Prosím o radu... Trojan v 1 fyzickém disku...

Zpráva

jirka12345 · #1 Příspěvek od **jirka12345** » 15 dub 2010 16:26

Zdarvím.

Chtěl jsem poprosit o radu jak ho mám odstranit... Podle návodů které jsou zde na fóru jsem se o to snažil ale bez úspěchu. Děkuji moc Jirka

#2 Příspěvek od **Roli** » 15 dub 2010 20:12

Zdravím, co takhle začít tím že sem dáš log z Rsit, protože z křišťálové koule věštit neumím.

jirka12345 · #3 Příspěvek od **jirka12345** » 16 dub 2010 19:46

Logfile of random's system information tool 1.06 (written by random/random)
Run by admin at 2010-04-16 20:43:59
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 16 GB (54%) free of 30 GB
Total RAM: 511 MB (15% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:44:51, on 16.4.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\TuneUp Utilities 2010\OneClick.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
C:\Documents and Settings\admin\Plocha\RSIT.exe
C:\Program Files\trend micro\admin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [4shared Update] "C:\Program Files\4shared Desktop\checkUpdate.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [4shared Desktop] "C:\Program Files\4shared Desktop\desktop.exe" "startup"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" -s
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: &Download All using 4shared Desktop - C:\Program Files\4shared Desktop\down_all.htm
O8 - Extra context menu item: &Download using 4shared Desktop - C:\Program Files\4shared Desktop\down_link.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall Pro\ie_bar.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O13 - Gopher Prefix:
O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 6256 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Automatic troubleshooting.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-09 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-03-09 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2008-03-13 1443072]
"OutpostMonitor"=C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe [2009-06-09 1227080]
"4shared Update"=C:\Program Files\4shared Desktop\checkUpdate.exe [2010-03-22 603136]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"4shared Desktop"=C:\Program Files\4shared Desktop\desktop.exe [2010-03-26 3292672]
"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2009-11-13 247144]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2008-12-03 1205760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="c:\progra~1\agnitum\outpos~1\wl_hook.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-06-28 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-05-05 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2009-05-05 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"ForceClassicControlPanel"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-04-16 20:44:10 ----D---- C:\Program Files\trend micro
2010-04-16 20:43:59 ----D---- C:\rsit
2010-04-14 16:54:41 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-04-14 16:54:27 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-04-14 16:51:42 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-04-14 16:51:33 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-04-14 16:51:22 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-04-14 16:51:04 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-04-11 19:50:33 ----D---- C:\Documents and Settings\admin\Data aplikací\Facebook
2010-04-10 10:51:44 ----D---- C:\WINDOWS\system32\LogFiles
2010-04-10 10:51:36 ----HDC---- C:\WINDOWS\$NtUninstallWudf01005$
2010-04-10 10:49:23 ----N---- C:\WINDOWS\system32\spmsgXP_2k3.dll
2010-04-10 10:49:20 ----HDC---- C:\WINDOWS\$NtUninstallWdf01007$
2010-04-10 10:43:49 ----D---- C:\Documents and Settings\admin\Data aplikací\PC Suite
2010-04-10 10:43:47 ----D---- C:\Documents and Settings\admin\Data aplikací\Nokia
2010-04-10 10:43:44 ----D---- C:\Documents and Settings\All Users\Data aplikací\PC Suite
2010-04-10 10:42:30 ----D---- C:\Program Files\Common Files\PCSuite
2010-04-10 10:42:10 ----D---- C:\Program Files\Common Files\Nokia
2010-04-10 10:41:42 ----D---- C:\Program Files\DIFX
2010-04-10 10:40:49 ----D---- C:\Program Files\PC Connectivity Solution
2010-04-10 10:40:21 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-04-10 10:40:21 ----A---- C:\WINDOWS\system32\wdfcoinstaller01007.dll
2010-04-10 10:40:21 ----A---- C:\WINDOWS\system32\nmwcdcocls.dll
2010-04-10 10:40:17 ----A---- C:\WINDOWS\system32\nmwcdcls.dll
2010-04-10 10:40:12 ----D---- C:\Program Files\Nokia
2010-04-10 10:37:25 ----D---- C:\Documents and Settings\All Users\Data aplikací\Installations
2010-04-07 00:59:24 ----HD---- C:\WINDOWS\PIF
2010-04-06 22:47:55 ----D---- C:\Documents and Settings\admin\Data aplikací\TomTom
2010-04-06 22:47:39 ----D---- C:\Program Files\TomTom International B.V
2010-04-06 22:46:54 ----D---- C:\Program Files\TomTom HOME 2
2010-04-05 20:31:32 ----D---- C:\Documents and Settings\admin\Data aplikací\4shared Desktop
2010-04-05 20:31:29 ----D---- C:\Program Files\4shared Desktop
2010-03-30 21:21:05 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sun
2010-03-30 21:21:02 ----D---- C:\Program Files\Common Files\Java
2010-03-30 21:20:30 ----A---- C:\WINDOWS\system32\javaws.exe
2010-03-30 21:20:29 ----A---- C:\WINDOWS\system32\javaw.exe
2010-03-30 21:20:29 ----A---- C:\WINDOWS\system32\java.exe
2010-03-30 16:06:00 ----N---- C:\WINDOWS\system32\browserchoice.exe
2010-03-30 09:47:31 ----D---- C:\Program Files\Adobe
2010-03-30 09:40:00 ----D---- C:\Documents and Settings\admin\Data aplikací\Thinstall
2010-03-30 09:39:09 ----D---- C:\Program Files\CBS Software
2010-03-28 14:39:38 ----D---- C:\Program Files\Defraggler
2010-03-26 19:16:13 ----D---- C:\Documents and Settings\admin\Data aplikací\Symantec

======List of files/folders modified in the last 1 months======

2010-04-16 20:44:10 ----RD---- C:\Program Files
2010-04-16 20:33:38 ----D---- C:\WINDOWS\Temp
2010-04-16 19:36:03 ----D---- C:\WINDOWS\system32\Filt
2010-04-15 21:20:50 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-15 18:00:01 ----D---- C:\WINDOWS\Prefetch
2010-04-15 17:30:14 ----D---- C:\WINDOWS\system32
2010-04-15 17:30:13 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-04-15 07:23:07 ----D---- C:\WINDOWS
2010-04-14 16:54:45 ----D---- C:\WINDOWS\system32\dllcache
2010-04-14 16:54:41 ----HD---- C:\WINDOWS\inf
2010-04-14 16:54:40 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-14 16:54:38 ----HD---- C:\WINDOWS\$hf_mig$
2010-04-14 16:54:30 ----D---- C:\WINDOWS\system32\drivers
2010-04-12 10:26:33 ----A---- C:\WINDOWS\wincmd.ini
2010-04-10 10:52:07 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-04-10 10:43:29 ----SHD---- C:\WINDOWS\Installer
2010-04-10 10:42:30 ----D---- C:\Program Files\Common Files
2010-04-06 19:52:54 ----A---- C:\WINDOWS\system32\MRT.exe
2010-04-06 18:10:23 ----D---- C:\Program Files\Mozilla Firefox
2010-04-05 19:39:59 ----A---- C:\WINDOWS\NeroDigital.ini
2010-04-01 11:07:54 ----D---- C:\Documents and Settings\admin\Data aplikací\Winamp
2010-04-01 11:07:25 ----D---- C:\Program Files\Winamp
2010-03-31 14:01:47 ----D---- C:\Program Files\Internet Explorer
2010-03-31 11:30:45 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2010-03-30 21:20:17 ----D---- C:\Program Files\Java
2010-03-30 09:47:57 ----D---- C:\Program Files\Common Files\Adobe
2010-03-18 23:13:55 ----SD---- C:\Documents and Settings\admin\Data aplikací\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2009-05-05 41600]
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-03-13 29704]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-03-13 33800]
R1 SandBox;SandBox; \??\C:\WINDOWS\system32\drivers\SandBox.sys []
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-03-13 40456]
R3 afw;Agnitum firewall driver; C:\WINDOWS\system32\DRIVERS\afw.sys [2009-02-18 31128]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-06-28 3565568]
R3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-17 283904]
R3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-17 6912]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2009-05-05 12160]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2009-04-29 117120]
R3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-17 36480]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys []
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S2 ATE_PROCMON;ATE_PROCMON; \??\C:\Program Files\Anti Trojan Elite\ATEPMon.sys []
S3 ASWFilt;ASWFilt; \??\C:\WINDOWS\system32\Filt\ASWFilt.dll []
S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\C:\Program Files\Everest\kerneld.wnt []
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-09-15 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-09-15 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-09-15 8064]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-09-15 8064]
S3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 acssrv;Agnitum Client Security Service; C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe [2009-06-08 1268040]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-06-28 602112]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-03-13 472320]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-03-09 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-02-02 1043784]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544]
R3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [2010-03-04 435016]
S2 NOD32FiXTemDono;Eset Nod32 Boot; C:\WINDOWS\system32\regedt32.exe [2001-10-25 3584]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-03-13 19200]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-12-13 447784]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

jirka12345 · #4 Příspěvek od **jirka12345** » 16 dub 2010 19:47

Děkuji Jirka... jen mi prosím piš co ti mám poslat a co dělat. Jsi hodnej

#5 Příspěvek od **Roli** » 16 dub 2010 20:50

Tohle fixni v HJT :

O4 - HKLM\..\Run: [4shared Update] "C:\Program Files\4shared Desktop\checkUpdate.exe"
O4 - HKCU\..\Run: [4shared Desktop] "C:\Program Files\4shared Desktop\desktop.exe" "startup"
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

HJT najdeš zde :

C:\Program Files\trend micro\admin.exe

Fix znamená že spustíš HJT Obrázek

v okně které se ti otevře klikneš na Do a system scan only

v dalším okně najdeš řádky které jsem ti vypsal,

vedle nich je čtvereček do kterého uděláš zatržítko,

pak klikneš na Fix checked které je vlevo dole,

program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.

Přes Start >> Spustit >> napiš - services.msc >> OK. Najdi službu :

NMIndexingService

klikni na ni pravým myšítkem, zvol vlastnosti, na další kartě nejprve službu zastav tlačítkem Zastavit a u položky Typ spouštění zvol Zakázáno.

Nakonec použij Mbam z mého podpisu.

jirka12345 · #6 Příspěvek od **jirka12345** » 17 dub 2010 19:06

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Verze databáze: 4002

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

17.4.2010 20:05:55
mbam-log-2010-04-17 (20-05-55).txt

Typ skenu: Rychlý sken
Skenované objekty: 101999
Uplynulý čas: 6 minuta(y), 7 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 1
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\forceclassiccontrolpanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

#7 Příspěvek od **Roli** » 17 dub 2010 20:40

Stáhni Gmer rozbal archiv a spusť

proběhne sken kdy po jeho ukončení na tebe vypadne výsledek

poté klikni na Save tím se log uloží, zkopíruj ho sem.

Pokud není něco jasné je ZDE návod.

jirka12345 · #8 Příspěvek od **jirka12345** » 18 dub 2010 22:01

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-04-18 22:59:56
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\admin\LOCALS~1\Temp\axtdapog.sys

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 61: malicious code @ sector 0x12a18ac1 size 0x1ac

---- System - GMER 1.0.15 ----

SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryDirectoryFile [0xAA65B8A0]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys

---- EOF - GMER 1.0.15 ----

jirka12345 · #9 Příspěvek od **jirka12345** » 19 dub 2010 09:33

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-19 07:52:00
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\admin\LOCALS~1\Temp\axtdapog.sys

---- System - GMER 1.0.15 ----

SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwAssignProcessToJobObject [0xAA675A60]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwClose [0xAA65ABF0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwConnectPort [0xAA677920]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateFile [0xAA656F60]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateKey [0xAA662090]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateProcess [0xAA66E2B0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateProcessEx [0xAA66EBB0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateSection [0xAA655D10]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateSymbolicLinkObject [0xAA661E40]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateThread [0xAA66CD70]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDebugActiveProcess [0xAA67AF30]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDeleteFile [0xAA660B20]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDeleteKey [0xAA663900]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDeleteValueKey [0xAA66A3A0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwLoadDriver [0xAA66BBB0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwMakeTemporaryObject [0xAA6616B0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenFile [0xAA659C10]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenKey [0xAA662FC0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenProcess [0xAA670CA0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenSection [0xAA656580]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenThread [0xAA670060]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwProtectVirtualMemory [0xAA676DA0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryDirectoryFile [0xAA65B8A0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryKey [0xAA665750]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryValueKey [0xAA665FA0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueueApcThread [0xAA674ED0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRenameKey [0xAA669590]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwReplaceKey [0xAA667500]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRequestPort [0xAA679A50]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRequestWaitReplyPort [0xAA679D70]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRestoreKey [0xAA668D20]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSaveKey [0xAA667C80]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSaveKeyEx [0xAA6684D0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSecureConnectPort [0xAA678480]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetContextThread [0xAA674440]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetInformationDebugObject [0xAA67B520]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetInformationFile [0xAA65CBF0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetSystemInformation [0xAA66B1C0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetValueKey [0xAA666820]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSuspendProcess [0xAA673190]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSuspendThread [0xAA673AC0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSystemDebugControl [0xAA67A770]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwTerminateProcess [0xAA671790]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwTerminateThread [0xAA672620]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwUnloadDriver [0xAA66C530]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwWriteVirtualMemory [0xAA6762B0]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 440 804E2AAC 12 Bytes [90, 31, 67, AA, C0, 3A, 67, ...] {NOP ; XOR [EDI-0x56], ESP; SAR BYTE [EDX], 0x67; STOSB ; JO 0xffffffffffffffb1; STOS BYTE [DI]}
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF7F4C000, 0x1C5D58, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe[340] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 1009B1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe[340] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 1009B174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe[340] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 1009B1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe[340] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 1009B224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\Ati2evxx.exe[356] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 1009B1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\Ati2evxx.exe[356] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 1009B174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\Ati2evxx.exe[356] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 1009B1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\Ati2evxx.exe[356] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 1009B224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[460] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 1009B1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[460] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 1009B174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[460] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 1009B1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[460] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 1009B224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\Explorer.EXE[696] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 1009B1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\Explorer.EXE[696] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 1009B174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\Explorer.EXE[696] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 1009B1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\Explorer.EXE[696] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 1009B224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\spoolsv.exe[1084] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 1009B1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\spoolsv.exe[1084] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 1009B174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\spoolsv.exe[1084] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 1009B1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\spoolsv.exe[1084] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 1009B224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe[1220] kernel32.dll!SetUnhandledExceptionFilter 7C844935 5 Bytes JMP 00532B64 C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe (Agnitum Outpost Service/Agnitum Ltd.)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[1244] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 005A3D04 C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe (Outpost User Interface/Agnitum Ltd.)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[1244] kernel32.dll!LoadResource 7C80A055 5 Bytes JMP 005A39E0 C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe (Outpost User Interface/Agnitum Ltd.)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[1244] kernel32.dll!SetUnhandledExceptionFilter 7C844935 5 Bytes JMP 005A3C80 C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe (Outpost User Interface/Agnitum Ltd.)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[1244] user32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 005A3CD8 C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe (Outpost User Interface/Agnitum Ltd.)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[1244] user32.dll!EnableWindow 7E379849 5 Bytes JMP 0172A44C C:\PROGRA~1\Agnitum\OUTPOS~1\op_cmn.dll (Outpost Common Controls Library/Agnitum Ltd.)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[1244] user32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 005A3CAC C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe (Outpost User Interface/Agnitum Ltd.)
.text C:\WINDOWS\system32\ctfmon.exe[1388] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 1009B1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\ctfmon.exe[1388] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 1009B174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\ctfmon.exe[1388] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 1009B1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\ctfmon.exe[1388] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 1009B224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1408] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 1009B1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1408] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 1009B174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1408] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 1009B1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1408] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 1009B224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1412] kernel32.dll!SetUnhandledExceptionFilter 7C844935 4 Bytes [C2, 04, 00, 00]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1436] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 1009B1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1436] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 1009B174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1436] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 1009B1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1436] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 1009B224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[1480] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 1009B1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[1480] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 1009B174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[1480] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 1009B1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[1480] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 1009B224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1528] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 1009B1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1528] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 1009B174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1528] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 1009B1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1528] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 1009B224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\winlogon.exe[1564] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 1009B1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\winlogon.exe[1564] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 1009B174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\winlogon.exe[1564] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 1009B1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\winlogon.exe[1564] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 1009B224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\services.exe[1656] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 1009B1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\services.exe[1656] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 1009B174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\services.exe[1656] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 1009B1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\services.exe[1656] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 1009B224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\Ati2evxx.exe[1856] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 1009B1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\Ati2evxx.exe[1856] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 1009B174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\Ati2evxx.exe[1856] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 1009B1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\Ati2evxx.exe[1856] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 1009B224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Documents and Settings\admin\Plocha\gmer.exe[2324] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 1009B1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Documents and Settings\admin\Plocha\gmer.exe[2324] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 1009B174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Documents and Settings\admin\Plocha\gmer.exe[2324] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 1009B1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Documents and Settings\admin\Plocha\gmer.exe[2324] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 1009B224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Winamp\winamp.exe[2632] USER32.dll!SetScrollInfo 7E369056 7 Bytes JMP 0203C703 C:\Program Files\Winamp\Plugins\gen_jumpex.dll
.text C:\Program Files\Winamp\winamp.exe[2632] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 1009B1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Winamp\winamp.exe[2632] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 1009B174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Winamp\winamp.exe[2632] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 1009B1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Winamp\winamp.exe[2632] USER32.dll!GetScrollInfo 7E37DFE2 7 Bytes JMP 0203C68B C:\Program Files\Winamp\Plugins\gen_jumpex.dll
.text C:\Program Files\Winamp\winamp.exe[2632] USER32.dll!ShowScrollBar 7E37F2F2 5 Bytes JMP 0203C787 C:\Program Files\Winamp\Plugins\gen_jumpex.dll
.text C:\Program Files\Winamp\winamp.exe[2632] USER32.dll!GetScrollPos 7E37F704 5 Bytes JMP 0203C6B3 C:\Program Files\Winamp\Plugins\gen_jumpex.dll
.text C:\Program Files\Winamp\winamp.exe[2632] USER32.dll!SetScrollPos 7E37F750 5 Bytes JMP 0203C72E C:\Program Files\Winamp\Plugins\gen_jumpex.dll
.text C:\Program Files\Winamp\winamp.exe[2632] USER32.dll!GetScrollRange 7E37F787 5 Bytes JMP 0203C6D8 C:\Program Files\Winamp\Plugins\gen_jumpex.dll
.text C:\Program Files\Winamp\winamp.exe[2632] USER32.dll!SetScrollRange 7E37F99B 5 Bytes JMP 0203C759 C:\Program Files\Winamp\Plugins\gen_jumpex.dll
.text C:\Program Files\Winamp\winamp.exe[2632] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 1009B224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Winamp\winamp.exe[2632] USER32.dll!EnableScrollBar 7E3B8005 7 Bytes JMP 0203C663 C:\Program Files\Winamp\Plugins\gen_jumpex.dll
.text C:\WINDOWS\system32\devldr32.exe[2736] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 1009B1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\devldr32.exe[2736] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 1009B174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\devldr32.exe[2736] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 1009B1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\devldr32.exe[2736] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 1009B224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2824] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 00A1B1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2824] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 00A1B174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2824] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 00A1B1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2824] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 00A1B224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3328] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 1009B1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3328] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 1009B174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3328] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 1009B1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3328] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 1009B224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3416] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 1009B1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3416] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 1009B174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3416] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 1009B1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3416] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 1009B224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3560] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3560] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 00E7B1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3560] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 00E7B174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3560] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 00E7B1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3560] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 00E7B224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtSetInformationFile] [AA66B190] \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateFile] [AA658130] \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys
AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 61: malicious code @ sector 0x12a18ac1 size 0x1ac

---- EOF - GMER 1.0.15 ----

#10 Příspěvek od **motji** » 19 dub 2010 10:20

Hezké poledne

Než přijde kolega, tak sem s dovolením vlezu

.

Máte jen jeden disk v počítači?

stáhněte MBR
http://www2.gmer.net/mbr/mbr.exe
-uložte ho na plochu a spusťte
-vytvoří se log s názvem mbr.log, vložte ho zde

jirka12345 · #11 Příspěvek od **jirka12345** » 19 dub 2010 15:52

Taky zdravím

Mám 2 disky....

#12 Příspěvek od **motji** » 19 dub 2010 20:34

Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-

souhlaste s instalací konzole pro zotavení

- ComboFix je třeba spustit pod účtem s právy administrátora

- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary

- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna

- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah sem

Ještě poprosím o ten log z Mbr.exe

., ale až po combofixu

jirka12345 · #13 Příspěvek od **jirka12345** » 20 dub 2010 07:53

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
malicious code @ sector 0x12a18ac1 size 0x1ac !
PE file found in sector at 0x012A18AC1 !

#14 Příspěvek od **motji** » 20 dub 2010 08:07

Spustte combofix a jdeme na to

jirka12345 · #15 Příspěvek od **jirka12345** » 20 dub 2010 08:10

Já teĎ musím odběhnout ale ten log už mám

ComboFix 10-04-19.04 - admin 20.04.2010 8:59.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.511.123 [GMT 2:00]
Spuštěný z: c:\documents and settings\admin\Plocha\ComboFix.exe
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((( Soubory vytvořené od 2010-03-20 do 2010-04-20 )))))))))))))))))))))))))))))))
.

2010-04-20 07:06 . 2010-04-20 07:06 -------- d-----w- c:\windows\system32\wbem\snmp
2010-04-20 07:06 . 2010-04-20 07:06 -------- d-----w- c:\windows\system32\xircom
2010-04-20 07:06 . 2010-04-20 07:06 -------- d-----w- c:\windows\system32\oobe
2010-04-20 07:06 . 2010-04-20 07:06 -------- d-----w- c:\windows\srchasst
2010-04-20 07:06 . 2010-04-20 07:06 -------- d-----w- c:\windows\msagent
2010-04-20 07:06 . 2010-04-20 07:06 -------- d-----w- c:\program files\microsoft frontpage
2010-04-17 17:57 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-17 17:57 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-17 17:57 . 2010-04-17 17:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-16 18:44 . 2010-04-17 17:52 -------- d-----w- c:\program files\trend micro
2010-04-16 18:43 . 2010-04-16 18:44 -------- d-----w- C:\rsit
2010-04-14 12:32 . 2010-03-10 06:17 420352 ------w- c:\windows\system32\dllcache\vbscript.dll
2010-04-10 14:33 . 2010-04-10 14:33 10 ----a-w- c:\windows\popcinfo.dat
2010-04-10 08:51 . 2010-04-10 08:51 -------- d-----w- c:\windows\system32\LogFiles
2010-04-10 08:49 . 2008-04-13 20:15 26112 ----a-w- c:\windows\system32\drivers\usbser.sys
2010-04-10 08:49 . 2008-03-21 11:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-04-10 08:42 . 2010-04-10 08:42 -------- d-----w- c:\program files\Common Files\PCSuite
2010-04-06 22:59 . 2010-04-06 22:59 -------- d--h--w- c:\windows\PIF
2010-04-06 20:47 . 2010-04-06 20:47 -------- d-----w- c:\program files\TomTom International B.V
2010-04-06 20:46 . 2010-04-06 20:47 -------- d-----w- c:\program files\TomTom HOME 2
2010-04-05 18:31 . 2010-04-05 18:31 -------- d-----w- c:\program files\4shared Desktop
2010-04-01 08:53 . 2010-04-01 08:53 -------- d-sh--w- c:\documents and settings\admin\PrivacIE
2010-03-31 09:56 . 2010-02-25 06:12 611840 ------w- c:\windows\system32\dllcache\mstime.dll
2010-03-30 19:21 . 2010-03-30 19:21 -------- d-----w- c:\program files\Common Files\Java
2010-03-30 14:06 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-03-30 07:39 . 2010-03-30 07:39 -------- d-----w- c:\program files\CBS Software
2010-03-28 12:39 . 2010-03-28 12:39 -------- d-----w- c:\program files\Defraggler

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-16 19:53 . 2010-03-04 10:17 -------- d-----w- c:\program files\CCleaner
2010-04-15 15:30 . 2001-10-25 12:00 82440 ----a-w- c:\windows\system32\perfc005.dat
2010-04-15 15:30 . 2001-10-25 12:00 437056 ----a-w- c:\windows\system32\perfh005.dat
2010-04-10 08:49 . 2010-04-10 08:49 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2010-04-10 08:49 . 2010-04-10 08:49 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-04-10 08:42 . 2010-04-10 08:42 -------- d-----w- c:\program files\Common Files\Nokia
2010-04-10 08:42 . 2010-04-10 08:40 -------- d-----w- c:\program files\Nokia
2010-04-10 08:41 . 2010-04-10 08:41 -------- d-----w- c:\program files\DIFX
2010-04-10 08:40 . 2010-04-10 08:40 -------- d-----w- c:\program files\PC Connectivity Solution
2010-04-01 09:07 . 2010-03-04 11:15 -------- d-----w- c:\program files\Winamp
2010-03-30 19:20 . 2010-03-04 10:23 -------- d-----w- c:\program files\Java
2010-03-30 07:47 . 2010-03-04 10:24 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-10 15:29 . 2010-03-09 20:24 -------- d-----w- c:\program files\Anti Trojan Elite
2010-03-10 06:17 . 2009-06-04 00:30 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 02:28 . 2010-03-04 10:23 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-06 13:32 . 2010-03-04 10:33 -------- d-----w- c:\program files\totalcmd
2010-03-05 11:58 . 2010-03-04 10:00 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-03-05 11:58 . 2010-03-04 10:00 2426 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-03-05 11:57 . 2010-03-04 10:00 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-03-04 11:39 . 2010-03-04 11:36 -------- d-----w- c:\program files\Common Files\Nero
2010-03-04 11:36 . 2010-03-04 11:36 -------- d-----w- c:\program files\Nero
2010-03-04 11:25 . 2010-03-04 10:34 -------- d-----w- c:\program files\nLite
2010-03-04 11:22 . 2010-03-04 11:21 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-03-04 11:19 . 2010-03-04 11:19 0 ----a-w- c:\windows\nsreg.dat
2010-03-04 11:13 . 2010-03-04 11:13 -------- d-----w- c:\program files\VertrigoServ
2010-03-04 10:50 . 2010-03-04 10:50 -------- d-----w- c:\program files\Agnitum
2010-03-04 10:48 . 2010-03-04 10:48 -------- d-----w- c:\program files\MSECache
2010-03-04 10:44 . 2010-03-04 10:44 -------- d-----w- c:\program files\Microsoft Works
2010-03-04 10:43 . 2010-03-04 10:43 -------- d-----w- c:\program files\Microsoft.NET
2010-03-04 10:41 . 2010-03-04 10:41 -------- d-----w- c:\program files\ESET
2010-03-04 10:35 . 2010-03-04 10:35 0 ----a-w- c:\windows\ativpsrm.bin
2010-03-04 10:33 . 2010-03-04 10:33 -------- d-----w- c:\program files\AV-Kodeky
2010-03-04 10:21 . 2010-03-04 10:21 -------- d-----w- c:\program files\Microsoft Silverlight
2010-03-04 10:20 . 2010-03-04 10:20 -------- d-----w- c:\program files\Opera
2010-03-04 10:17 . 2010-03-04 10:17 -------- d-----w- c:\program files\NWD2007
2010-03-04 10:17 . 2010-03-04 10:17 -------- d-----w- c:\program files\mpc
2010-03-04 10:17 . 2010-03-04 10:17 -------- d-----w- c:\program files\HD Tune
2010-03-04 10:07 . 2010-03-04 10:07 -------- d-----w- c:\program files\MSBuild
2010-03-04 10:07 . 2010-03-04 10:07 -------- d-----w- c:\program files\Reference Assemblies
2010-03-04 10:02 . 2010-03-04 10:02 -------- d-----w- c:\program files\MSXML 4.0
2010-03-04 09:58 . 2010-03-04 09:58 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-04 09:56 . 2010-03-04 09:56 -------- d-----w- c:\program files\Windows Media Connect 2
2010-02-25 06:12 . 2009-06-28 17:48 919040 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 11:57 . 2009-05-05 07:07 457216 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 19:02 . 2009-02-09 11:19 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 19:02 . 2009-05-05 07:07 2192256 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-12 04:29 . 2008-04-14 06:51 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 11:36 . 2009-05-05 07:06 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-02 11:24 . 2010-03-04 11:21 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2010-02-02 11:18 . 2010-03-04 11:21 30024 ----a-w- c:\windows\system32\uxtuneup.dll
.

------- Sigcheck -------

[-] 2009-05-05 . 1F39C7BDBA4C5F3F01C4EABF7EDBF4B3 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys

c:\windows\System32\drivers\beep.sys ... chybí !!
c:\windows\System32\wscntfy.exe ... chybí !!
c:\windows\System32\regsvc.dll ... chybí !!
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 1443072]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-06-09 1227080]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [13.3.2008 17:52 33800]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [4.3.2010 13:02 704384]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [4.3.2010 13:00 31128]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 8:24 10064]
S2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [4.3.2010 12:50 1268040]
S2 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys --> c:\program files\Anti Trojan Elite\ATEPMon.sys [?]
S3 ASWFilt;ASWFilt;c:\windows\system32\Filt\ASWFilt.dll [4.3.2010 13:02 33920]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Everest\kerneld.wnt [4.3.2010 12:34 26736]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-04-20 c:\windows\Tasks\Automatic troubleshooting.job
- c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2010-02-02 11:28]
.
.
------- Doplňkový sken -------
.
IE: &Download All using 4shared Desktop - c:\program files\4shared Desktop\down_all.htm
IE: &Download using 4shared Desktop - c:\program files\4shared Desktop\down_link.htm
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\admin\Data aplikací\Mozilla\Firefox\Profiles\o8nr1fdx.default\
FF - prefs.js: browser.startup.homepage - seznam.cz
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-20 09:06
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Everest\kerneld.wnt"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-527237240-920026266-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,45,6c,b5,50,95,34,f0,4e,98,5f,42,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,45,6c,b5,50,95,34,f0,4e,98,5f,42,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1420)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2852)
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\program files\Common Files\Nero\Lib\NeroDigitalExt.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\TomTom HOME 2\TomTomHOMEService.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\windows\system32\devldr32.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Celkový čas: 2010-04-20 09:09:32 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-20 07:09

Před spuštěním: Volných bajtů: 17 616 830 464
Po spuštění: Volných bajtů: 18 324 377 600

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /noexecute=alwaysoff

- - End Of File - - 6ED7F5D3581C201EFB66BF52EA20278E

VIRY.CZ

Prosím o radu... Trojan v 1 fyzickém disku...

Prosím o radu... Trojan v 1 fyzickém disku...

Re: Prosím o radu... Trojan v 1 fyzickém disku...

Re: Prosím o radu... Trojan v 1 fyzickém disku...

Re: Prosím o radu... Trojan v 1 fyzickém disku...

Re: Prosím o radu... Trojan v 1 fyzickém disku...

Re: Prosím o radu... Trojan v 1 fyzickém disku...

Re: Prosím o radu... Trojan v 1 fyzickém disku...

Re: Prosím o radu... Trojan v 1 fyzickém disku...

Re: Prosím o radu... Trojan v 1 fyzickém disku...

Re: Prosím o radu... Trojan v 1 fyzickém disku...

Re: Prosím o radu... Trojan v 1 fyzickém disku...

Re: Prosím o radu... Trojan v 1 fyzickém disku...

Re: Prosím o radu... Trojan v 1 fyzickém disku...

Re: Prosím o radu... Trojan v 1 fyzickém disku...

Re: Prosím o radu... Trojan v 1 fyzickém disku...