Prosím o radu... Trojan v 1 fyzickém disku...

[jirka12345]

Děkuji za snahu já za chvíli přijdu...

[motji]

Já tu budu dnes často nakukovat
ted se mnou mějte trošku trpělivost, bude to trošku náročnější, musíme pomalu, at Vám nesmažeme nějaká data. Máte tam zbytek Mbr rootkita a budeme muset opravovat Mbr sektory .

Zazálohujte si důležitá data, pro jistotu


Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

Fixmbr::

Restore::
c:\windows\system32\drivers\tcpip.sys
c:\windows\System32\drivers\beep.sys
c:\windows\System32\wscntfy.exe
c:\windows\System32\regsvc.dll

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:




-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci


Který disk Je první fyzický a který druhý? Jak je máte rozdělené?
Máte na obou OS?


Stáhněte HxD http://mh-nexus.de/en/downloads.php?product=HxD
-uložte ho na plochu
-rozbalte ho a program uložte přímo na disk C
-spustte ho
-klikněte na otevřít disk - zvolte pevné disky(fyzické disky) (nepoplette to)
-vyberte pevný disk 1
-do nabídky napište, který sektor chcete otevřít, potvrdíte enter, a budete přímo v tom sektoru
-napište mi, co máte na sektoru 1-62
-podívejte se, v kterém sektoru je NTFS nebo NTDLR

Aby jste měl představu, co hledat, takto vypadá můj 60.sektor, měly by tak vypadat všechny od 1-62, ale Vy je tak mít pravděpodobně nebudete.

[jirka12345]

Mám 2 disky. Jeden je 160 a druhej 200. Ten první je rozdelen na 30 a 120. Jen na jednom mám operační systém. Už zálohuji.

[jirka12345]

ComboFix 10-04-20.01 - admin 21.04.2010 8:28.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.511.91 [GMT 2:00]
Spuštěný z: c:\documents and settings\admin\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\admin\Plocha\CFScript.txt
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\System32\drivers\beep.sys . . . je infikován!!

c:\windows\system32\drivers\tcpip.sys . . . je infikován!!

c:\windows\System32\regsvc.dll . . . je infikován!!

c:\windows\System32\wscntfy.exe . . . je infikován!!

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-21 do 2010-04-21 )))))))))))))))))))))))))))))))
.

2010-04-21 06:25 . 2009-04-01 19:47 1683968 ----a-w- C:\HxD.exe
2010-04-20 07:06 . 2010-04-20 07:06 -------- d-----w- c:\windows\system32\wbem\snmp
2010-04-20 07:06 . 2010-04-20 07:06 -------- d-----w- c:\windows\system32\xircom
2010-04-20 07:06 . 2010-04-20 07:06 -------- d-----w- c:\windows\system32\oobe
2010-04-20 07:06 . 2010-04-20 07:06 -------- d-----w- c:\windows\srchasst
2010-04-20 07:06 . 2010-04-20 07:06 -------- d-----w- c:\windows\msagent
2010-04-20 07:06 . 2010-04-20 07:06 -------- d-----w- c:\program files\microsoft frontpage
2010-04-17 17:57 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-17 17:57 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-17 17:57 . 2010-04-17 17:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-16 18:44 . 2010-04-17 17:52 -------- d-----w- c:\program files\trend micro
2010-04-16 18:43 . 2010-04-16 18:44 -------- d-----w- C:\rsit
2010-04-14 12:32 . 2010-03-10 06:17 420352 ------w- c:\windows\system32\dllcache\vbscript.dll
2010-04-10 14:33 . 2010-04-10 14:33 10 ----a-w- c:\windows\popcinfo.dat
2010-04-10 08:51 . 2010-04-10 08:51 -------- d-----w- c:\windows\system32\LogFiles
2010-04-10 08:49 . 2008-04-13 20:15 26112 ----a-w- c:\windows\system32\drivers\usbser.sys
2010-04-10 08:49 . 2008-03-21 11:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-04-10 08:42 . 2010-04-10 08:42 -------- d-----w- c:\program files\Common Files\PCSuite
2010-04-06 22:59 . 2010-04-06 22:59 -------- d--h--w- c:\windows\PIF
2010-04-06 20:47 . 2010-04-06 20:47 -------- d-----w- c:\program files\TomTom International B.V
2010-04-06 20:46 . 2010-04-06 20:47 -------- d-----w- c:\program files\TomTom HOME 2
2010-04-05 18:31 . 2010-04-05 18:31 -------- d-----w- c:\program files\4shared Desktop
2010-04-01 08:53 . 2010-04-01 08:53 -------- d-sh--w- c:\documents and settings\admin\PrivacIE
2010-03-31 09:56 . 2010-02-25 06:12 611840 ------w- c:\windows\system32\dllcache\mstime.dll
2010-03-30 19:21 . 2010-03-30 19:21 -------- d-----w- c:\program files\Common Files\Java
2010-03-30 14:06 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-03-30 07:39 . 2010-03-30 07:39 -------- d-----w- c:\program files\CBS Software
2010-03-28 12:39 . 2010-03-28 12:39 -------- d-----w- c:\program files\Defraggler

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-16 19:53 . 2010-03-04 10:17 -------- d-----w- c:\program files\CCleaner
2010-04-15 15:30 . 2001-10-25 12:00 82440 ----a-w- c:\windows\system32\perfc005.dat
2010-04-15 15:30 . 2001-10-25 12:00 437056 ----a-w- c:\windows\system32\perfh005.dat
2010-04-10 08:49 . 2010-04-10 08:49 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2010-04-10 08:49 . 2010-04-10 08:49 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-04-10 08:42 . 2010-04-10 08:42 -------- d-----w- c:\program files\Common Files\Nokia
2010-04-10 08:42 . 2010-04-10 08:40 -------- d-----w- c:\program files\Nokia
2010-04-10 08:41 . 2010-04-10 08:41 -------- d-----w- c:\program files\DIFX
2010-04-10 08:40 . 2010-04-10 08:40 -------- d-----w- c:\program files\PC Connectivity Solution
2010-04-01 09:07 . 2010-03-04 11:15 -------- d-----w- c:\program files\Winamp
2010-03-30 19:20 . 2010-03-04 10:23 -------- d-----w- c:\program files\Java
2010-03-30 07:47 . 2010-03-04 10:24 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-10 15:29 . 2010-03-09 20:24 -------- d-----w- c:\program files\Anti Trojan Elite
2010-03-10 06:17 . 2009-06-04 00:30 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 02:28 . 2010-03-04 10:23 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-06 13:32 . 2010-03-04 10:33 -------- d-----w- c:\program files\totalcmd
2010-03-05 11:58 . 2010-03-04 10:00 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-03-05 11:58 . 2010-03-04 10:00 2426 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-03-05 11:57 . 2010-03-04 10:00 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-03-04 11:39 . 2010-03-04 11:36 -------- d-----w- c:\program files\Common Files\Nero
2010-03-04 11:36 . 2010-03-04 11:36 -------- d-----w- c:\program files\Nero
2010-03-04 11:25 . 2010-03-04 10:34 -------- d-----w- c:\program files\nLite
2010-03-04 11:22 . 2010-03-04 11:21 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-03-04 11:19 . 2010-03-04 11:19 0 ----a-w- c:\windows\nsreg.dat
2010-03-04 11:13 . 2010-03-04 11:13 -------- d-----w- c:\program files\VertrigoServ
2010-03-04 10:50 . 2010-03-04 10:50 -------- d-----w- c:\program files\Agnitum
2010-03-04 10:48 . 2010-03-04 10:48 -------- d-----w- c:\program files\MSECache
2010-03-04 10:44 . 2010-03-04 10:44 -------- d-----w- c:\program files\Microsoft Works
2010-03-04 10:43 . 2010-03-04 10:43 -------- d-----w- c:\program files\Microsoft.NET
2010-03-04 10:41 . 2010-03-04 10:41 -------- d-----w- c:\program files\ESET
2010-03-04 10:35 . 2010-03-04 10:35 0 ----a-w- c:\windows\ativpsrm.bin
2010-03-04 10:33 . 2010-03-04 10:33 -------- d-----w- c:\program files\AV-Kodeky
2010-03-04 10:21 . 2010-03-04 10:21 -------- d-----w- c:\program files\Microsoft Silverlight
2010-03-04 10:20 . 2010-03-04 10:20 -------- d-----w- c:\program files\Opera
2010-03-04 10:17 . 2010-03-04 10:17 -------- d-----w- c:\program files\NWD2007
2010-03-04 10:17 . 2010-03-04 10:17 -------- d-----w- c:\program files\mpc
2010-03-04 10:17 . 2010-03-04 10:17 -------- d-----w- c:\program files\HD Tune
2010-03-04 10:07 . 2010-03-04 10:07 -------- d-----w- c:\program files\MSBuild
2010-03-04 10:07 . 2010-03-04 10:07 -------- d-----w- c:\program files\Reference Assemblies
2010-03-04 10:02 . 2010-03-04 10:02 -------- d-----w- c:\program files\MSXML 4.0
2010-03-04 09:58 . 2010-03-04 09:58 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-04 09:56 . 2010-03-04 09:56 -------- d-----w- c:\program files\Windows Media Connect 2
2010-02-25 06:12 . 2009-06-28 17:48 919040 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 11:57 . 2009-05-05 07:07 457216 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 19:02 . 2009-02-09 11:19 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 19:02 . 2009-05-05 07:07 2192256 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-12 04:29 . 2008-04-14 06:51 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 11:36 . 2009-05-05 07:06 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-02 11:24 . 2010-03-04 11:21 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2010-02-02 11:18 . 2010-03-04 11:21 30024 ----a-w- c:\windows\system32\uxtuneup.dll
.

------- Sigcheck -------


[-] 2009-05-05 . 1F39C7BDBA4C5F3F01C4EABF7EDBF4B3 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys



c:\windows\System32\drivers\beep.sys ... chybí !!
c:\windows\System32\wscntfy.exe ... chybí !!
c:\windows\System32\regsvc.dll ... chybí !!
.
((((((((((((((((((((((((((((( SnapShot@2010-04-20_07.07.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-21 06:35 . 2010-04-21 06:35 16384 c:\windows\Temp\Perflib_Perfdata_60c.dat
+ 2010-04-21 05:37 . 2010-04-21 05:37 16384 c:\windows\Temp\Perflib_Perfdata_568.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 1443072]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-06-09 1227080]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [13.3.2008 17:52 33800]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [4.3.2010 13:02 704384]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [4.3.2010 12:50 1268040]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [13.3.2008 17:49 472320]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [13.11.2009 13:31 92008]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2.2.2010 13:21 1043784]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [4.3.2010 13:00 31128]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 8:24 10064]
S2 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys --> c:\program files\Anti Trojan Elite\ATEPMon.sys [?]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [25.10.2001 14:00 3584]
S3 ASWFilt;ASWFilt;c:\windows\system32\Filt\ASWFilt.dll [4.3.2010 13:02 33920]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Everest\kerneld.wnt [4.3.2010 12:34 26736]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-04-21 c:\windows\Tasks\Automatic troubleshooting.job
- c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2010-02-02 11:28]
.
.
------- Doplňkový sken -------
.
IE: &Download All using 4shared Desktop - c:\program files\4shared Desktop\down_all.htm
IE: &Download using 4shared Desktop - c:\program files\4shared Desktop\down_link.htm
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\admin\Data aplikací\Mozilla\Firefox\Profiles\o8nr1fdx.default\
FF - prefs.js: browser.startup.homepage - seznam.cz
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-21 08:36
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Everest\kerneld.wnt"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-527237240-920026266-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,45,6c,b5,50,95,34,f0,4e,98,5f,42,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,45,6c,b5,50,95,34,f0,4e,98,5f,42,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1660)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3356)
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\windows\system32\devldr32.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Celkový čas: 2010-04-21 08:38:44 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-21 06:38
ComboFix2.txt 2010-04-20 07:09

Před spuštěním: Volných bajtů: 24 564 428 800
Po spuštění: Volných bajtů: 24 532 090 880

- - End Of File - - 25F81A5BF1A060CFE6BA5EA34CF686D7

[jirka12345]

Sectror 1, 32, 60, 61, 62, ale i pak dál něco obsahují... ( až po 69 to ukazuje cosi zmateného.) respektive není to to samé to co tam máte...

a ten ntfs je v 63 sectortu. a tohle je v 64 sectoru ..N.T.L.D.R...$.

[motji]

Můžete sem obsah těchto sektorů zkopírovat?
0, 1, 32, 60, 61, 62,63, 64
0. sektor se neopravuje, z něj se bootuje, od 63.sektoru jsou čísla také v pořádku, do toho chytat nebudeme .

Ještě Vás poprosím o log z Gmeru. jestli to dobře chápu, tak máte jen jeden OS.
Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, klikněte na Save a tím si uložíte log,který sem vložíte

-Podle návodu v odkazu provedete druhý sken a log sem také vložíte.


A já Vám mezitím seženu soubory, které Vám dle logu z combofixu chybí .
Oprava Mbr sektoru je trošku náročnější, budeme muset dělat kontrolní logy, tak se mnou mějte trpělivost

[jirka12345]

Ano mám jen jeden operační systém... Já bych to zformátoval ale to ten vir neodstarní... už jsem to několiktrát zkoušel.


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-04-21 09:54:44
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\admin\LOCALS~1\Temp\axtdapog.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 61: malicious code @ sector 0x12a18ac1 size 0x1ac

---- System - GMER 1.0.15 ----

SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryDirectoryFile [0xAA65B8A0]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys

---- EOF - GMER 1.0.15 ----

[jirka12345]

0 sec

3ŔŽĐĽ.|űP.P.üľ.|ż..PWąĺ.ó¤Ë˝ľ.±.8n.|.u..Ĺ.âôÍ.‹ő.Ć.It.8,tö µ.´.‹đ¬<.tü»..´.Í.ëň.N.čF.s*ţF.€~..t.€~..t. ¶.uŇ€F...F...V..č!.s. ¶.ëĽ.>ţ}UŞt.€~..tČ ·.ë©‹ü.W‹őËż..ŠV.´.Í.r#ŠÁ$?.ŠŢŠüC÷ă‹Ń†Ö±.ŇîB÷â9V.w#r.9F.s.¸..».|‹N.‹V.Í.sQOtN2äŠV.Í.ëäŠV.`»ŞU´AÍ.r6.űUŞu0öÁ.t+a`j.j.˙v.˙v.j.h.|j.j.´B‹ôÍ.aas.Ot.2äŠV.Í.ëÖaůĂNeplatn  tabulka oddˇl….Chyba pýi naźˇt nˇ operaźnˇho syst‚mu.Operaźnˇ syst‚m nenalezen..................................................,Dj.č.č..€....ţ˙˙?...rˇ©..ţ˙˙.ţ˙˙±ˇ©..é÷.................................UŞ

32 sec

ŘA ő......sq‚đĹ^/.Š/p.P8é˛8¦+.Ź;EâîsPúŚ..±#ÂŢg”d"YŃd_.J..äß©‡€$%ůą@ełż.ďír.“)ćŰJ\RÎ|Đ.tŻ7oV.6ďőí.Ć.D_|ő.o.||"çžÜ»ČĘ.\5Ő.ĘĺÍn0 ,_MˇÂ.•ąYÓ;*¦Oü—`m8°.Ď]_á.O:¬Ť;&.ž˛7~#ř±Ö.—‡:ş.ÇR.˙tÚB—÷č9|Ě6&(»ŞÚɢNhfÔ.î)j1kčŽŰ°"?^1ľM!SĚk.Ć!Ź.ĐgvÂh©‹.ű}MH“h•.Ň­ö.Üűâ.ŇŻŻű4/†Ű.Đć.‡.ów_éȬ-.ď„.ý¬ú€ś—2.Ş[[vÜt˛.†.Ç..we.-öńő..­r.ć®r‰Ĺ¨ş6.?ýZó>rĄ~ĐJ ó.§Ó–H¸§rÁç.Ćőăťög†nć|•ńÔ€-.uVŻ™őxą.śĹN:¶.v...ňg˝.|.'wo@k#lń.{xńůşUÎ9˘ć.S(§{.tkMü ¸‰wżĘä)j¬eű.Ö.Ô.ép>…#Ĺ‘'ç.§Ň?.ŇŁŐCM„“ť¬.7ĆŽ1®Q.H_.‘ô…Ţ”·ş•….ľ-w.Ěß:R´†ťFŮň¬pś8;q .´-`Ť..Î…ç.ś.SŮş…ç.ś....

60 sec

‹đ…Ŕśu..D$..`ü‹|$$.ç..đ˙°Ç®uý.?F4.@uő°ˇ®uý‹7‹6‹6‹^.‹ëC.;jKj.u÷€{.‰u..Ă.€{.čučŤ{.°č®uýf...„ŔuŘ‹.ŤT:.č....Xf.˙.@‰P.‰h.W‹u<‹t5P.őN.Î˙....î˙...‹ţ–ą€...óĄ_+Ç.č.«aťĂ.................................................................................................................................................................................................................................................................................................................................................................

61 sec

‹.$hxV4.‹.$hxV4.. ŔP%˙˙ţ˙."Ŕ+ĘX."Ŕ˙4$hbŕ.7č;...YYh«...j.˙Đ`č....^.Ć.‹řjjY󥱀Ťľ.ţ˙˙˙ŕ3Ŕa˙t$.˙T$.YZ`‡ÍčR...`‹l$(‹E<‹T.x.Ő‹J.‹Z .Ýă2I‹4‹.ő3˙ü3Ŕ¬:Ät.ÁĎ..řëň;|$$uá‹Z$.Ýf‹.K‹Z..Ý‹.‹.Ĺë.3Ŕ‰D$.aĂ[Uh¸t)…˙Ó3ŇRR‹ôR‹üč&...\.?.?.\.P.h.y.s.i.c.a.l.D.r.i.v.e.1...h$.&.‹ĚRRj@QRj.‹Ěj j.VQh...€W˙ĐUhbŕ.7˙Ó—Uh.Őü„˙Ó‰.h%...h.‚.C‹Ěj.Qą.X..QQj.˙×PV‹Î–3ŇRRR˙t$X˙.Uh_LÔÜ˙Ó˙t$@˙Đ‹F<.ĆP‹PPRRj.˙×—YW2ŔóŞ_X`‹HTó¤a+Ć.Ç.·H.Ť.ř...`.r..z.‹J.ă.ó¤a.Â(âěP`‹ţ‘ą.Ö..ó«aUh.ťHť˙Ó•V˙Ő‹t$.˙´$„...W‹F(.Ç˙Đ.Ŕ}.‹NPă.2ŔWóŞ_W˙Ő.Ä`3Ŕ‹ű.ď.ąś...óŞaÂ...........

62 sec

3ŔŽĐĽ.|űP.P.üľ.|ż..PWąĺ.ó¤Ë˝ľ.±.8n.|.u..Ĺ.âôÍ.‹ő.Ć.It.8,tö µ.´.‹đ¬<.tü»..´.Í.ëň.N.čF.s*ţF.€~..t.€~..t. ¶.uŇ€F...F...V..č!.s. ¶.ëĽ.>ţ}UŞt.€~..tČ ·.ë©‹ü.W‹őËż..ŠV.´.Í.r#ŠÁ$?.ŠŢŠüC÷ă‹Ń†Ö±.ŇîB÷â9V.w#r.9F.s.¸..».|‹N.‹V.Í.sQOtN2äŠV.Í.ëäŠV.`»ŞU´AÍ.r6.űUŞu0öÁ.t+a`j.j.˙v.˙v.j.h.|j.j.´B‹ôÍ.aas.Ot.2äŠV.Í.ëÖaůĂNeplatn  tabulka oddˇl….Chyba pýi naźˇt nˇ operaźnˇho syst‚mu.Operaźnˇ syst‚m nenalezen..................................................,Dj.č.č..€....ţ˙˙?...’ď=...Á˙.ţ˙˙Ńď=.đšc.................................UŞ

63 sec

ëR.NTFS ..........ř..?.˙.?.......€.€.qˇ©..............š:.....ö.......H…Ěü§Ěü”....ú3ŔŽĐĽ.|ű¸Ŕ.ŽŘč..¸..ŽŔ3ŰĆ....čS.h..hj.ËŠ.$.´.Í.s.ą˙˙Šńf.¶Ć@f.¶Ń€â?÷â†ÍŔí.Af.·Éf÷áfŁ .Ă´A»ŞUŠ.$.Í.r..űUŞu.öÁ.t.ţ...Ăf`..fˇ..f....f;. ..‚:..fj.fP.Sfh....€>....…..čł˙€>....„a.´BŠ.$...‹ôÍ.fX[.fXfX.ë-f3Ňf.·...f÷ńţŠĘf‹ĐfÁę.÷6..†ÖŠ.$.ŠčŔä..̸..Í..‚..ŚŔ. .ŽŔf˙...˙....…o˙..faĂ ř.č.. ű.č..űëţ´.‹đ¬<.t.´.»..Í.ëňĂ..Chyba źtenˇ disku...NTLDR nenalezen...NTLDR komprimov n....Restartujte stisknutˇm kl ves Ctrl+Alt+Del...............—©ľ..UŞ

64 sec

..N.T.L.D.R...$.I.3.0..ŕ...0..........................................................ë...................ŚČŽŘÁŕ.ú‹ŕűč.ţf.·...f.¶...f÷ăfŁN.f‹.@.€ů..Ź..öŮf¸....fÓŕë..fˇN.f÷áfŁR.f.·...f3Ňf÷ófŁV.čq.f‹.J.f‰.".f..R.f‰.&.f..R.f‰.*.f..R.f‰.:.f..R.f‰.B.f¸....f‹.".č_.f.Ŕ.„WţfŁ..f¸ ...f‹.&.čF.fŁ2.f¸°...f‹.*.č4.fŁ6.fˇ..f.Ŕ.„$ţg€x...….ţgfŤP.g.B.gf.¶H.f‰.b.gf‹H.f‰.^.fˇ^.f.·...f3Ňf÷ńfŁf.fˇB.f..^.fŁF.f.>2...„..f.>6...„Čýf‹.6...f‹>F.fˇ*.čĽ.f.·...f¸....čţ.f.Ŕ.„¨.gf‹...f‹>:.č1.fˇ:.f» ...fą....fş....čÖ.f…Ŕ.…#.fˇ:.f»€...fą....

[motji]

Já bych to zformátoval ale to ten vir neodstarní... už jsem to několiktrát zkoušel.

Vy jste už několikrát formátoval disk a Eset vir pořád hlásí? Formátek by se mohl odstranit, ale museli by se zrušit oddíly a zformátovat celý disk. A ani to není zaručeno. Až to vyčistíme, změnte si všude hesla
1.fyzický disk je disk C,že?
Na jiném disku nehlásí Eset nic?


Ty výpisy ze sektorů jsou nějaké divné, to jste dal to co je na boku? Počkejte chviličku, udělám screen

[jirka12345]

Ano to je to co je na boku... Nevím jak bych to sem jinak hodil.



GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-21 10:10:10
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\admin\LOCALS~1\Temp\axtdapog.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwAssignProcessToJobObject [0xAA675A60]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwClose [0xAA65ABF0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwConnectPort [0xAA677920]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateFile [0xAA656F60]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateKey [0xAA662090]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateProcess [0xAA66E2B0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateProcessEx [0xAA66EBB0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateSection [0xAA655D10]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateSymbolicLinkObject [0xAA661E40]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateThread [0xAA66CD70]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDebugActiveProcess [0xAA67AF30]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDeleteFile [0xAA660B20]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDeleteKey [0xAA663900]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDeleteValueKey [0xAA66A3A0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwLoadDriver [0xAA66BBB0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwMakeTemporaryObject [0xAA6616B0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenFile [0xAA659C10]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenKey [0xAA662FC0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenProcess [0xAA670CA0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenSection [0xAA656580]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenThread [0xAA670060]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwProtectVirtualMemory [0xAA676DA0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryDirectoryFile [0xAA65B8A0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryKey [0xAA665750]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryValueKey [0xAA665FA0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueueApcThread [0xAA674ED0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRenameKey [0xAA669590]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwReplaceKey [0xAA667500]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRequestPort [0xAA679A50]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRequestWaitReplyPort [0xAA679D70]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRestoreKey [0xAA668D20]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSaveKey [0xAA667C80]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSaveKeyEx [0xAA6684D0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSecureConnectPort [0xAA678480]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetContextThread [0xAA674440]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetInformationDebugObject [0xAA67B520]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetInformationFile [0xAA65CBF0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetSystemInformation [0xAA66B1C0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetValueKey [0xAA666820]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSuspendProcess [0xAA673190]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSuspendThread [0xAA673AC0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSystemDebugControl [0xAA67A770]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwTerminateProcess [0xAA671790]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwTerminateThread [0xAA672620]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwUnloadDriver [0xAA66C530]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwWriteVirtualMemory [0xAA6762B0]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 440 804E2AAC 12 Bytes [90, 31, 67, AA, C0, 3A, 67, ...] {NOP ; XOR [EDI-0x56], ESP; SAR BYTE [EDX], 0x67; STOSB ; JO 0xffffffffffffffb1; STOS BYTE [DI]}
? Combo-Fix.sys Systém nemůže nalézt uvedený soubor. !
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF7F4C000, 0x1C5D58, 0xE8000020]
? C:\ComboFix\catchme.sys Systém nemůže nalézt uvedenou cestu. !
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS Systém nemůže nalézt uvedený soubor. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[348] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[564] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 005A3D04 C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe (Outpost User Interface/Agnitum Ltd.)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[564] kernel32.dll!LoadResource 7C80A055 5 Bytes JMP 005A39E0 C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe (Outpost User Interface/Agnitum Ltd.)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[564] kernel32.dll!SetUnhandledExceptionFilter 7C844935 5 Bytes JMP 005A3C80 C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe (Outpost User Interface/Agnitum Ltd.)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[564] user32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 005A3CD8 C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe (Outpost User Interface/Agnitum Ltd.)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[564] user32.dll!EnableWindow 7E379849 5 Bytes JMP 0172A44C C:\PROGRA~1\Agnitum\OUTPOS~1\op_cmn.dll (Outpost Common Controls Library/Agnitum Ltd.)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[564] user32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 005A3CAC C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe (Outpost User Interface/Agnitum Ltd.)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe[1384] kernel32.dll!SetUnhandledExceptionFilter 7C844935 5 Bytes JMP 00532B64 C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe (Agnitum Outpost Service/Agnitum Ltd.)
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1520] kernel32.dll!SetUnhandledExceptionFilter 7C844935 4 Bytes [C2, 04, 00, 00]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtSetInformationFile] [AA66B190] \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateFile] [AA658130] \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 61: malicious code @ sector 0x12a18ac1 size 0x1ac

---- EOF - GMER 1.0.15 ----

[jirka12345]

a ten formát jsem provedl už několikrát na obou discích smazal jsem je a i odstranil oddíly a pořád vir... Já tam mám někde vidět helsa?

ano fyzický disk je c ale i d... je to jeden disk rozdělenej na dva

tak jestli bude jednoduší udělat formát tak já ho provedu... zruším oddíly naformátuji celej disk a pak znovu nainstaluji xp? co vy na to?

[motji]

Takže musíte to celé označit, celý ten sektor, pak kliknete pravým tlačítkem myši a kopírovat. Mě to tak šlo.


Ne, hesla v logu nevidím , ale Mbr rootkit je krade, stejně tak i různá data z počítače. Proto počítač pak ještě proskenujeme Avptoolem.

[jirka12345]

a už je i cosi na 10 sec


0 sec

33 C0 8E D0 BC 00 7C FB 50 07 50 1F FC BE 1B 7C BF 1B 06 50 57 B9 E5 01 F3 A4 CB BD BE 07 B1 04 38 6E 00 7C 09 75 13 83 C5 10 E2 F4 CD 18 8B F5 83 C6 10 49 74 19 38 2C 74 F6 A0 B5 07 B4 07 8B F0 AC 3C 00 74 FC BB 07 00 B4 0E CD 10 EB F2 88 4E 10 E8 46 00 73 2A FE 46 10 80 7E 04 0B 74 0B 80 7E 04 0C 74 05 A0 B6 07 75 D2 80 46 02 06 83 46 08 06 83 56 0A 00 E8 21 00 73 05 A0 B6 07 EB BC 81 3E FE 7D 55 AA 74 0B 80 7E 10 00 74 C8 A0 B7 07 EB A9 8B FC 1E 57 8B F5 CB BF 05 00 8A 56 00 B4 08 CD 13 72 23 8A C1 24 3F 98 8A DE 8A FC 43 F7 E3 8B D1 86 D6 B1 06 D2 EE 42 F7 E2 39 56 0A 77 23 72 05 39 46 08 73 1C B8 01 02 BB 00 7C 8B 4E 02 8B 56 00 CD 13 73 51 4F 74 4E 32 E4 8A 56 00 CD 13 EB E4 8A 56 00 60 BB AA 55 B4 41 CD 13 72 36 81 FB 55 AA 75 30 F6 C1 01 74 2B 61 60 6A 00 6A 00 FF 76 0A FF 76 08 6A 00 68 00 7C 6A 01 6A 10 B4 42 8B F4 CD 13 61 61 73 0E 4F 74 0B 32 E4 8A 56 00 CD 13 EB D6 61 F9 C3 4E 65 70 6C 61 74 6E A0 20 74 61 62 75 6C 6B 61 20 6F 64 64 A1 6C 85 00 43 68 79 62 61 20 70 FD 69 20 6E 61 9F A1 74 A0 6E A1 20 6F 70 65 72 61 9F 6E A1 68 6F 20 73 79 73 74 82 6D 75 00 4F 70 65 72 61 9F 6E A1 20 73 79 73 74 82 6D 20 6E 65 6E 61 6C 65 7A 65 6E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2C 44 6A 09 E8 09 E8 00 00 80 01 01 00 07 FE FF FF 3F 00 00 00 72 A1 A9 03 00 FE FF FF 0F FE FF FF B1 A1 A9 03 10 E9 F7 0E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA

10 sec

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 28 96 C4 17 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00


32 sec

D8 41 A0 F5 02 00 02 00 88 16 73 71 82 F0 C5 5E 2F 1D 8A 2F 70 1C 50 38 E9 B2 38 A6 2B 81 8F 3B 45 E2 EE 73 50 FA 8C 98 0F B1 23 C2 DE 67 94 64 22 59 D1 64 5F 0F 4A 01 88 E4 DF A9 87 80 24 25 F9 B9 40 65 B3 BF 90 EF ED 72 15 93 29 E6 DB 4A 5C 52 CE 7C D0 07 74 AF 37 6F 56 11 36 EF F5 ED 1E C6 15 44 5F 7C F5 0C 6F 04 7C 7C 22 E7 9E DC BB C8 CA 16 5C 35 D5 1A CA E5 CD 6E 30 A0 2C 5F 4D A1 C2 09 95 B9 59 D3 3B 2A A6 4F FC 97 60 6D 38 B0 83 CF 5D 5F E1 12 4F 3A AC 8D 3B 26 1D 9E B2 37 7E 23 F8 B1 D6 0F 97 87 3A BA 18 C7 52 10 FF 74 DA 42 97 F7 E8 39 7C CC 36 26 28 BB AA DA C9 A2 4E 68 66 D4 2E EE 29 6A 31 6B E8 8E DB B0 22 3F 5E 31 BE 4D 21 53 CC 6B 1E C6 21 8F 00 D0 67 76 C2 68 A9 8B 07 FB 7D 4D 48 93 68 95 04 D2 AD F6 14 DC FB E2 16 D2 AF AF FB 34 2F 86 DB 0A D0 E6 07 87 11 F3 77 5F E9 C8 AC 2D 01 EF 84 81 FD AC FA 80 9C 97 32 00 AA 5B 5B 76 DC 74 B2 88 86 08 C7 19 88 77 65 0D 2D F6 F1 F5 15 10 AD 72 11 E6 AE 72 89 C5 A8 BA 36 0A 3F FD 5A F3 3E 72 A5 7E D0 4A 20 F3 1B A7 D3 96 48 B8 A7 72 C1 E7 02 C6 F5 E3 9D F6 67 86 6E E6 7C 95 F1 D4 80 2D 16 75 56 AF 99 F5 78 B9 11 9C C5 4E 3A B6 1E 76 2E 19 02 F2 67 BD 18 7C 2E 27 77 6F 40 6B 23 6C F1 16 7B 78 F1 F9 BA 55 CE 39 A2 E6 90 53 28 A7 7B 11 74 6B 4D FC A0 B8 89 77 BF CA E4 29 6A AC 65 FB 0D D6 19 D4 10 E9 70 3E 85 23 C5 91 27 E7 0F A7 D2 3F 1A D2 A3 D5 43 4D 84 93 9D AC 04 37 C6 8E 31 AE 51 0F 48 5F 19 91 F4 85 DE 94 B7 BA 95 85 1B BE 2D 77 98 CC DF 3A 52 B4 86 9D 46 D9 F2 AC 70 9C 38 3B 71 A0 1D B4 2D 60 8D 98 1C CE 85 E7 14 9C 15 53 D9 BA 85 E7 14 9C 00 00 00 00



60 sec

8B F0 85 C0 9C 75 05 83 44 24 04 00 60 FC 8B 7C 24 24 81 E7 00 00 F0 FF B0 C7 AE 75 FD 81 3F 46 34 00 40 75 F5 B0 A1 AE 75 FD 8B 37 8B 36 8B 36 8B 5E 18 8B EB 43 81 3B 6A 4B 6A 19 75 F7 80 7B 04 89 75 03 83 C3 06 80 7B 04 E8 75 E8 8D 7B 09 B0 E8 AE 75 FD 66 81 7F 04 84 C0 75 D8 8B 17 8D 54 3A 04 E8 00 00 00 00 58 66 0D FF 01 40 89 50 04 89 68 0C 57 8B 75 3C 8B 74 35 50 03 F5 4E 81 CE FF 0F 00 00 81 EE FF 01 00 00 8B FE 96 B9 80 00 00 00 F3 A5 5F 2B C7 83 E8 04 AB 61 9D C3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00


61 sec

8B 14 24 68 78 56 34 12 8B 0C 24 68 78 56 34 12 0F 20 C0 50 25 FF FF FE FF 0F 22 C0 2B CA 58 0F 22 C0 FF 34 24 68 62 E0 07 37 E8 3B 00 00 00 59 59 68 AB 01 00 00 6A 00 FF D0 60 E8 00 00 00 00 5E 83 C6 15 8B F8 6A 6A 59 F3 A5 B1 80 8D BE 00 FE FF FF FF E0 33 C0 61 FF 74 24 0C FF 54 24 08 59 5A 60 87 CD E8 52 00 00 00 60 8B 6C 24 28 8B 45 3C 8B 54 05 78 03 D5 8B 4A 18 8B 5A 20 03 DD E3 32 49 8B 34 8B 03 F5 33 FF FC 33 C0 AC 3A C4 74 07 C1 CF 0D 03 F8 EB F2 3B 7C 24 24 75 E1 8B 5A 24 03 DD 66 8B 0C 4B 8B 5A 1C 03 DD 8B 04 8B 03 C5 EB 02 33 C0 89 44 24 1C 61 C3 5B 55 68 B8 74 29 85 FF D3 33 D2 52 52 8B F4 52 8B FC E8 26 00 00 00 5C 00 3F 00 3F 00 5C 00 50 00 68 00 79 00 73 00 69 00 63 00 61 00 6C 00 44 00 72 00 69 00 76 00 65 00 31 00 00 00 68 24 00 26 00 8B CC 52 52 6A 40 51 52 6A 18 8B CC 6A 20 6A 03 56 51 68 00 00 10 80 57 FF D0 55 68 62 E0 07 37 FF D3 97 55 68 16 D5 FC 84 FF D3 89 06 68 25 00 00 00 68 00 82 15 43 8B CC 6A 00 51 B9 00 58 03 00 51 51 6A 00 FF D7 50 56 8B CE 96 33 D2 52 52 52 FF 74 24 58 FF 11 55 68 5F 4C D4 DC FF D3 FF 74 24 40 FF D0 8B 46 3C 03 C6 50 8B 50 50 52 52 6A 00 FF D7 97 59 57 32 C0 F3 AA 5F 58 60 8B 48 54 F3 A4 61 2B C6 03 C7 0F B7 48 06 8D 90 F8 00 00 00 60 03 72 14 03 7A 0C 8B 4A 10 E3 02 F3 A4 61 83 C2 28 E2 EC 50 60 8B FE 91 B9 00 D6 00 00 F3 AB 61 55 68 1F 9D 48 9D FF D3 95 56 FF D5 8B 74 24 08 FF B4 24 84 00 00 00 57 8B 46 28 03 C7 FF D0 0B C0 7D 0E 8B 4E 50 E3 09 32 C0 57 F3 AA 5F 57 FF D5 83 C4 60 33 C0 8B FB 83 EF 15 B9 9C 01 00 00 F3 AA 61 C2 04 00 00 00 00 00 00 00 00 00 00


62 sec

33 C0 8E D0 BC 00 7C FB 50 07 50 1F FC BE 1B 7C BF 1B 06 50 57 B9 E5 01 F3 A4 CB BD BE 07 B1 04 38 6E 00 7C 09 75 13 83 C5 10 E2 F4 CD 18 8B F5 83 C6 10 49 74 19 38 2C 74 F6 A0 B5 07 B4 07 8B F0 AC 3C 00 74 FC BB 07 00 B4 0E CD 10 EB F2 88 4E 10 E8 46 00 73 2A FE 46 10 80 7E 04 0B 74 0B 80 7E 04 0C 74 05 A0 B6 07 75 D2 80 46 02 06 83 46 08 06 83 56 0A 00 E8 21 00 73 05 A0 B6 07 EB BC 81 3E FE 7D 55 AA 74 0B 80 7E 10 00 74 C8 A0 B7 07 EB A9 8B FC 1E 57 8B F5 CB BF 05 00 8A 56 00 B4 08 CD 13 72 23 8A C1 24 3F 98 8A DE 8A FC 43 F7 E3 8B D1 86 D6 B1 06 D2 EE 42 F7 E2 39 56 0A 77 23 72 05 39 46 08 73 1C B8 01 02 BB 00 7C 8B 4E 02 8B 56 00 CD 13 73 51 4F 74 4E 32 E4 8A 56 00 CD 13 EB E4 8A 56 00 60 BB AA 55 B4 41 CD 13 72 36 81 FB 55 AA 75 30 F6 C1 01 74 2B 61 60 6A 00 6A 00 FF 76 0A FF 76 08 6A 00 68 00 7C 6A 01 6A 10 B4 42 8B F4 CD 13 61 61 73 0E 4F 74 0B 32 E4 8A 56 00 CD 13 EB D6 61 F9 C3 4E 65 70 6C 61 74 6E A0 20 74 61 62 75 6C 6B 61 20 6F 64 64 A1 6C 85 00 43 68 79 62 61 20 70 FD 69 20 6E 61 9F A1 74 A0 6E A1 20 6F 70 65 72 61 9F 6E A1 68 6F 20 73 79 73 74 82 6D 75 00 4F 70 65 72 61 9F 6E A1 20 73 79 73 74 82 6D 20 6E 65 6E 61 6C 65 7A 65 6E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2C 44 6A 09 E8 09 E8 00 00 80 01 01 00 07 FE FF FF 3F 00 00 00 92 EF 3D 01 00 00 C1 FF 0F FE FF FF D1 EF 3D 01 F0 9A 63 11 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA


63 sec

EB 52 90 4E 54 46 53 20 20 20 20 00 02 08 00 00 00 00 00 00 00 F8 00 00 3F 00 FF 00 3F 00 00 00 00 00 00 00 80 00 80 00 71 A1 A9 03 00 00 00 00 00 00 0C 00 00 00 00 00 17 9A 3A 00 00 00 00 00 F6 00 00 00 01 00 00 00 48 85 CC FC A7 CC FC 94 00 00 00 00 FA 33 C0 8E D0 BC 00 7C FB B8 C0 07 8E D8 E8 16 00 B8 00 0D 8E C0 33 DB C6 06 0E 00 10 E8 53 00 68 00 0D 68 6A 02 CB 8A 16 24 00 B4 08 CD 13 73 05 B9 FF FF 8A F1 66 0F B6 C6 40 66 0F B6 D1 80 E2 3F F7 E2 86 CD C0 ED 06 41 66 0F B7 C9 66 F7 E1 66 A3 20 00 C3 B4 41 BB AA 55 8A 16 24 00 CD 13 72 0F 81 FB 55 AA 75 09 F6 C1 01 74 04 FE 06 14 00 C3 66 60 1E 06 66 A1 10 00 66 03 06 1C 00 66 3B 06 20 00 0F 82 3A 00 1E 66 6A 00 66 50 06 53 66 68 10 00 01 00 80 3E 14 00 00 0F 85 0C 00 E8 B3 FF 80 3E 14 00 00 0F 84 61 00 B4 42 8A 16 24 00 16 1F 8B F4 CD 13 66 58 5B 07 66 58 66 58 1F EB 2D 66 33 D2 66 0F B7 0E 18 00 66 F7 F1 FE C2 8A CA 66 8B D0 66 C1 EA 10 F7 36 1A 00 86 D6 8A 16 24 00 8A E8 C0 E4 06 0A CC B8 01 02 CD 13 0F 82 19 00 8C C0 05 20 00 8E C0 66 FF 06 10 00 FF 0E 0E 00 0F 85 6F FF 07 1F 66 61 C3 A0 F8 01 E8 09 00 A0 FB 01 E8 03 00 FB EB FE B4 01 8B F0 AC 3C 00 74 09 B4 0E BB 07 00 CD 10 EB F2 C3 0D 0A 43 68 79 62 61 20 9F 74 65 6E A1 20 64 69 73 6B 75 00 0D 0A 4E 54 4C 44 52 20 6E 65 6E 61 6C 65 7A 65 6E 00 0D 0A 4E 54 4C 44 52 20 6B 6F 6D 70 72 69 6D 6F 76 A0 6E 2E 00 0D 0A 52 65 73 74 61 72 74 75 6A 74 65 20 73 74 69 73 6B 6E 75 74 A1 6D 20 6B 6C A0 76 65 73 20 43 74 72 6C 2B 41 6C 74 2B 44 65 6C 2E 0D 0A 00 00 00 00 00 00 00 00 00 00 00 83 97 A9 BE 00 00 55 AA


64 sec

05 00 4E 00 54 00 4C 00 44 00 52 00 04 00 24 00 49 00 33 00 30 00 00 E0 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 EB 12 90 90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 8C C8 8E D8 C1 E0 04 FA 8B E0 FB E8 03 FE 66 0F B7 06 0B 00 66 0F B6 1E 0D 00 66 F7 E3 66 A3 4E 02 66 8B 0E 40 00 80 F9 00 0F 8F 0E 00 F6 D9 66 B8 01 00 00 00 66 D3 E0 EB 08 90 66 A1 4E 02 66 F7 E1 66 A3 52 02 66 0F B7 1E 0B 00 66 33 D2 66 F7 F3 66 A3 56 02 E8 71 04 66 8B 0E 4A 02 66 89 0E 22 02 66 03 0E 52 02 66 89 0E 26 02 66 03 0E 52 02 66 89 0E 2A 02 66 03 0E 52 02 66 89 0E 3A 02 66 03 0E 52 02 66 89 0E 42 02 66 B8 90 00 00 00 66 8B 0E 22 02 E8 5F 09 66 0B C0 0F 84 57 FE 66 A3 2E 02 66 B8 A0 00 00 00 66 8B 0E 26 02 E8 46 09 66 A3 32 02 66 B8 B0 00 00 00 66 8B 0E 2A 02 E8 34 09 66 A3 36 02 66 A1 2E 02 66 0B C0 0F 84 24 FE 67 80 78 08 00 0F 85 1B FE 67 66 8D 50 10 67 03 42 04 67 66 0F B6 48 0C 66 89 0E 62 02 67 66 8B 48 08 66 89 0E 5E 02 66 A1 5E 02 66 0F B7 0E 0B 00 66 33 D2 66 F7 F1 66 A3 66 02 66 A1 42 02 66 03 06 5E 02 66 A3 46 02 66 83 3E 32 02 00 0F 84 1D 00 66 83 3E 36 02 00 0F 84 C8 FD 66 8B 1E 36 02 1E 07 66 8B 3E 46 02 66 A1 2A 02 E8 BC 01 66 0F B7 0E 00 02 66 B8 02 02 00 00 E8 FE 07 66 0B C0 0F 84 A8 09 67 66 8B 00 1E 07 66 8B 3E 3A 02 E8 31 06 66 A1 3A 02 66 BB 20 00 00 00 66 B9 00 00 00 00 66 BA 00 00 00 00 E8 D6 00 66 85 C0 0F 85 23 00 66 A1 3A 02 66 BB 80 00 00 00 66 B9 00 00 00 00

[motji]

Můžete se ještě prosím podívat na druhý fyzický disk?
Zajímají mě sektory 0-64

[jirka12345]

0 sec

FA 33 DB 8E D3 36 89 26 FE 7B BC FE 7B 1E 66 60 FC 8E DB BE 13 04 83 2C 02 AD C1 E0 06 8E C0 BE 00 7C 33 FF B9 00 01 F3 A5 B8 02 02 B1 3D BA 80 00 8B DF CD 13 33 DB 90 90 90 90 90 66 8B 47 4C C7 47 4C 6B 00 66 26 A3 78 00 8C 47 4E 06 68 52 00 CB FB 8E C3 B8 01 02 B9 3F 00 BA 80 00 B7 7C CD 13 66 61 1F 5C EA 00 7C 00 00 9C 80 FC 42 74 0B 80 FC 02 74 06 9D EA 00 00 00 00 2E 88 26 95 00 9D 9C 2E FF 1E 78 00 0F 82 9E 00 9C FA 06 66 60 FC B4 00 B5 00 80 FD 42 75 04 AD AD C4 1C 85 C0 75 01 40 8B C8 C1 E1 09 B0 8B 8B FB 60 F2 AE 75 48 90 66 26 81 3D F0 85 F6 74 75 F1 26 81 7D 05 80 3D 75 E9 26 8A 45 04 3C 21 74 04 3C 22 75 DD BE 0B 02 2E 80 3C 00 75 20 2E 88 04 26 C7 45 FF FF 15 66 8C C8 66 C1 E0 04 05 00 02 66 2E A3 FC 01 2D 04 00 66 26 89 45 01 61 B0 83 F2 AE 75 25 66 26 81 3D C4 02 E9 00 75 F2 66 26 81 7D 04 00 E9 FD FF 75 E7 66 26 C7 45 FC 90 90 90 83 26 83 65 06 00 EB D7 66 61 07 9D CA 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2C 44 6A 51 CA 51 CA 00 00 00 00 01 01 0F FE FF FF C1 3E 00 00 00 9F 49 17 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 sec


60 sec

8B F0 85 C0 9C 75 05 83 44 24 04 00 60 FC 8B 7C 24 24 81 E7 00 00 F0 FF B0 C7 AE 75 FD 81 3F 46 34 00 40 75 F5 B0 A1 AE 75 FD 8B 37 8B 36 8B 36 8B 5E 18 8B EB 43 81 3B 6A 4B 6A 19 75 F7 80 7B 04 89 75 03 83 C3 06 80 7B 04 E8 75 E8 8D 7B 09 B0 E8 AE 75 FD 66 81 7F 04 84 C0 75 D8 8B 17 8D 54 3A 04 E8 00 00 00 00 58 66 0D FF 01 40 89 50 04 89 68 0C 57 8B 75 3C 8B 74 35 50 03 F5 4E 81 CE FF 0F 00 00 81 EE FF 01 00 00 8B FE 96 B9 80 00 00 00 F3 A5 5F 2B C7 83 E8 04 AB 61 9D C3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00


61 sec

8B 14 24 68 78 56 34 12 8B 0C 24 68 78 56 34 12 0F 20 C0 50 25 FF FF FE FF 0F 22 C0 2B CA 58 0F 22 C0 FF 34 24 68 62 E0 07 37 E8 3B 00 00 00 59 59 68 AB 01 00 00 6A 00 FF D0 60 E8 00 00 00 00 5E 83 C6 15 8B F8 6A 6A 59 F3 A5 B1 80 8D BE 00 FE FF FF FF E0 33 C0 61 FF 74 24 0C FF 54 24 08 59 5A 60 87 CD E8 52 00 00 00 60 8B 6C 24 28 8B 45 3C 8B 54 05 78 03 D5 8B 4A 18 8B 5A 20 03 DD E3 32 49 8B 34 8B 03 F5 33 FF FC 33 C0 AC 3A C4 74 07 C1 CF 0D 03 F8 EB F2 3B 7C 24 24 75 E1 8B 5A 24 03 DD 66 8B 0C 4B 8B 5A 1C 03 DD 8B 04 8B 03 C5 EB 02 33 C0 89 44 24 1C 61 C3 5B 55 68 B8 74 29 85 FF D3 33 D2 52 52 8B F4 52 8B FC E8 26 00 00 00 5C 00 3F 00 3F 00 5C 00 50 00 68 00 79 00 73 00 69 00 63 00 61 00 6C 00 44 00 72 00 69 00 76 00 65 00 30 00 00 00 68 24 00 26 00 8B CC 52 52 6A 40 51 52 6A 18 8B CC 6A 20 6A 03 56 51 68 00 00 10 80 57 FF D0 55 68 62 E0 07 37 FF D3 97 55 68 16 D5 FC 84 FF D3 89 06 68 2E 00 00 00 68 00 82 BB 93 8B CC 6A 00 51 B9 00 58 03 00 51 51 6A 00 FF D7 50 56 8B CE 96 33 D2 52 52 52 FF 74 24 58 FF 11 55 68 5F 4C D4 DC FF D3 FF 74 24 40 FF D0 8B 46 3C 03 C6 50 8B 50 50 52 52 6A 00 FF D7 97 59 57 32 C0 F3 AA 5F 58 60 8B 48 54 F3 A4 61 2B C6 03 C7 0F B7 48 06 8D 90 F8 00 00 00 60 03 72 14 03 7A 0C 8B 4A 10 E3 02 F3 A4 61 83 C2 28 E2 EC 50 60 8B FE 91 B9 00 D6 00 00 F3 AB 61 55 68 1F 9D 48 9D FF D3 95 56 FF D5 8B 74 24 08 FF B4 24 84 00 00 00 57 8B 46 28 03 C7 FF D0 0B C0 7D 0E 8B 4E 50 E3 09 32 C0 57 F3 AA 5F 57 FF D5 83 C4 60 33 C0 8B FB 83 EF 15 B9 9C 01 00 00 F3 AA 61 C2 04 00 00 00 00 00 00 00 00 00 00


62 sec

33 C0 8E D0 BC 00 7C FB 50 07 50 1F FC BE 1B 7C BF 1B 06 50 57 B9 E5 01 F3 A4 CB BD BE 07 B1 04 38 6E 00 7C 09 75 13 83 C5 10 E2 F4 CD 18 8B F5 83 C6 10 49 74 19 38 2C 74 F6 A0 B5 07 B4 07 8B F0 AC 3C 00 74 FC BB 07 00 B4 0E CD 10 EB F2 88 4E 10 E8 46 00 73 2A FE 46 10 80 7E 04 0B 74 0B 80 7E 04 0C 74 05 A0 B6 07 75 D2 80 46 02 06 83 46 08 06 83 56 0A 00 E8 21 00 73 05 A0 B6 07 EB BC 81 3E FE 7D 55 AA 74 0B 80 7E 10 00 74 C8 A0 B7 07 EB A9 8B FC 1E 57 8B F5 CB BF 05 00 8A 56 00 B4 08 CD 13 72 23 8A C1 24 3F 98 8A DE 8A FC 43 F7 E3 8B D1 86 D6 B1 06 D2 EE 42 F7 E2 39 56 0A 77 23 72 05 39 46 08 73 1C B8 01 02 BB 00 7C 8B 4E 02 8B 56 00 CD 13 73 51 4F 74 4E 32 E4 8A 56 00 CD 13 EB E4 8A 56 00 60 BB AA 55 B4 41 CD 13 72 36 81 FB 55 AA 75 30 F6 C1 01 74 2B 61 60 6A 00 6A 00 FF 76 0A FF 76 08 6A 00 68 00 7C 6A 01 6A 10 B4 42 8B F4 CD 13 61 61 73 0E 4F 74 0B 32 E4 8A 56 00 CD 13 EB D6 61 F9 C3 4E 65 70 6C 61 74 6E A0 20 74 61 62 75 6C 6B 61 20 6F 64 64 A1 6C 85 00 43 68 79 62 61 20 70 FD 69 20 6E 61 9F A1 74 A0 6E A1 20 6F 70 65 72 61 9F 6E A1 68 6F 20 73 79 73 74 82 6D 75 00 4F 70 65 72 61 9F 6E A1 20 73 79 73 74 82 6D 20 6E 65 6E 61 6C 65 7A 65 6E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2C 44 6A 51 CA 51 CA 00 00 00 00 01 01 0F FE FF FF C1 3E 00 00 00 9F 49 17 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA



63 sec

EB 52 90 4E 54 46 53 20 20 20 20 00 02 08 00 00 00 00 00 00 00 F8 00 00 3F 00 FF 00 3F 00 00 00 00 00 00 00 80 00 80 00 81 DD 49 17 00 00 00 00 00 00 0C 00 00 00 00 00 D8 9D 74 01 00 00 00 00 F6 00 00 00 01 00 00 00 FF B7 12 34 C5 12 34 C6 00 00 00 00 FA 33 C0 8E D0 BC 00 7C FB B8 C0 07 8E D8 E8 16 00 B8 00 0D 8E C0 33 DB C6 06 0E 00 10 E8 53 00 68 00 0D 68 6A 02 CB 8A 16 24 00 B4 08 CD 13 73 05 B9 FF FF 8A F1 66 0F B6 C6 40 66 0F B6 D1 80 E2 3F F7 E2 86 CD C0 ED 06 41 66 0F B7 C9 66 F7 E1 66 A3 20 00 C3 B4 41 BB AA 55 8A 16 24 00 CD 13 72 0F 81 FB 55 AA 75 09 F6 C1 01 74 04 FE 06 14 00 C3 66 60 1E 06 66 A1 10 00 66 03 06 1C 00 66 3B 06 20 00 0F 82 3A 00 1E 66 6A 00 66 50 06 53 66 68 10 00 01 00 80 3E 14 00 00 0F 85 0C 00 E8 B3 FF 80 3E 14 00 00 0F 84 61 00 B4 42 8A 16 24 00 16 1F 8B F4 CD 13 66 58 5B 07 66 58 66 58 1F EB 2D 66 33 D2 66 0F B7 0E 18 00 66 F7 F1 FE C2 8A CA 66 8B D0 66 C1 EA 10 F7 36 1A 00 86 D6 8A 16 24 00 8A E8 C0 E4 06 0A CC B8 01 02 CD 13 0F 82 19 00 8C C0 05 20 00 8E C0 66 FF 06 10 00 FF 0E 0E 00 0F 85 6F FF 07 1F 66 61 C3 A0 F8 01 E8 09 00 A0 FB 01 E8 03 00 FB EB FE B4 01 8B F0 AC 3C 00 74 09 B4 0E BB 07 00 CD 10 EB F2 C3 0D 0A 43 68 79 62 61 20 9F 74 65 6E A1 20 64 69 73 6B 75 00 0D 0A 4E 54 4C 44 52 20 6E 65 6E 61 6C 65 7A 65 6E 00 0D 0A 4E 54 4C 44 52 20 6B 6F 6D 70 72 69 6D 6F 76 A0 6E 00 0D 0A 52 65 73 74 61 72 74 75 6A 74 65 20 73 74 69 73 6B 6E 75 74 A1 6D 20 6B 6C A0 76 65 73 20 43 74 72 6C 2B 41 6C 74 2B 44 65 6C 0D 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 83 97 A9 BD 00 00 55 AA



64 sec

05 00 4E 00 54 00 4C 00 44 00 52 00 04 00 24 00 49 00 33 00 30 00 00 E0 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 EB 12 90 90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 8C C8 8E D8 C1 E0 04 FA 8B E0 FB E8 03 FE 66 0F B7 06 0B 00 66 0F B6 1E 0D 00 66 F7 E3 66 A3 4E 02 66 8B 0E 40 00 80 F9 00 0F 8F 0E 00 F6 D9 66 B8 01 00 00 00 66 D3 E0 EB 08 90 66 A1 4E 02 66 F7 E1 66 A3 52 02 66 0F B7 1E 0B 00 66 33 D2 66 F7 F3 66 A3 56 02 E8 71 04 66 8B 0E 4A 02 66 89 0E 22 02 66 03 0E 52 02 66 89 0E 26 02 66 03 0E 52 02 66 89 0E 2A 02 66 03 0E 52 02 66 89 0E 3A 02 66 03 0E 52 02 66 89 0E 42 02 66 B8 90 00 00 00 66 8B 0E 22 02 E8 5F 09 66 0B C0 0F 84 57 FE 66 A3 2E 02 66 B8 A0 00 00 00 66 8B 0E 26 02 E8 46 09 66 A3 32 02 66 B8 B0 00 00 00 66 8B 0E 2A 02 E8 34 09 66 A3 36 02 66 A1 2E 02 66 0B C0 0F 84 24 FE 67 80 78 08 00 0F 85 1B FE 67 66 8D 50 10 67 03 42 04 67 66 0F B6 48 0C 66 89 0E 62 02 67 66 8B 48 08 66 89 0E 5E 02 66 A1 5E 02 66 0F B7 0E 0B 00 66 33 D2 66 F7 F1 66 A3 66 02 66 A1 42 02 66 03 06 5E 02 66 A3 46 02 66 83 3E 32 02 00 0F 84 1D 00 66 83 3E 36 02 00 0F 84 C8 FD 66 8B 1E 36 02 1E 07 66 8B 3E 46 02 66 A1 2A 02 E8 BC 01 66 0F B7 0E 00 02 66 B8 02 02 00 00 E8 FE 07 66 0B C0 0F 84 A8 09 67 66 8B 00 1E 07 66 8B 3E 3A 02 E8 31 06 66 A1 3A 02 66 BB 20 00 00 00 66 B9 00 00 00 00 66 BA 00 00 00 00 E8 D6 00 66 85 C0 0F 85 23 00 66 A1 3A 02 66 BB 80 00 00 00 66 B9 00 00 00 00