prosím o kontrolu logu, vopred ďakujem

[Lilinka]

No takže, stiahla som na plochu, spustila a dostala som sa presne po tých 50 completed stage. Hneď ako dopísalo ten posledný 50ty, tak sa vypol PC, naskočila modrá obrazovka, jedine som zachytila prvé slovo, ktoré bolo PROBLEM no a potom mi naskočila čierna obrazovka tam start windows normally a zapol sa mi. No na C: zase nemám ten log

[Lilinka]

a ešte som sa zabudla spýtať mám C:\WINDOWS\system32\KB905474\wgasetup.exe zmazať? keď tam píše cez VT: eSafe 7.0.17.0 2010.02.23 Win32.TrojanHorse

[franticek]

Nemazat, určitě falešná detekce.Je to součást Windows Genuine Advantage - ověření legálnosti systému.

1. Zkus tedy ještě zazipovat obsah c:\windows\minidump a přiložit zde.
2. Zkus stáhnout z podpisu RootRepeal > jdi na záložku report > zmáčkni scan > zaškrkni všechny moduly, které ti to nabídne a všechny pevné disky. Log dej zde, bude to nějakou dobu trvat.

[Lilinka]

Tu je ten súbor, idem na to druhé.
Moc ďakujem

[Lilinka]

a tu je ten RootRepeal

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/02/24 12:06
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xAA8F6000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7B20000 Size: 8192 File Visible: No Signed: -
Status: -

Name: PCI_PNP8724
Image Path: \Driver\PCI_PNP8724
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA74D9000 Size: 49152 File Visible: No Signed: -
Status: -

Name: spcx.sys
Image Path: spcx.sys
Address: 0xF7390000 Size: 1052672 File Visible: No Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: c:\documents and settings\e\application data\skype\elinusenka\etilqs_pqy0cbxbfrd5fyepqh8i
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\documents and settings\e\application data\skype\elinusenka\etilqs_wmmyqnnsvnt5ora1gvil
Status: Allocation size mismatch (API: 32768, Raw: 0)

Path: c:\documents and settings\e\application data\mozilla\firefox\profiles\uhdpehis.default\sessionstore.js
Status: Size mismatch (API: 105079, Raw: 103069)

Path: C:\Documents and Settings\E\Local Settings\Application Data\Mozilla\Firefox\Profiles\uhdpehis.default\Cache\6BB2526Dd01
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\E\Local Settings\Application Data\Mozilla\Firefox\Profiles\uhdpehis.default\Cache\IH820.tmp
Status: Locked to the Windows API!

Path: C:\Documents and Settings\E\Local Settings\Application Data\Mozilla\Firefox\Profiles\uhdpehis.default\Cache\25DFBD55d01
Status: Could not get file information (Error 0xc0000008)

Path: c:\documents and settings\e\local settings\application data\mozilla\firefox\profiles\uhdpehis.default\cache\_cache_001_
Status: Size mismatch (API: 1010008, Raw: 984412)

Path: c:\documents and settings\e\local settings\application data\mozilla\firefox\profiles\uhdpehis.default\cache\_cache_002_
Status: Size mismatch (API: 1682876, Raw: 1649286)

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "spcx.sys" at address 0xf73910e0

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "spcx.sys" at address 0xf73afca4

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "spcx.sys" at address 0xf73b0032

#: 119 Function Name: NtOpenKey
Status: Hooked by "spcx.sys" at address 0xf73910c0

#: 160 Function Name: NtQueryKey
Status: Hooked by "spcx.sys" at address 0xf73b010a

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "spcx.sys" at address 0xf73aff8a

#: 247 Function Name: NtSetValueKey
Status: Hooked by "spcx.sys" at address 0xf73b019c

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x831dd1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x831dd1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x831dd1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x831dd1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x831dd1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x831dd1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x831dd1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x831dd1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x831dd1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x831dd1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x831dd1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x831dd1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x831dd1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x831dd1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x831dd1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x831dd1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x831dd1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x831dd1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x831dd1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x831dd1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x831dd1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x831dd1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]
Process: System Address: 0x831de1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]
Process: System Address: 0x831de1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x831de1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x831de1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]
Process: System Address: 0x831de1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x831de1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]
Process: System Address: 0x831de1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x82f701f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x82f701f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x82f701f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x82f701f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x82f701f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x82f701f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x82f701f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x82f701f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x82f701f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x82f701f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x82f701f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE]
Process: System Address: 0x831721f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE]
Process: System Address: 0x831721f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_READ]
Process: System Address: 0x831721f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE]
Process: System Address: 0x831721f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x831721f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x831721f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x831721f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN]
Process: System Address: 0x831721f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_POWER]
Process: System Address: 0x831721f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x831721f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_PNP]
Process: System Address: 0x831721f8 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_CREATE]
Process: System Address: 0x82f5b500 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_CLOSE]
Process: System Address: 0x82f5b500 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x82f5b500 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x82f5b500 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_POWER]
Process: System Address: 0x82f5b500 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x82f5b500 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_PNP]
Process: System Address: 0x82f5b500 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x831df1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x831df1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x831df1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x831df1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x831df1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x831df1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x831df1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x831df1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x831df1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x831df1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x831df1f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x82bc31f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x82bc31f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x82bc31f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x82bc31f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x82bc31f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x82bc31f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x82f6b1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x82f6b1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x82f6b1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x82f6b1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x82f6b1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x82f6b1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x82f6b1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x829c91f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x829c91f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x829c91f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x829c91f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x829c91f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x829c91f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x829c91f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x829c91f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x829c91f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x829c91f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x829c91f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x829c91f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x829c91f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x829c91f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x829c91f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x829c91f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x829c91f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x829c91f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x829c91f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x829c91f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x829c91f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x829c91f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x829c91f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x829c91f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x829c91f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x829c91f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x829c91f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x829c91f8 Size: 121

Object: Hidden Code [Driver: CdfsЅఊ灐敲, IRP_MJ_CREATE]
Process: System Address: 0x8302e500 Size: 121

Object: Hidden Code [Driver: CdfsЅఊ灐敲, IRP_MJ_CLOSE]
Process: System Address: 0x8302e500 Size: 121

Object: Hidden Code [Driver: CdfsЅఊ灐敲, IRP_MJ_READ]
Process: System Address: 0x8302e500 Size: 121

Object: Hidden Code [Driver: CdfsЅఊ灐敲, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8302e500 Size: 121

Object: Hidden Code [Driver: CdfsЅఊ灐敲, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8302e500 Size: 121

Object: Hidden Code [Driver: CdfsЅఊ灐敲, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8302e500 Size: 121

Object: Hidden Code [Driver: CdfsЅఊ灐敲, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8302e500 Size: 121

Object: Hidden Code [Driver: CdfsЅఊ灐敲, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8302e500 Size: 121

Object: Hidden Code [Driver: CdfsЅఊ灐敲, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8302e500 Size: 121

Object: Hidden Code [Driver: CdfsЅఊ灐敲, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8302e500 Size: 121

Object: Hidden Code [Driver: CdfsЅఊ灐敲, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8302e500 Size: 121

Object: Hidden Code [Driver: CdfsЅఊ灐敲, IRP_MJ_CLEANUP]
Process: System Address: 0x8302e500 Size: 121

Object: Hidden Code [Driver: CdfsЅఊ灐敲, IRP_MJ_PNP]
Process: System Address: 0x8302e500 Size: 121

==EOF==

[franticek]

1. zkus najít tento soubor a postnout jej: C:\Qoobox\ComboFix-quarantined-files.txt
2. ověř na VT tyto soubory:
C:\WINDOWS\System32\Drivers\dump_atapi.sys
C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
C:\WINDOWS\System32\Drivers\spcx.sys - pokud tam není, zkus jej vyhledat

3. stáhni mbr.exe, ulož jej kořen na c:\, spusť příkazový řádek (lze i příkazem CMD) a napiš

Kód: Vybrat vše

c:\mbr.exe -t

a dej enter

[Lilinka]

Radšej som odznova robila aj ten combofix, lebo to Qoobox som zmazala takže tu je to čo mi ukázalo



Na VTmi nejde skontrolovať ani jeden súbor, píše že sa nenašiel.


no a ten mbr:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x831DE1F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x831de1f8
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !

[franticek]

1. Odpoj připojené image od virtuálních cd mechanik - Daemon tools, ALcohol atd. a poté tyto programy odinstaluj.
2. Stáhni si SPTD dle verze svého systému, spusť > volba uninstall > poté restart
3. Znovu udělej log z mbr
4. Mimochodem windows je legální nebo ne?
5. Zkus gmer či combofix. Nepujde-li, zkus je v nouzovém režimu.

[Lilinka]

1. Ja alcohol a ani deamon tools nemám, či? Kedysi som mala ale už som to dávala preč.
2. vykonané
3. log z mbr:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK




4. mala som zakúpený originál windows vista, ale hrozne hneval, tak som preinštalovala na neoriginál XP

5. konečne som spustila ten gmer v nudzovom režime ale, skontroloval mi PC, len ten log neviem kde mám aaach jo

[franticek]

1. Můžeš nyní zkusit, jestli ti pojede ten combofix či gmer.
2. Bohužel toto forum se nezabývá nelegálním softwarem, takže naše spolupráce tímto končí.
3. Počítač vypadá ok, ale jelikož tam něco bylo, je doporučeno změnit si hesla.

[Lilinka]

ok, ďakujem krásne za pomoc

[franticek]

Není zač, ještě pár detailů:

1. Odinstalování ComboFixU.
Dejte start --> spustit a napište combofix /u a stiskněte Enter.

2. Vyčištění zbytku pomocných souborů:
Pak si stáhněte T-Cleaner a spusťte.

[Lilinka]

Ešte raz chcem moc poďakovať za ochotu a strávený čas. Moc ďakujem

[franticek]

Není zač.