - plugin: d:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: d:\users\Petr\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll

---- NASTAVENÍ FIREFOXU ----
d:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

ActiveSetup-{48E9C7DB-BE8A-CECC-8064-8ACAFF7CBDDD} - d:\users\Petr\AppData\Roaming\anyname.exe



**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x84E931F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0xe5726854
SecurityProcedure -> 0x1
QueryNameProcedure -> 0x89e05d96
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DUMeterSvc]
"ImagePath"="d:\program files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
d:\windows\system32\atieclxx.exe
d:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
d:\program files\Bonjour\mDNSResponder.exe
d:\windows\system32\taskhost.exe
d:\program files\ASUS\AI Suite\EnergySaving\PwSave.exe
d:\program files\ASUS\AASP\1.01.02\aaCenter.exe
d:\program files\TeamViewer\Version5\TeamViewer.exe
d:\windows\system32\conhost.exe
d:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
d:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
d:\program files\Microsoft IntelliType Pro\dpupdchk.exe
d:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
d:\windows\system32\WUDFHost.exe
d:\program files\iPod\bin\iPodService.exe
d:\program files\Windows Media Player\wmpnetwk.exe
d:\windows\servicing\TrustedInstaller.exe
d:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Celkový čas: 2010-06-21 19:09:45 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-06-21 17:09
ComboFix2.txt 2010-06-20 11:33

Před spuštěním: Volných bajtů: 86 632 255 488
Po spuštění: Volných bajtů: 86 355 587 072

- - End Of File - - 604B4C4762A5283BA84CF8F6F7C57232
Nahr nˇ probŘhlo ŁspŘçnŘ


proces se už neobjevuje (abych to nezakřikl) ... takže to bude asi v pořádku... ne?:D


/edited:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4221

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

21.6.2010 19:21:51
mbam-log-2010-06-21 (19-21-51).txt

Typ skenu: Rychlý sken
Skenované objekty: 132491
Uplynulý čas: 4 minuta(y), 27 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

[bledulka]

Ještě si něco ověřím

Otestuj na http://www.virustotal.com
d:\windows\system32\drivers\lvuvc.hs
-Do okénka zkopíruj cestu k souboru , pokud napíše, že soubor byl už testován, dej otestovat znovu.
-Sem vlož link s výsledky.

***************************

Odinstaluj všechny virtuální jednotky (Daemon nebo alcohol)

Stáhni SPTD http://www.duplexsecure.com/en/downloads
-vyber verzi podle svého operačního systému. SPTD for Windows (32 bit) nebo (64b)
-ulož na plochu a spusť
- zvol možnost Uninstall
- restart PC



**********************************************

Stahni Gmer http://www.gmer.net/gmer.zip
-rozbal ho a spusť
-po prvním rychlém skenu klikni na tlačítko Save, uloží se log, který mi sem zkopíruješ.
-v pravém sloupci označ všechny položky fajfkou ve čtverečku a klikni na tlačítko scan
-až se sken dokončí, opět tlačítkem Save ulož log, který sem vložíš.


**********************************************

Stáhni MBR
http://www2.gmer.net/mbr/mbr.exe
-ulož ho na plochu
- start-spustit
do okénka zkopíruj
"%userprofile%\plocha\mbr" -t
ok
-na ploše se vytvoří log s názvem mbr.log, vlož ho sem

[Lunaris]

http://www.virustotal.com/vt/cs/recepci ... fead776a1b - 0 bytes size received / Se ha recibido un archivo vacio



GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-21 21:55:08
Windows 6.1.7600
Running: gmer.exe; Driver: D:\Users\Petr\AppData\Local\Temp\kxldapob.sys


---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C33AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C33104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C333F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C1B634
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C1B898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C331DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C33958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C336F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C33F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C341A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C93599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CB7F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? System32\Drivers\spjj.sys Systém nemůže nalézt uvedenou cestu. !
.text D:\Windows\system32\DRIVERS\atipmdag.sys section is writeable [0x8EA0E000, 0x2E6316, 0xE8000020]
.text USBPORT.SYS!DllUnload 8E936CA0 5 Bytes JMP 862BC1D8
.text a2oajm61.SYS 8FC0200D 9 Bytes [C7, C1, 82, 48, EB, C1, 82, ...] {MOV ECX, 0xc1eb4882; ADD BYTE [EAX], 0x0}
.text a2oajm61.SYS 8FC02017 170 Bytes [00, DE, E7, DA, 88, E6, E5, ...]
.text a2oajm61.SYS 8FC020C3 8 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
.text a2oajm61.SYS 8FC020CE 4 Bytes [00, 00, 00, 00] {ADD [EAX], AL; ADD [EAX], AL}
.text a2oajm61.SYS 8FC020D4 13 Bytes [C9, F4, 5C, 4A, 00, 00, 00, ...]
.text ...
.text win32k.sys!STROBJ_vEnumStart + 2329 981BFE00 1 Byte [00]
.text win32k.sys!STROBJ_vEnumStart + 2329 981BFE00 20 Bytes [00, 8B, 80, 88, 00, 00, 00, ...]
.text win32k.sys!STROBJ_vEnumStart + 233E 981BFE15 38 Bytes CALL 981BBF7D \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!STROBJ_vEnumStart + 2365 981BFE3C 16 Bytes CALL 98198CF1 \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!STROBJ_vEnumStart + 2376 981BFE4D 16 Bytes [70, 08, 89, 75, E0, C7, 45, ...]
.text ...
.text win32k.sys!EngDeleteClip + 26 981C373A 61 Bytes [EB, 11, 8B, 08, 6A, 00, 50, ...]
.text win32k.sys!EngDeleteClip + 64 981C3778 20 Bytes [8B, 4D, FC, 8B, 49, 08, 83, ...]
.text win32k.sys!EngDeleteClip + 79 981C378D 15 Bytes CALL 9814D0C6 \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!EngDeleteClip + 89 981C379D 41 Bytes CALL 9814C167 \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!EngDeleteClip + B3 981C37C7 16 Bytes [00, 00, 00, A1, 80, 90, 2F, ...]
.text ...
.text win32k.sys!STROBJ_bEnum + 1 981C6301 2 Bytes [FF, 55]
.text win32k.sys!STROBJ_bEnum + 4 981C6304 2 Bytes [EC, 56] {IN AL, DX ; PUSH ESI}
.text win32k.sys!STROBJ_bEnum + 7 981C6307 105 Bytes [75, 08, 8B, 46, 30, A9, 00, ...]
.text win32k.sys!STROBJ_bEnum + 71 981C6371 22 Bytes [56, 24, 85, D2, 74, 28, 8B, ...]
.text win32k.sys!STROBJ_bEnum + 88 981C6388 356 Bytes [8B, 56, 34, 74, 03, C1, E1, ...]
.text ...
.text win32k.sys!EngPlgBlt + 54 981D54C0 58 Bytes [85, DB, 0F, 84, 2F, 0E, 00, ...]
.text win32k.sys!EngPlgBlt + 8F 981D54FB 7 Bytes [83, F9, 0A, 0F, 84, F3, 0D]
.text win32k.sys!EngPlgBlt + 97 981D5503 98 Bytes [00, 83, F8, 0A, 0F, 84, EA, ...]
.text win32k.sys!EngPlgBlt + FA 981D5566 29 Bytes [4E, 24, 8B, 56, 20, 89, 5D, ...]
.text win32k.sys!EngPlgBlt + 118 981D5584 88 Bytes [75, 2A, F7, 40, 24, 00, 00, ...]
.text ...
.text win32k.sys!EngSort + 66 981D83DA 1 Byte [7D]
.text win32k.sys!EngSort + 66 981D83DA 78 Bytes [7D, 08, 8B, 45, 0C, FF, 4D, ...]
.text win32k.sys!EngSort + B5 981D8429 20 Bytes [45, 08, F6, 00, 80, 8B, 45, ...]
.text win32k.sys!EngSort + CA 981D843E 5 Bytes [00, 00, 8B, 75, 18] {ADD [EAX], AL; MOV ESI, [EBP+0x18]}
.text win32k.sys!EngSort + D0 981D8444 27 Bytes [4D, 14, 80, 78, 03, 00, 74, ...]
.text ...
.text peauth.sys 9A606C9D 28 Bytes [55, 23, 20, 5E, B7, 7B, 18, ...]
.text peauth.sys 9A606CC1 28 Bytes [55, 23, 20, 5E, B7, 7B, 18, ...]
? D:\Users\Petr\AppData\Local\Temp\mbr.sys Systém nemůže nalézt uvedený soubor. !
? D:\Windows\system32\Drivers\PROCEXP113.SYS Systém nemůže nalézt uvedený soubor. !

---- User code sections - GMER 1.0.15 ----

.text D:\Program Files\ESET\ESET Smart Security\ekrn.exe[1856] kernel32.dll!SetUnhandledExceptionFilter 777D3162 4 Bytes [C2, 04, 00, 00]
.text D:\Program Files\Mozilla Firefox\firefox.exe[2024] ntdll.dll!LdrLoadDll 77B1F585 5 Bytes JMP 013613F0 D:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [88CB2042] \SystemRoot\System32\Drivers\spjj.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [88CB26D6] \SystemRoot\System32\Drivers\spjj.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [88CB2800] \SystemRoot\System32\Drivers\spjj.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [88CB213E] \SystemRoot\System32\Drivers\spjj.sys
IAT \SystemRoot\System32\Drivers\a2oajm61.SYS[ataport.SYS!AtaPortNotification] 00147880
IAT \SystemRoot\System32\Drivers\a2oajm61.SYS[ataport.SYS!AtaPortQuerySystemTime] 78800C75
IAT \SystemRoot\System32\Drivers\a2oajm61.SYS[ataport.SYS!AtaPortReadPortUchar] 06750015
IAT \SystemRoot\System32\Drivers\a2oajm61.SYS[ataport.SYS!AtaPortStallExecution] C25DC033
IAT \SystemRoot\System32\Drivers\a2oajm61.SYS[ataport.SYS!AtaPortWritePortUchar] 458B0008
IAT \SystemRoot\System32\Drivers\a2oajm61.SYS[ataport.SYS!AtaPortWritePortUlong] 6A006A08
IAT \SystemRoot\System32\Drivers\a2oajm61.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 50056A24
IAT \SystemRoot\System32\Drivers\a2oajm61.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 005AB7E8
IAT \SystemRoot\System32\Drivers\a2oajm61.SYS[ataport.SYS!AtaPortGetScatterGatherList] 0001B800
IAT \SystemRoot\System32\Drivers\a2oajm61.SYS[ataport.SYS!AtaPortGetParentBusType] C25D0000
IAT \SystemRoot\System32\Drivers\a2oajm61.SYS[ataport.SYS!AtaPortRequestCallback] CCCC0008
IAT \SystemRoot\System32\Drivers\a2oajm61.SYS[ataport.SYS!AtaPortWritePortBufferUshort] CCCCCCCC
IAT \SystemRoot\System32\Drivers\a2oajm61.SYS[ataport.SYS!AtaPortGetUnCachedExtension] CCCCCCCC
IAT \SystemRoot\System32\Drivers\a2oajm61.SYS[ataport.SYS!AtaPortCompleteRequest] CCCCCCCC
IAT \SystemRoot\System32\Drivers\a2oajm61.SYS[ataport.SYS!AtaPortCopyMemory] 53EC8B55
IAT \SystemRoot\System32\Drivers\a2oajm61.SYS[ataport.SYS!AtaPortEtwTraceLog] 800C5D8B
IAT \SystemRoot\System32\Drivers\a2oajm61.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 7500117B
IAT \SystemRoot\System32\Drivers\a2oajm61.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 127B806A
IAT \SystemRoot\System32\Drivers\a2oajm61.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 80647500
IAT \SystemRoot\System32\Drivers\a2oajm61.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 7500137B
IAT \SystemRoot\System32\Drivers\a2oajm61.SYS[ataport.SYS!AtaPortInitialize] 157B805E
IAT \SystemRoot\System32\Drivers\a2oajm61.SYS[ataport.SYS!AtaPortGetDeviceBase] 56587500
IAT \SystemRoot\System32\Drivers\a2oajm61.SYS[ataport.SYS!AtaPortDeviceStateChange] 8008758B

---- User IAT/EAT - GMER 1.0.15 ----

IAT D:\Windows\Explorer.exe[4088] @ D:\Windows\Explorer.exe [gdiplus.dll!GdipAlloc] [747A2494] D:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT D:\Windows\Explorer.exe[4088] @ D:\Windows\Explorer.exe [gdiplus.dll!GdiplusStartup] [74785624] D:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT D:\Windows\Explorer.exe[4088] @ D:\Windows\Explorer.exe [gdiplus.dll!GdiplusShutdown] [747856E2] D:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT D:\Windows\Explorer.exe[4088] @ D:\Windows\Explorer.exe [gdiplus.dll!GdipFree] [747A250F] D:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT D:\Windows\Explorer.exe[4088] @ D:\Windows\Explorer.exe [gdiplus.dll!GdipDeleteGraphics] [74798573] D:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT D:\Windows\Explorer.exe[4088] @ D:\Windows\Explorer.exe [gdiplus.dll!GdipDisposeImage] [74794D27] D:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT D:\Windows\Explorer.exe[4088] @ D:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageWidth] [747950CE] D:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT D:\Windows\Explorer.exe[4088] @ D:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageHeight] [747951A3] D:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT D:\Windows\Explorer.exe[4088] @ D:\Windows\Explorer.exe [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [747966D0] D:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT D:\Windows\Explorer.exe[4088] @ D:\Windows\Explorer.exe [gdiplus.dll!GdipCreateFromHDC] [747982CA] D:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT D:\Windows\Explorer.exe[4088] @ D:\Windows\Explorer.exe [gdiplus.dll!GdipSetCompositingMode] [74798819] D:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT D:\Windows\Explorer.exe[4088] @ D:\Windows\Explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [7479907A] D:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT D:\Windows\Explorer.exe[4088] @ D:\Windows\Explorer.exe [gdiplus.dll!GdipDrawImageRectI] [7479E21D] D:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT D:\Windows\Explorer.exe[4088] @ D:\Windows\Explorer.exe [gdiplus.dll!GdipCloneImage] [74794C59] D:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT D:\Program Files\QIP Infium\infium.exe[4372] @ D:\Windows\system32\user32.dll [KERNEL32.dll!CreateThread] [004518E4] D:\Program Files\QIP Infium\infium.exe (QIP Infium/QIP)
IAT D:\Program Files\QIP Infium\infium.exe[4372] @ D:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [004518E4] D:\Program Files\QIP Infium\infium.exe (QIP Infium/QIP)
IAT D:\Program Files\QIP Infium\infium.exe[4372] @ D:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!QueueUserWorkItem] [00451AE8] D:\Program Files\QIP Infium\infium.exe (QIP Infium/QIP)
IAT D:\Program Files\QIP Infium\infium.exe[4372] @ D:\Windows\system32\shell32.dll [KERNEL32.dll!QueueUserWorkItem] [00451AE8] D:\Program Files\QIP Infium\infium.exe (QIP Infium/QIP)
IAT D:\Program Files\QIP Infium\infium.exe[4372] @ D:\Windows\system32\wininet.dll [KERNEL32.dll!CreateThread] [004518E4] D:\Program Files\QIP Infium\infium.exe (QIP Infium/QIP)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 84E951F8
Device \FileSystem\fastfat \FatCdrom 86619500
Device \Driver\volmgr \Device\VolMgrControl 84E911F8
Device \Driver\usbuhci \Device\USBPDO-0 862BD1F8
Device \Driver\usbuhci \Device\USBPDO-1 862BD1F8
Device \Driver\usbuhci \Device\USBPDO-2 862BD1F8
Device \Driver\usbehci \Device\USBPDO-3 862774B0
Device \Driver\PCI_PNP4436 \Device\00000060 spjj.sys
Device \Driver\usbuhci \Device\USBPDO-4 862BD1F8
Device \Driver\usbuhci \Device\USBPDO-5 862BD1F8
Device \Driver\usbuhci \Device\USBPDO-6 862BD1F8
Device \Driver\volmgr \Device\HarddiskVolume1 84E911F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\usbehci \Device\USBPDO-7 862774B0
Device \Driver\ACPI_HAL \Device\00000058 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\volmgr \Device\HarddiskVolume2 84E911F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom0 860061F8
Device \Driver\volmgr \Device\HarddiskVolume3 84E911F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom1 860061F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 84E931F8
Device \Driver\atapi \Device\Ide\IdePort0 84E931F8
Device \Driver\atapi \Device\Ide\IdePort1 84E931F8
Device \Driver\atapi \Device\Ide\IdePort2 84E931F8
Device \Driver\atapi \Device\Ide\IdePort3 84E931F8
Device \Driver\atapi \Device\Ide\IdePort4 84E931F8
Device \Driver\atapi \Device\Ide\IdePort5 84E931F8
Device \Driver\atapi \Device\Ide\IdeDeviceP4T0L0-4 84E931F8
Device \Driver\atapi \Device\Ide\IdeDeviceP5T0L0-5 84E931F8
Device \Driver\volmgr \Device\HarddiskVolume4 84E911F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\volmgr \Device\HarddiskVolume5 84E911F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\NetBT \Device\NetBt_Wins_Export 862401F8
Device \Driver\USBSTOR \Device\00000083 8607A1F8
Device \Driver\USBSTOR \Device\00000086 8607A1F8
Device \Driver\sptd \Device\3806434437 spjj.sys
Device \Driver\usbuhci \Device\USBFDO-0 862BD1F8
Device \Driver\usbuhci \Device\USBFDO-1 862BD1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{DE775C82-D1AE-49AF-A404-C663E9EFCD88} 862401F8
Device \Driver\usbuhci \Device\USBFDO-2 862BD1F8
Device \Driver\usbehci \Device\USBFDO-3 862774B0
Device \Driver\usbuhci \Device\USBFDO-4 862BD1F8
Device \Driver\usbuhci \Device\USBFDO-5 862BD1F8
Device \Driver\usbuhci \Device\USBFDO-6 862BD1F8
Device \Driver\usbehci \Device\USBFDO-7 862774B0
Device \Driver\a2oajm61 \Device\Scsi\a2oajm611 8626F1F8
Device \Driver\a2oajm61 \Device\Scsi\a2oajm611Port6Path0Target0Lun0 8626F1F8
Device \FileSystem\fastfat \Fat 86619500

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x1F 0xCB 0x2B 0xCB ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x67 0xEA 0x04 0xFC ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xB0 0xDF 0xE5 0x7F ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x1F 0xCB 0x2B 0xCB ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x67 0xEA 0x04 0xFC ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xB0 0xDF 0xE5 0x7F ...
Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers@AliveServerCount 3
Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\D53A8CA8-CBDB-4C84-BECD-617C85134660@Alive 1

---- EOF - GMER 1.0.15 ----

k tomu MBR snad to je tohle, protože při příkazu do sputit to hlásilo chybu o nenalezení adresáře:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

[bledulka]

Odinstaloval jsi ty virtuální jednotky?

[Lunaris]

áno ... ale ješt nerestartoval, nevadí?....(prosím, řekni že ne )

[bledulka]

Vadí, protože se změna neprojevila
Takže musíš vše znovu