Wget http://www.stahuj.centrum.cz/internet_a ... zery/wget/
O něm hlásil firewall.
Nerozumím. wget nemám ani v instalovaných programech, průzkumník ho na počítači taky nenašel. Avira se prý aktualizuje, ale mizí mi z lišty, nešlape WebGuard ani MailGuard a při startu centrum zabezpečení hlásí vypnutý antivir, i když nabíhá hned ze začátku.
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Avira Premium neaktualizuje soubory, Outpostu se nelíbí IGMP
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Avira Premium neaktualizuje soubory, Outpostu se nelíbí
UltraISO vytváří taky virtuální mechaniky?
Re: Avira Premium neaktualizuje soubory, Outpostu se nelíbí
Přiznám se, že nevím. vytváří Vám ten program virutální mechaniku? Pokud ne, tak ho odinstalovat nemusíte.
wget - to Vám hlásil firewall. Zatím tzo nechejte být, pokud by firewall znovu hlásil, dejte vědět.
wget - to Vám hlásil firewall. Zatím tzo nechejte být, pokud by firewall znovu hlásil, dejte vědět.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Avira Premium neaktualizuje soubory, Outpostu se nelíbí
Log z defogger:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:51 on 01/08/2010 (Administrator)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
SPTD -> Already disabled
-=E.O.F=-
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:51 on 01/08/2010 (Administrator)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
SPTD -> Already disabled
-=E.O.F=-
Re: Avira Premium neaktualizuje soubory, Outpostu se nelíbí
GMER 1. log
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-08-01 14:21:13
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fwacypow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryDirectoryFile [0xBA635AB0]
---- Devices - GMER 1.0.15 ----
Device \Driver\Tcpip \Device\Ip afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device \Driver\Tcpip \Device\Tcp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
Device \Driver\Tcpip \Device\Udp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device \Driver\Tcpip \Device\RawIp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
---- EOF - GMER 1.0.15 ----
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-08-01 14:21:13
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fwacypow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryDirectoryFile [0xBA635AB0]
---- Devices - GMER 1.0.15 ----
Device \Driver\Tcpip \Device\Ip afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device \Driver\Tcpip \Device\Tcp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
Device \Driver\Tcpip \Device\Udp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device \Driver\Tcpip \Device\RawIp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
---- EOF - GMER 1.0.15 ----
Re: Avira Premium neaktualizuje soubory, Outpostu se nelíbí
GMER 2. log
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-01 14:43:22
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fwacypow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwAssignProcessToJobObject [0xBA64FC70]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwClose [0xBA634C90]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwConnectPort [0xBA653390]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateFile [0xBA631000]
SSDT F8FBE166 ZwCreateKey
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateProcess [0xBA6484C0]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateProcessEx [0xBA648DC0]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateSection [0xBA62FDB0]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateSymbolicLinkObject [0xBA63C050]
SSDT F8FBE15C ZwCreateThread
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDebugActiveProcess [0xBA656E20]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDeleteFile [0xBA63AD30]
SSDT F8FBE16B ZwDeleteKey
SSDT F8FBE175 ZwDeleteValueKey
SSDT F8FBE193 ZwLoadDriver
SSDT F8FBE17A ZwLoadKey
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwMakeTemporaryObject [0xBA63B8C0]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenFile [0xBA633CB0]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenKey [0xBA63D1D0]
SSDT F8FBE148 ZwOpenProcess
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenSection [0xBA630620]
SSDT F8FBE14D ZwOpenThread
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwProtectVirtualMemory [0xBA650FB0]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryDirectoryFile [0xBA635AB0]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryKey [0xBA63F960]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryValueKey [0xBA6401B0]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueueApcThread [0xBA64F0E0]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRenameKey [0xBA6437A0]
SSDT F8FBE184 ZwReplaceKey
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRequestPort [0xBA655630]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRequestWaitReplyPort [0xBA655950]
SSDT F8FBE17F ZwRestoreKey
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSaveKey [0xBA641E90]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSaveKeyEx [0xBA6426E0]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSecureConnectPort [0xBA653F70]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetContextThread [0xBA64E650]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetInformationDebugObject [0xBA657410]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetInformationFile [0xBA636E00]
SSDT F8FBE198 ZwSetSystemInformation
SSDT F8FBE170 ZwSetValueKey
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSuspendProcess [0xBA64D3A0]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSuspendThread [0xBA64DCD0]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSystemDebugControl [0xBA656660]
SSDT F8FBE157 ZwTerminateProcess
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwTerminateThread [0xBA64C830]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwUnloadDriver [0xBA646740]
SSDT F8FBE152 ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!_abnormal_termination + 130 804E279C 2 Bytes [20, 6E]
.text ntoskrnl.exe!_abnormal_termination + 133 804E279F 1 Byte [BA]
.text ntoskrnl.exe!_abnormal_termination + 34C 804E29B8 2 Bytes [A0, 37]
.text ntoskrnl.exe!_abnormal_termination + 34F 804E29BB 5 Bytes [BA, 84, E1, FB, F8] {MOV EDX, 0xf8fbe184}
.text ntoskrnl.exe!_abnormal_termination + 388 804E29F4 2 Bytes [90, 1E] {NOP ; PUSH DS}
.text ...
---- User code sections - GMER 1.0.15 ----
.text C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe[2828] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 005424CC C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe (Agnitum Outpost Service/Agnitum Ltd.)
.text C:\Program Files\Agnitum\Outpost Firewall Pro\op_mon.exe[3032] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 005C122C C:\Program Files\Agnitum\Outpost Firewall Pro\op_mon.exe (Outpost User Interface/Agnitum Ltd.)
.text C:\Program Files\Agnitum\Outpost Firewall Pro\op_mon.exe[3032] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 005C1168 C:\Program Files\Agnitum\Outpost Firewall Pro\op_mon.exe (Outpost User Interface/Agnitum Ltd.)
.text C:\Program Files\Agnitum\Outpost Firewall Pro\op_mon.exe[3032] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 005C1200 C:\Program Files\Agnitum\Outpost Firewall Pro\op_mon.exe (Outpost User Interface/Agnitum Ltd.)
.text C:\Program Files\Agnitum\Outpost Firewall Pro\op_mon.exe[3032] USER32.dll!EnableWindow 7E379849 5 Bytes JMP 0129174C C:\Program Files\Agnitum\Outpost Firewall Pro\op_cmn.dll (Outpost Common Controls Library/Agnitum Ltd.)
.text C:\Program Files\Agnitum\Outpost Firewall Pro\op_mon.exe[3032] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 005C11D4 C:\Program Files\Agnitum\Outpost Firewall Pro\op_mon.exe (Outpost User Interface/Agnitum Ltd.)
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F82AA8D8] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F82AA8D8] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F82AA8D8] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F82AA8D8] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F82AA8D8] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F82AA8D8] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F82AA8D8] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtSetInformationFile] [BA6453A0] \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateFile] [BA6321D0] \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.)
---- Devices - GMER 1.0.15 ----
Device \Driver\Tcpip \Device\Ip afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device \Driver\Tcpip \Device\Tcp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume5 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume5 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume6 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume6 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
Device \Driver\Tcpip \Device\Udp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device \Driver\Tcpip \Device\RawIp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device \Driver\Tcpip \Device\IPMULTICAST afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
---- Files - GMER 1.0.15 ----
File C:\Documents and Settings\Administrator\My Private Folder\Image.jpg 126022 bytes
File C:\Documents and Settings\Administrator\My Private Folder\Image.jpg.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO 0 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\IMG_0812.JPG 1840502 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\.picasa.ini 34 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\.picasa.ini.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\18072009 0 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\18072009\IMG_0812.JPG 1840502 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\18072009\.picasa.ini 68 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\18072009\.picasa.ini.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\18072009\IMG_0806.JPG 1848333 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\18072009\IMG_0806.JPG.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\18072009\IMG_0807.JPG 1847634 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\18072009\IMG_0807.JPG.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\18072009\IMG_0809.JPG 1819691 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\18072009\IMG_0809.JPG.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\18072009\IMG_0810.JPG 1829175 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\18072009\IMG_0810.JPG.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\18072009\IMG_0811.JPG 1820873 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\18072009\IMG_0811.JPG.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\18072009\IMG_0812.JPG.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\18072009\IMG_0813.JPG 1819507 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\18072009\IMG_0813.JPG.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\18072009\IMG_0814.JPG 1819997 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\18072009\IMG_0814.JPG.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\18072009\IMG_0815.JPG 1709237 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\18072009\IMG_0815.JPG.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\18072009\IMG_0816.JPG 1819354 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\18072009\IMG_0816.JPG.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\18072009\IMG_0817.JPG 1767325 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\18072009\IMG_0817.JPG.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\18072009\IMG_0818.JPG 1821521 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\18072009\IMG_0818.JPG.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\18072009\IMG_0819.JPG 1847808 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\18072009\IMG_0819.JPG.$e_ 512 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\18072009\IMG_0820.JPG 1839985 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\18072009\IMG_0820.JPG.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\18072009\IMG_0821.JPG 1848608 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\18072009\IMG_0821.JPG.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\18072009\IMG_0822.JPG 1820402 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\18072009\IMG_0822.JPG.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\18072009\IMG_0823.JPG 1836849 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\18072009\IMG_0823.JPG.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\IMG_0806.JPG 1848333 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\IMG_0806.JPG.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\IMG_0807.JPG 1847634 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\IMG_0807.JPG.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\IMG_0809.JPG 1819691 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\IMG_0809.JPG.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\IMG_0810.JPG 1829175 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\IMG_0810.JPG.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\IMG_0811.JPG 1820873 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\IMG_0811.JPG.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\IMG_0812.JPG.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\IMG_0813.JPG 1819507 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\IMG_0813.JPG.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\IMG_0814.JPG 1819997 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\IMG_0814.JPG.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\IMG_0815.JPG 1709237 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\IMG_0815.JPG.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\IMG_0816.JPG 1819354 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\IMG_0816.JPG.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\IMG_0817.JPG 1767325 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\IMG_0817.JPG.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\IMG_0818.JPG 1821521 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\IMG_0818.JPG.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JoKoMobil 0 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JoKoMobil\13-06-09_1528.jpg.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JoKoMobil\01-01-09_1339.jpg 74290 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JoKoMobil\01-01-09_1339.jpg.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JoKoMobil\05-03-09_0018.jpg 63263 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JoKoMobil\05-03-09_0018.jpg.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JoKoMobil\05-03-09_0019.jpg 71437 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JoKoMobil\05-03-09_0019.jpg.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JoKoMobil\05-03-09_0020.jpg 44443 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JoKoMobil\05-03-09_0020.jpg.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JoKoMobil\05-03-09_0021.jpg 72356 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JoKoMobil\05-03-09_0021.jpg.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JoKoMobil\07-01-09_2242.jpg 16718 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JoKoMobil\07-01-09_2242.jpg.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JoKoMobil\09-01-09_2211.3gp 297617 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JoKoMobil\09-01-09_2211.3gp.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JoKoMobil\09-01-09_2213.3gp 296917 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JoKoMobil\09-01-09_2213.3gp.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JoKoMobil\13-06-09_1528.jpg 39018 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JoKoMobil\16-02-09_1907.jpg 66680 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JoKoMobil\16-02-09_1907.jpg.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JoKoMobil\16-02-09_1908.jpg 74561 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JoKoMobil\16-02-09_1908.jpg.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JoKoMobil\18-03-09_0745.jpg 66844 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JoKoMobil\18-03-09_0745.jpg.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JoKoMobil\22-05-09_1506.3gp 161492 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JoKoMobil\22-05-09_1506.3gp.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JoKoMobil\28-02-09_1849.3gp 293696 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JoKoMobil\28-02-09_1849.3gp.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JoKoMobil\28-02-09_2138.jpg 15847 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JoKoMobil\28-02-09_2138.jpg.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JoKoMobil\28-02-09_2342.jpg 52736 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JoKoMobil\28-02-09_2342.jpg.$e_ 512 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JoKoMobil\adresar 0 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JoKoMobil\adresar\adresar.txt 196 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JoKoMobil\adresar\adresar.txt.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JoKoMobil\adresar\SIMadresar.txt 504 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JoKoMobil\adresar\SIMadresar.txt.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\Proe diti potoebuji mobil.wm 1264771 bytes
File C:\Documents and Settings\Administrator\My Private Folder\Proe diti potoebuji mobil.wm.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\prvflder.dat 512 bytes
File C:\Documents and Settings\Administrator\My Private Folder\Tak tohle neni ani v kamasutre.wmv 1267830 bytes
File C:\Documents and Settings\Administrator\My Private Folder\Tak tohle neni ani v kamasutre.wmv.$e_ 1024 bytes
File C:\Documents and Settings\kluci\My Private Folder\Desktop.ini 63 bytes
File C:\Documents and Settings\kluci\My Private Folder\prvflder.dat 512 bytes
File C:\Documents and Settings\Sylva\My Private Folder\Desktop.ini 63 bytes
File C:\Documents and Settings\Sylva\My Private Folder\prvflder.dat 512 bytes
---- EOF - GMER 1.0.15 ----
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-01 14:43:22
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fwacypow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwAssignProcessToJobObject [0xBA64FC70]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwClose [0xBA634C90]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwConnectPort [0xBA653390]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateFile [0xBA631000]
SSDT F8FBE166 ZwCreateKey
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateProcess [0xBA6484C0]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateProcessEx [0xBA648DC0]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateSection [0xBA62FDB0]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateSymbolicLinkObject [0xBA63C050]
SSDT F8FBE15C ZwCreateThread
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDebugActiveProcess [0xBA656E20]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDeleteFile [0xBA63AD30]
SSDT F8FBE16B ZwDeleteKey
SSDT F8FBE175 ZwDeleteValueKey
SSDT F8FBE193 ZwLoadDriver
SSDT F8FBE17A ZwLoadKey
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwMakeTemporaryObject [0xBA63B8C0]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenFile [0xBA633CB0]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenKey [0xBA63D1D0]
SSDT F8FBE148 ZwOpenProcess
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenSection [0xBA630620]
SSDT F8FBE14D ZwOpenThread
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwProtectVirtualMemory [0xBA650FB0]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryDirectoryFile [0xBA635AB0]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryKey [0xBA63F960]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryValueKey [0xBA6401B0]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueueApcThread [0xBA64F0E0]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRenameKey [0xBA6437A0]
SSDT F8FBE184 ZwReplaceKey
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRequestPort [0xBA655630]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRequestWaitReplyPort [0xBA655950]
SSDT F8FBE17F ZwRestoreKey
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSaveKey [0xBA641E90]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSaveKeyEx [0xBA6426E0]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSecureConnectPort [0xBA653F70]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetContextThread [0xBA64E650]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetInformationDebugObject [0xBA657410]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetInformationFile [0xBA636E00]
SSDT F8FBE198 ZwSetSystemInformation
SSDT F8FBE170 ZwSetValueKey
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSuspendProcess [0xBA64D3A0]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSuspendThread [0xBA64DCD0]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSystemDebugControl [0xBA656660]
SSDT F8FBE157 ZwTerminateProcess
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwTerminateThread [0xBA64C830]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwUnloadDriver [0xBA646740]
SSDT F8FBE152 ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!_abnormal_termination + 130 804E279C 2 Bytes [20, 6E]
.text ntoskrnl.exe!_abnormal_termination + 133 804E279F 1 Byte [BA]
.text ntoskrnl.exe!_abnormal_termination + 34C 804E29B8 2 Bytes [A0, 37]
.text ntoskrnl.exe!_abnormal_termination + 34F 804E29BB 5 Bytes [BA, 84, E1, FB, F8] {MOV EDX, 0xf8fbe184}
.text ntoskrnl.exe!_abnormal_termination + 388 804E29F4 2 Bytes [90, 1E] {NOP ; PUSH DS}
.text ...
---- User code sections - GMER 1.0.15 ----
.text C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe[2828] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 005424CC C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe (Agnitum Outpost Service/Agnitum Ltd.)
.text C:\Program Files\Agnitum\Outpost Firewall Pro\op_mon.exe[3032] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 005C122C C:\Program Files\Agnitum\Outpost Firewall Pro\op_mon.exe (Outpost User Interface/Agnitum Ltd.)
.text C:\Program Files\Agnitum\Outpost Firewall Pro\op_mon.exe[3032] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 005C1168 C:\Program Files\Agnitum\Outpost Firewall Pro\op_mon.exe (Outpost User Interface/Agnitum Ltd.)
.text C:\Program Files\Agnitum\Outpost Firewall Pro\op_mon.exe[3032] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 005C1200 C:\Program Files\Agnitum\Outpost Firewall Pro\op_mon.exe (Outpost User Interface/Agnitum Ltd.)
.text C:\Program Files\Agnitum\Outpost Firewall Pro\op_mon.exe[3032] USER32.dll!EnableWindow 7E379849 5 Bytes JMP 0129174C C:\Program Files\Agnitum\Outpost Firewall Pro\op_cmn.dll (Outpost Common Controls Library/Agnitum Ltd.)
.text C:\Program Files\Agnitum\Outpost Firewall Pro\op_mon.exe[3032] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 005C11D4 C:\Program Files\Agnitum\Outpost Firewall Pro\op_mon.exe (Outpost User Interface/Agnitum Ltd.)
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F82AA8D8] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F82AA8D8] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F82AA8D8] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F82AA8D8] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F82AA8D8] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F82AA8D8] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F82AA8D8] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtSetInformationFile] [BA6453A0] \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateFile] [BA6321D0] \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.)
---- Devices - GMER 1.0.15 ----
Device \Driver\Tcpip \Device\Ip afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device \Driver\Tcpip \Device\Tcp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume5 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume5 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume6 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume6 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
Device \Driver\Tcpip \Device\Udp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device \Driver\Tcpip \Device\RawIp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device \Driver\Tcpip \Device\IPMULTICAST afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
---- Files - GMER 1.0.15 ----
File C:\Documents and Settings\Administrator\My Private Folder\Image.jpg 126022 bytes
File C:\Documents and Settings\Administrator\My Private Folder\Image.jpg.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO 0 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\IMG_0812.JPG 1840502 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\.picasa.ini 34 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\.picasa.ini.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\18072009 0 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\18072009\IMG_0812.JPG 1840502 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\18072009\.picasa.ini 68 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\18072009\.picasa.ini.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\18072009\IMG_0806.JPG 1848333 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\18072009\IMG_0806.JPG.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\18072009\IMG_0807.JPG 1847634 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\18072009\IMG_0807.JPG.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\18072009\IMG_0809.JPG 1819691 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\18072009\IMG_0809.JPG.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\18072009\IMG_0810.JPG 1829175 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\18072009\IMG_0810.JPG.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\18072009\IMG_0811.JPG 1820873 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\18072009\IMG_0811.JPG.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\18072009\IMG_0812.JPG.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\18072009\IMG_0813.JPG 1819507 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\18072009\IMG_0813.JPG.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\18072009\IMG_0814.JPG 1819997 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\18072009\IMG_0814.JPG.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\18072009\IMG_0815.JPG 1709237 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\18072009\IMG_0815.JPG.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\18072009\IMG_0816.JPG 1819354 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\18072009\IMG_0816.JPG.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\18072009\IMG_0817.JPG 1767325 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\18072009\IMG_0817.JPG.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\18072009\IMG_0818.JPG 1821521 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\18072009\IMG_0818.JPG.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\18072009\IMG_0819.JPG 1847808 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\18072009\IMG_0819.JPG.$e_ 512 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\18072009\IMG_0820.JPG 1839985 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\18072009\IMG_0820.JPG.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\18072009\IMG_0821.JPG 1848608 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\18072009\IMG_0821.JPG.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\18072009\IMG_0822.JPG 1820402 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\18072009\IMG_0822.JPG.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\18072009\IMG_0823.JPG 1836849 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\18072009\IMG_0823.JPG.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\IMG_0806.JPG 1848333 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\IMG_0806.JPG.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\IMG_0807.JPG 1847634 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\IMG_0807.JPG.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\IMG_0809.JPG 1819691 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\IMG_0809.JPG.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\IMG_0810.JPG 1829175 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\IMG_0810.JPG.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\IMG_0811.JPG 1820873 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\IMG_0811.JPG.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\IMG_0812.JPG.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\IMG_0813.JPG 1819507 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\IMG_0813.JPG.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\IMG_0814.JPG 1819997 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\IMG_0814.JPG.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\IMG_0815.JPG 1709237 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\IMG_0815.JPG.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\IMG_0816.JPG 1819354 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\IMG_0816.JPG.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\IMG_0817.JPG 1767325 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\IMG_0817.JPG.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\IMG_0818.JPG 1821521 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JOKO\IMG_0818.JPG.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JoKoMobil 0 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JoKoMobil\13-06-09_1528.jpg.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JoKoMobil\01-01-09_1339.jpg 74290 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JoKoMobil\01-01-09_1339.jpg.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JoKoMobil\05-03-09_0018.jpg 63263 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JoKoMobil\05-03-09_0018.jpg.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JoKoMobil\05-03-09_0019.jpg 71437 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JoKoMobil\05-03-09_0019.jpg.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JoKoMobil\05-03-09_0020.jpg 44443 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JoKoMobil\05-03-09_0020.jpg.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JoKoMobil\05-03-09_0021.jpg 72356 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JoKoMobil\05-03-09_0021.jpg.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JoKoMobil\07-01-09_2242.jpg 16718 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JoKoMobil\07-01-09_2242.jpg.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JoKoMobil\09-01-09_2211.3gp 297617 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JoKoMobil\09-01-09_2211.3gp.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JoKoMobil\09-01-09_2213.3gp 296917 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JoKoMobil\09-01-09_2213.3gp.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JoKoMobil\13-06-09_1528.jpg 39018 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JoKoMobil\16-02-09_1907.jpg 66680 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JoKoMobil\16-02-09_1907.jpg.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JoKoMobil\16-02-09_1908.jpg 74561 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JoKoMobil\16-02-09_1908.jpg.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JoKoMobil\18-03-09_0745.jpg 66844 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JoKoMobil\18-03-09_0745.jpg.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JoKoMobil\22-05-09_1506.3gp 161492 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JoKoMobil\22-05-09_1506.3gp.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JoKoMobil\28-02-09_1849.3gp 293696 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JoKoMobil\28-02-09_1849.3gp.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JoKoMobil\28-02-09_2138.jpg 15847 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JoKoMobil\28-02-09_2138.jpg.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JoKoMobil\28-02-09_2342.jpg 52736 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JoKoMobil\28-02-09_2342.jpg.$e_ 512 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JoKoMobil\adresar 0 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JoKoMobil\adresar\adresar.txt 196 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JoKoMobil\adresar\adresar.txt.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JoKoMobil\adresar\SIMadresar.txt 504 bytes
File C:\Documents and Settings\Administrator\My Private Folder\JoKoMobil\adresar\SIMadresar.txt.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\Proe diti potoebuji mobil.wm 1264771 bytes
File C:\Documents and Settings\Administrator\My Private Folder\Proe diti potoebuji mobil.wm.$e_ 1024 bytes
File C:\Documents and Settings\Administrator\My Private Folder\prvflder.dat 512 bytes
File C:\Documents and Settings\Administrator\My Private Folder\Tak tohle neni ani v kamasutre.wmv 1267830 bytes
File C:\Documents and Settings\Administrator\My Private Folder\Tak tohle neni ani v kamasutre.wmv.$e_ 1024 bytes
File C:\Documents and Settings\kluci\My Private Folder\Desktop.ini 63 bytes
File C:\Documents and Settings\kluci\My Private Folder\prvflder.dat 512 bytes
File C:\Documents and Settings\Sylva\My Private Folder\Desktop.ini 63 bytes
File C:\Documents and Settings\Sylva\My Private Folder\prvflder.dat 512 bytes
---- EOF - GMER 1.0.15 ----
Re: Avira Premium neaktualizuje soubory, Outpostu se nelíbí
MBR.log
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll viaide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll viaide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
Re: Avira Premium neaktualizuje soubory, Outpostu se nelíbí
Mohla byste zjistit, komu patří adresa 172.18.55.1?
Re: Avira Premium neaktualizuje soubory, Outpostu se nelíbí
Wget:
Pokud máte na mysli toto:
Outpost si vyžádal vzdálenou kontrolu, výsledek:
BF-rost Backdoor HKEY_USERS\S-1-5-21-1644491937-706699826-1957994488-500\software\Wget
BZub Trojan HKEY_LOCAL_MACHINE\software\Microsoft\windows\currentversion\ControlPanel\load
tak to je taky podivné. Ikona Outpostu signalizovala skenování, nad tím svítilo okénko "vzdálená kontrola na vyžádání". Za celou dobu, co Outpost mám, jsem to viděla poprvé, přitom ho mám už od r. 2008. Wget jsem nikdy neměla.
Pokud máte na mysli toto:
Outpost si vyžádal vzdálenou kontrolu, výsledek:
BF-rost Backdoor HKEY_USERS\S-1-5-21-1644491937-706699826-1957994488-500\software\Wget
BZub Trojan HKEY_LOCAL_MACHINE\software\Microsoft\windows\currentversion\ControlPanel\load
tak to je taky podivné. Ikona Outpostu signalizovala skenování, nad tím svítilo okénko "vzdálená kontrola na vyžádání". Za celou dobu, co Outpost mám, jsem to viděla poprvé, přitom ho mám už od r. 2008. Wget jsem nikdy neměla.
Re: Avira Premium neaktualizuje soubory, Outpostu se nelíbí
Ta IP by měla patřit pravděpodobně Vašemu providerovi.
Ta hláška se Vám ještě objevila?
jak to vypadá s počítačem teď?
Ta hláška se Vám ještě objevila?
jak to vypadá s počítačem teď?
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Avira Premium neaktualizuje soubory, Outpostu se nelíbí
S tou IP adresou - můžete si sama zjistit, jaké IP adresy u Vás figurují a porovnat to
http://it.cestuji.info/ipconfig_-all.html
http://it.cestuji.info/ipconfig_-all.html
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Avira Premium neaktualizuje soubory, Outpostu se nelíbí
Microsoft Windows XP [Verze 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\Administrator>ipconfig -all
Konfigurace protokolu IP systému Windows
Název hostitele . . . . . . . . . : sy-c944f64abc43
Primární přípona DNS. . . . . . . :
Typ uzlu . . . . . . . . . . . . : neznámý
Povoleno směrování IP . . . . . . : Ne
WINS Proxy povoleno . . . . . . . : Ne
Adaptér pro protokol PPP 3G internet:
Přípona DNS podle připojení . . . :
Popis . . . . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Fyzická Adresa. . . . . . . . . . : 00-53-45-00-00-00
Protokol DHCP povolen . . . . . . : Ne
Adresa IP . . . . . . . . . . . . : 78.136.191.121
Maska podsítě . . . . . . . . . . : 255.255.255.255
Výchozí brána . . . . . . . . . . : 78.136.191.121
Servery DNS . . . . . . . . . . . : 78.136.128.4
78.136.128.12
NetBIOS nad TCP/IP. . . . . . . . : zakázáno
C:\Documents and Settings\Administrator>
Podrobnosti připojení z ikony stavu připojení:
Název zařízení Axesstel USB Modem
Typ zařízení modem
Typ serveru PPP
Přenosy TCP/IP
Ověřování MDS CHAP
Komprese (žádný)
vícelinkové rámce protokolu PPP Vypnuto
Adresa IP serveru 172.18.55.1
Adresa IP klienta 76.136.191.121
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\Administrator>ipconfig -all
Konfigurace protokolu IP systému Windows
Název hostitele . . . . . . . . . : sy-c944f64abc43
Primární přípona DNS. . . . . . . :
Typ uzlu . . . . . . . . . . . . : neznámý
Povoleno směrování IP . . . . . . : Ne
WINS Proxy povoleno . . . . . . . : Ne
Adaptér pro protokol PPP 3G internet:
Přípona DNS podle připojení . . . :
Popis . . . . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Fyzická Adresa. . . . . . . . . . : 00-53-45-00-00-00
Protokol DHCP povolen . . . . . . : Ne
Adresa IP . . . . . . . . . . . . : 78.136.191.121
Maska podsítě . . . . . . . . . . : 255.255.255.255
Výchozí brána . . . . . . . . . . : 78.136.191.121
Servery DNS . . . . . . . . . . . : 78.136.128.4
78.136.128.12
NetBIOS nad TCP/IP. . . . . . . . : zakázáno
C:\Documents and Settings\Administrator>
Podrobnosti připojení z ikony stavu připojení:
Název zařízení Axesstel USB Modem
Typ zařízení modem
Typ serveru PPP
Přenosy TCP/IP
Ověřování MDS CHAP
Komprese (žádný)
vícelinkové rámce protokolu PPP Vypnuto
Adresa IP serveru 172.18.55.1
Adresa IP klienta 76.136.191.121
Re: Avira Premium neaktualizuje soubory, Outpostu se nelíbí
S Wget zatím Outpost nezlobí.
Re: Avira Premium neaktualizuje soubory, Outpostu se nelíbí
Adresa IP serveru 172.18.55.1
Takže je to v pořádku.
A kromě firewallu to s pc vypadá jak?
Takže je to v pořádku.
A kromě firewallu to s pc vypadá jak?
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Avira Premium neaktualizuje soubory, Outpostu se nelíbí
Windows včera večer zalepily nějakou další z bezpečnostních děr. Dnes Avirka roztáhla deštníček, takže všechny 3 moduly konečně naběhly. I když modrou smrt jsem měla naposledy dnes, když jsem se pokusila přihlásit na Seznam, bude třeba vyladit pravidla Outpostu (původní jsem po tom záhadném kolapsu mašiny a Aviry zahodila, nastavila Outpost na maximální ochranu a jel na známé předvolby a pár schválených pravidel pro email, toto fórum a Aviru. Prostě nouzový režim.) Po aktualizaci XP taky zmizelo upozornění, že je Avira vypnutá. (Předtím naběhl stažený deštník, vydal varování o administrátorském účtu, načež nabíhal správce Atiny a pak XP hlásily vypnutou Aviru. Pak najel jen antivirový štít, který se občas aktualizoval.) Přes noc pustím kompletní scan s maximální heuristikou, snad se to už konečně začne normalizovat. Díky moc.
Přispějete na provoz fóra?