Re: prosím o kontrolu logu, vopred ďakujem
Napsal: 24 úno 2010 11:16
od Lilinka
No takže, stiahla som na plochu, spustila a dostala som sa presne po tých 50 completed stage. Hneď ako dopísalo ten posledný 50ty, tak sa vypol PC, naskočila modrá obrazovka, jedine som zachytila prvé slovo, ktoré bolo PROBLEM
no a potom mi naskočila čierna obrazovka tam start windows normally a zapol sa mi. No na C: zase nemám ten log
Re: prosím o kontrolu logu, vopred ďakujem
Napsal: 24 úno 2010 11:32
od Lilinka
a ešte som sa zabudla spýtať mám C:\WINDOWS\system32\KB905474\wgasetup.exe zmazať? keď tam píše cez VT: eSafe 7.0.17.0 2010.02.23 Win32.TrojanHorse
Re: prosím o kontrolu logu, vopred ďakujem
Napsal: 24 úno 2010 12:03
od franticek
Nemazat, určitě falešná detekce.Je to součást Windows Genuine Advantage - ověření legálnosti systému.
1. Zkus tedy ještě zazipovat obsah c:\windows\minidump a přiložit zde.
2. Zkus stáhnout z podpisu RootRepeal > jdi na záložku report > zmáčkni scan > zaškrkni všechny moduly, které ti to nabídne a všechny pevné disky. Log dej zde, bude to nějakou dobu trvat.
Re: prosím o kontrolu logu, vopred ďakujem
Napsal: 24 úno 2010 12:05
od Lilinka
Tu je ten súbor, idem na to druhé.
Moc ďakujem
Re: prosím o kontrolu logu, vopred ďakujem
Napsal: 24 úno 2010 12:12
od Lilinka
a tu je ten RootRepeal
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/02/24 12:06
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================
Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xAA8F6000 Size: 98304 File Visible: No Signed: -
Status: -
Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7B20000 Size: 8192 File Visible: No Signed: -
Status: -
Name: PCI_PNP8724
Image Path: \Driver\PCI_PNP8724
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA74D9000 Size: 49152 File Visible: No Signed: -
Status: -
Name: spcx.sys
Image Path: spcx.sys
Address: 0xF7390000 Size: 1052672 File Visible: No Signed: -
Status: -
Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -
Hidden/Locked Files
-------------------
Path: c:\documents and settings\e\application data\skype\elinusenka\etilqs_pqy0cbxbfrd5fyepqh8i
Status: Allocation size mismatch (API: 4096, Raw: 0)
Path: c:\documents and settings\e\application data\skype\elinusenka\etilqs_wmmyqnnsvnt5ora1gvil
Status: Allocation size mismatch (API: 32768, Raw: 0)
Path: c:\documents and settings\e\application data\mozilla\firefox\profiles\uhdpehis.default\sessionstore.js
Status: Size mismatch (API: 105079, Raw: 103069)
Path: C:\Documents and Settings\E\Local Settings\Application Data\Mozilla\Firefox\Profiles\uhdpehis.default\Cache\6BB2526Dd01
Status: Could not get file information (Error 0xc0000008)
Path: C:\Documents and Settings\E\Local Settings\Application Data\Mozilla\Firefox\Profiles\uhdpehis.default\Cache\IH820.tmp
Status: Locked to the Windows API!
Path: C:\Documents and Settings\E\Local Settings\Application Data\Mozilla\Firefox\Profiles\uhdpehis.default\Cache\25DFBD55d01
Status: Could not get file information (Error 0xc0000008)
Path: c:\documents and settings\e\local settings\application data\mozilla\firefox\profiles\uhdpehis.default\cache\_cache_001_
Status: Size mismatch (API: 1010008, Raw: 984412)
Path: c:\documents and settings\e\local settings\application data\mozilla\firefox\profiles\uhdpehis.default\cache\_cache_002_
Status: Size mismatch (API: 1682876, Raw: 1649286)
SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "spcx.sys" at address 0xf73910e0
#: 071 Function Name: NtEnumerateKey
Status: Hooked by "spcx.sys" at address 0xf73afca4
#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "spcx.sys" at address 0xf73b0032
#: 119 Function Name: NtOpenKey
Status: Hooked by "spcx.sys" at address 0xf73910c0
#: 160 Function Name: NtQueryKey
Status: Hooked by "spcx.sys" at address 0xf73b010a
#: 177 Function Name: NtQueryValueKey
Status: Hooked by "spcx.sys" at address 0xf73aff8a
#: 247 Function Name: NtSetValueKey
Status: Hooked by "spcx.sys" at address 0xf73b019c
Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x831dd1f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x831dd1f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x831dd1f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x831dd1f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x831dd1f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x831dd1f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x831dd1f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x831dd1f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x831dd1f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x831dd1f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x831dd1f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x831dd1f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x831dd1f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x831dd1f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x831dd1f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x831dd1f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x831dd1f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x831dd1f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x831dd1f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x831dd1f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x831dd1f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x831dd1f8 Size: 121
Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]
Process: System Address: 0x831de1f8 Size: 121
Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]
Process: System Address: 0x831de1f8 Size: 121
Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x831de1f8 Size: 121
Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x831de1f8 Size: 121
Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]
Process: System Address: 0x831de1f8 Size: 121
Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x831de1f8 Size: 121
Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]
Process: System Address: 0x831de1f8 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x82f701f8 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x82f701f8 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x82f701f8 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x82f701f8 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x82f701f8 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x82f701f8 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x82f701f8 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x82f701f8 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x82f701f8 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x82f701f8 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x82f701f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE]
Process: System Address: 0x831721f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE]
Process: System Address: 0x831721f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_READ]
Process: System Address: 0x831721f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE]
Process: System Address: 0x831721f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x831721f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x831721f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x831721f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN]
Process: System Address: 0x831721f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_POWER]
Process: System Address: 0x831721f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x831721f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_PNP]
Process: System Address: 0x831721f8 Size: 121
Object: Hidden Code [Driver: usbohci, IRP_MJ_CREATE]
Process: System Address: 0x82f5b500 Size: 121
Object: Hidden Code [Driver: usbohci, IRP_MJ_CLOSE]
Process: System Address: 0x82f5b500 Size: 121
Object: Hidden Code [Driver: usbohci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x82f5b500 Size: 121
Object: Hidden Code [Driver: usbohci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x82f5b500 Size: 121
Object: Hidden Code [Driver: usbohci, IRP_MJ_POWER]
Process: System Address: 0x82f5b500 Size: 121
Object: Hidden Code [Driver: usbohci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x82f5b500 Size: 121
Object: Hidden Code [Driver: usbohci, IRP_MJ_PNP]
Process: System Address: 0x82f5b500 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x831df1f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x831df1f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x831df1f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x831df1f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x831df1f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x831df1f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x831df1f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x831df1f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x831df1f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x831df1f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x831df1f8 Size: 121
Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x82bc31f8 Size: 121
Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x82bc31f8 Size: 121
Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x82bc31f8 Size: 121
Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x82bc31f8 Size: 121
Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x82bc31f8 Size: 121
Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x82bc31f8 Size: 121
Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x82f6b1f8 Size: 121
Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x82f6b1f8 Size: 121
Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x82f6b1f8 Size: 121
Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x82f6b1f8 Size: 121
Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x82f6b1f8 Size: 121
Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x82f6b1f8 Size: 121
Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x82f6b1f8 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x829c91f8 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x829c91f8 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x829c91f8 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x829c91f8 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x829c91f8 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x829c91f8 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x829c91f8 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x829c91f8 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x829c91f8 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x829c91f8 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x829c91f8 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x829c91f8 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x829c91f8 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x829c91f8 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x829c91f8 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x829c91f8 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x829c91f8 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x829c91f8 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x829c91f8 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x829c91f8 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x829c91f8 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x829c91f8 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x829c91f8 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x829c91f8 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x829c91f8 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x829c91f8 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x829c91f8 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x829c91f8 Size: 121
Object: Hidden Code [Driver: CdfsЅఊ灐敲, IRP_MJ_CREATE]
Process: System Address: 0x8302e500 Size: 121
Object: Hidden Code [Driver: CdfsЅఊ灐敲, IRP_MJ_CLOSE]
Process: System Address: 0x8302e500 Size: 121
Object: Hidden Code [Driver: CdfsЅఊ灐敲, IRP_MJ_READ]
Process: System Address: 0x8302e500 Size: 121
Object: Hidden Code [Driver: CdfsЅఊ灐敲, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8302e500 Size: 121
Object: Hidden Code [Driver: CdfsЅఊ灐敲, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8302e500 Size: 121
Object: Hidden Code [Driver: CdfsЅఊ灐敲, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8302e500 Size: 121
Object: Hidden Code [Driver: CdfsЅఊ灐敲, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8302e500 Size: 121
Object: Hidden Code [Driver: CdfsЅఊ灐敲, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8302e500 Size: 121
Object: Hidden Code [Driver: CdfsЅఊ灐敲, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8302e500 Size: 121
Object: Hidden Code [Driver: CdfsЅఊ灐敲, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8302e500 Size: 121
Object: Hidden Code [Driver: CdfsЅఊ灐敲, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8302e500 Size: 121
Object: Hidden Code [Driver: CdfsЅఊ灐敲, IRP_MJ_CLEANUP]
Process: System Address: 0x8302e500 Size: 121
Object: Hidden Code [Driver: CdfsЅఊ灐敲, IRP_MJ_PNP]
Process: System Address: 0x8302e500 Size: 121
==EOF==
Re: prosím o kontrolu logu, vopred ďakujem
Napsal: 24 úno 2010 12:52
od franticek
1. zkus najít tento soubor a postnout jej: C:\Qoobox\ComboFix-quarantined-files.txt
2. ověř na VT tyto soubory:
C:\WINDOWS\System32\Drivers\dump_atapi.sys
C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
C:\WINDOWS\System32\Drivers\spcx.sys - pokud tam není, zkus jej vyhledat
3. stáhni
mbr.exe, ulož jej kořen na c:\, spusť příkazový řádek (lze i příkazem CMD) a napiš
a dej enter
Re: prosím o kontrolu logu, vopred ďakujem
Napsal: 24 úno 2010 13:13
od Lilinka
Radšej som odznova robila aj ten combofix, lebo to Qoobox som zmazala takže tu je to čo mi ukázalo
Na VTmi nejde skontrolovať ani jeden súbor, píše že sa nenašiel.
no a ten mbr:
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer,
http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x831DE1F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x831de1f8
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !
Re: prosím o kontrolu logu, vopred ďakujem
Napsal: 24 úno 2010 13:54
od franticek
1. Odpoj připojené image od virtuálních cd mechanik - Daemon tools, ALcohol atd. a poté tyto programy odinstaluj.
2. Stáhni si
SPTD dle verze svého systému, spusť > volba uninstall > poté restart
3. Znovu udělej log z mbr
4. Mimochodem windows je legální nebo ne?
5. Zkus gmer či combofix. Nepujde-li, zkus je v nouzovém režimu.
Re: prosím o kontrolu logu, vopred ďakujem
Napsal: 24 úno 2010 14:12
od Lilinka
1. Ja alcohol a ani deamon tools nemám, či? Kedysi som mala ale už som to dávala preč.
2. vykonané
3. log z mbr:
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer,
http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
4. mala som zakúpený originál windows vista, ale hrozne hneval, tak som preinštalovala na neoriginál XP
5. konečne som spustila ten gmer v nudzovom režime ale, skontroloval mi PC, len ten log neviem kde mám aaach jo
Re: prosím o kontrolu logu, vopred ďakujem
Napsal: 24 úno 2010 15:09
od franticek
1. Můžeš nyní zkusit, jestli ti pojede ten combofix či gmer.
2. Bohužel toto forum se nezabývá nelegálním softwarem, takže naše spolupráce tímto končí.
3. Počítač vypadá ok, ale jelikož tam něco bylo, je doporučeno změnit si hesla.
Re: prosím o kontrolu logu, vopred ďakujem
Napsal: 24 úno 2010 15:11
od Lilinka
ok, ďakujem krásne za pomoc
Re: prosím o kontrolu logu, vopred ďakujem
Napsal: 25 úno 2010 08:40
od franticek
Není zač, ještě pár detailů:
1. Odinstalování ComboFixU.
Dejte start --> spustit a napište combofix /u a stiskněte Enter.
2. Vyčištění zbytku pomocných souborů:
Pak si stáhněte
T-Cleaner a spusťte.
Re: prosím o kontrolu logu, vopred ďakujem
Napsal: 26 úno 2010 22:47
od Lilinka
Ešte raz chcem moc poďakovať za ochotu a strávený čas. Moc ďakujem
