VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

poprosim kontrolu - samo otvara browser

https://forum.viry.cz:443/viewtopic.php?t=99201

Stránka 4 z 6

Re: poprosim kontrolu - samo otvara browser

Napsal: 24 bře 2010 22:11
od motji
Jdeme na to :)
Ted postupujte opatrně, když tak se raději ptejte :)


:arrow: Stáhněte HxD portable http://mh-nexus.de/en/downloads.php?product=HxD
-uložte ho na plochu
-rozbalte ho a program uložte přímo na disk C
-spustte ho
-klikněte na otevřít disk - zvolte pevné disky(fyzické disky) :!: (nepoplette to)
-vyberte pevný disk 1
-do nabídky napište, který sektor chcete otevřít, potvrdíte enter, a budete přímo v tom sektoru
-napište mi, co máte na sektoru 1-62

Re: poprosim kontrolu - samo otvara browser

Napsal: 24 bře 2010 22:40
od djmirente
ako presnejsie s tymi sektormi mam robit?? a co mam napisat odtial?? lebo mi tam pise same vselijake znaky a 00 11 a pod takto nejak mi to ukazuje C2 28 E2 EC 50 60 8B FE 91 B9 00 D6 00 00 F3 AB

Re: poprosim kontrolu - samo otvara browser

Napsal: 24 bře 2010 22:52
od motji
Nemáte zatím dělat nic, jen se podívat, co tam máte za čísla, v sektorech 1-61 by měly být samé nuly
00 00 00 00 00...
Předpokládám že v sektoru 61 samé 0 nejsou (a v sektoru 0 také ne, ale to je v pořádku, s tím se nic nedělá)

Tady máte ukázku, jak vypadá např. sektor 8 u jiného uživatele, Vy by jste tam měl mít samé 0
http://img80.imageshack.us/img80/1686/17750490vd1.jpg

Re: poprosim kontrolu - samo otvara browser

Napsal: 24 bře 2010 22:57
od djmirente
Ani nie toto mam

od sektoru 1 az 62 nemam same nuly sektor 3 - 7 je kadeco potom sekto 10 tam ma nieco a tak dalej
ako dostanem nejaky log z toho vlastne? alebo co to potrebujete?

//rano budem zas tu, lebo mam mladsiu sestru a rano vstava do skoly zatial dobru noc

Re: poprosim kontrolu - samo otvara browser

Napsal: 24 bře 2010 23:03
od motji
:shock:
Jste opravdu na pevném , fyzickém disku?

Jestli to dobře chápu, tak nemáte 00 00 00 jak má být, nikde?
Log z toho nedostanete, pouze můžete zkopírovat ty řádky nebo udělat screen.

Na co to potřebuji? Máte tam pravděpodobně nějaký pozůstatek po Mbr rootkitu, potřebujeme ho vyčistit. Ale nemůžeme si mazat jen tak kdeco, taky by jste mohl přijít o data nebo nenabootovat.

Re: poprosim kontrolu - samo otvara browser

Napsal: 25 bře 2010 09:02
od djmirente
Ale su tam nuly, okrem sektorov 3 az 7 potom v desiatom sektore niesu ciste nuly, ale v ostatnych sektoroch su nuly ako ma byt.
A ano je to na fyzickom disku :)
Tu je napriklad treti sektor
Obrázek

Re: poprosim kontrolu - samo otvara browser

Napsal: 25 bře 2010 09:07
od motji
Jak to vypadá na 61. sektoru?

Re: poprosim kontrolu - samo otvara browser

Napsal: 25 bře 2010 09:21
od djmirente
Asi takto

Obrázek

Re: poprosim kontrolu - samo otvara browser

Napsal: 25 bře 2010 10:16
od motji
Ještě mi napište, jestli někde je napsáno NTFS, bývá to kolem 64.sektoru.
Pak si do notepadu uložte čísla z těch sektorů, kde 0 nejsou, myslím od sektoru 1 do 62.
Pokud by se něco pokazilo, můžeme je přepsat na původní hodnotu.

Sektor 0 se nepřepisuje, z toho se bootuje :)

A večer to opravíme :)

Re: poprosim kontrolu - samo otvara browser

Napsal: 25 bře 2010 10:59
od djmirente
V 63tom sektore je napisane NTFS a tu som exportoval 1-64 sektor do HTML

Re: poprosim kontrolu - samo otvara browser

Napsal: 25 bře 2010 19:59
od motji
:o z toho jsem moc nevyčetla, ale nevadí.
Udělejte si zálohu důležitých dat, pro jistotu :!:

:arrow: znovu spustte HxD
klikněte na otevřít disk - zvolte pevné disky(fyzické disky) :!: (nepoplette to)
-vyberte pevný disk 1
-ze čtverečku odkliknete fajfku jen pro čtení
- otevře se program v edit modu
-najdete sektor 61
-označte myšítkem celý sektor 61 (můžete si čísílka zkopírovat a uložit v notepadu, kdyby se něco nepovedlo, vrátíte je zpět)
-zvolte možnost vyplnit výběr (3. možnost odspodu mezi dvěma čarami,) otevřou se přednastavené hodnoty ( 00 00 00...)
-potvrdíte Ok

-takto opravte i další sektory, kde nejsou přednastavené nuly, od 1.-do 61. sektoru
:!: 0. sektor neopravovat
-zavřete program, potvrdíte změnu.
-pak restartujte počítač a zkontrolujte, zda je sektor přepsaný.


takto má sektor 1-61 vypadat, ukázka 60. sektoru
Obrázek

:arrow: Pak spustte znovu mbr.exe

Re: poprosim kontrolu - samo otvara browser

Napsal: 25 bře 2010 20:40
od djmirente
tu je log :)
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

Re: poprosim kontrolu - samo otvara browser

Napsal: 25 bře 2010 21:18
od motji
:) Paráda, mohla bych Vás ještě poprosit znovu o log z Gmeru? Tam se mi něco nelíbilo, uvidíme, zda to zmizelo také.

Jinak s počítačem to vypadá jak?

Re: poprosim kontrolu - samo otvara browser

Napsal: 25 bře 2010 21:31
od djmirente
tu je prvy

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-03-25 21:25:30
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\DJMIRE~1\AppData\Local\Temp\kwdoquod.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)
AttachedDevice \Driver\tdx \Device\Tcp pctgntdi.sys

---- EOF - GMER 1.0.15 ----

tu je druhy

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-25 21:31:06
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\DJMIRE~1\AppData\Local\Temp\kwdoquod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0x88F46CDE]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0x88F46ED0]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateUserProcess [0x88F470D8]
SSDT \SystemRoot\system32\drivers\TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwTerminateProcess [0x88F8CB30]

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C29AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C29104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C293F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C11634
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C11898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C291DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C29958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C296F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C29F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C2A1A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C89579 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CADF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 32C 82CB582C 8 Bytes [DE, 6C, F4, 88, D0, 6E, F4, ...]
.text ntkrnlpa.exe!RtlSidHashLookup + 364 82CB5864 4 Bytes [D8, 70, F4, 88]
.text ntkrnlpa.exe!RtlSidHashLookup + 7B8 82CB5CB8 4 Bytes [30, CB, F8, 88]
? \Device\Harddisk0\Partition1\Windows\system32\drivers\PctWfpFilter.sys Systém nemôže nájsť zadanú cestu. !
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8F435340, 0x411407, 0xE8000020]
.text C:\Windows\system32\drivers\ACEDRV07.sys section is writeable [0x90E07000, 0x328BA, 0xE8000020]
.pklstb C:\Windows\system32\drivers\ACEDRV07.sys entry point in ".pklstb" section [0x90E4B000]
.relo2 C:\Windows\system32\drivers\ACEDRV07.sys unknown last section [0x90E67000, 0x8E, 0x42000040]
.text peauth.sys 9D42EC9D 28 Bytes [CF, 8C, 29, 4C, 93, 33, 88, ...]
.text peauth.sys 9D42ECC1 28 Bytes [CF, 8C, 29, 4C, 93, 33, 88, ...]
.text C:\Program Files\CyberLink\PowerDVD9\000.fcl section is writeable [0x9D4F9000, 0x2892, 0xE8000020]
.vmp2 C:\Program Files\CyberLink\PowerDVD9\000.fcl entry point in ".vmp2" section [0x9D51C050]
? C:\Users\DJMIRE~1\AppData\Local\Temp\mbr.sys Systém nemôže nájsť zadaný súbor. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[696] USER32.dll!UnhookWindowsHookEx 76FECC7B 5 Bytes JMP 69C67E18 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[696] USER32.dll!CallNextHookEx 76FECC8F 5 Bytes JMP 69C494EC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[696] USER32.dll!CreateWindowExW 76FF0E51 5 Bytes JMP 69C57AA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[696] USER32.dll!SetWindowsHookExW 76FF210A 5 Bytes JMP 69C04243 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[696] USER32.dll!DialogBoxIndirectParamW 77014AA7 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[696] USER32.dll!DialogBoxIndirectParamW 77014AA7 5 Bytes JMP 69DA58AB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[696] USER32.dll!DialogBoxParamW 7701564A 5 Bytes JMP 69B7490B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[696] USER32.dll!DialogBoxParamA 7702CF6A 5 Bytes JMP 69DA5848 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[696] USER32.dll!DialogBoxIndirectParamA 7702D29C 5 Bytes JMP 69DA590E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[696] USER32.dll!MessageBoxIndirectA 7703E8C9 5 Bytes JMP 69DA57DD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[696] USER32.dll!MessageBoxIndirectW 7703E9C3 5 Bytes JMP 69DA5772 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[696] USER32.dll!MessageBoxExA 7703EA29 5 Bytes JMP 69DA5710 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[696] USER32.dll!MessageBoxExW 7703EA4D 5 Bytes JMP 69DA56AE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[696] ole32.dll!OleLoadFromStream 759A5B88 5 Bytes JMP 69DA5B74 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[696] ole32.dll!CoCreateInstance 759F57FC 5 Bytes JMP 69C58595 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1960] USER32.dll!CreateWindowExW 76FF0E51 5 Bytes JMP 69C57AA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1960] USER32.dll!DialogBoxIndirectParamW 77014AA7 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[1960] USER32.dll!DialogBoxIndirectParamW 77014AA7 5 Bytes JMP 69DA58AB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1960] USER32.dll!DialogBoxParamW 7701564A 5 Bytes JMP 69B7490B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1960] USER32.dll!DialogBoxParamA 7702CF6A 5 Bytes JMP 69DA5848 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1960] USER32.dll!DialogBoxIndirectParamA 7702D29C 5 Bytes JMP 69DA590E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1960] USER32.dll!MessageBoxIndirectA 7703E8C9 5 Bytes JMP 69DA57DD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1960] USER32.dll!MessageBoxIndirectW 7703E9C3 5 Bytes JMP 69DA5772 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1960] USER32.dll!MessageBoxExA 7703EA29 5 Bytes JMP 69DA5710 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1960] USER32.dll!MessageBoxExW 7703EA4D 5 Bytes JMP 69DA56AE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1960] ole32.dll!OleLoadFromStream 759A5B88 5 Bytes JMP 69DA5B74 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[696] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [04E62DF0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[696] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [04E62E30] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[696] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [04E62CF0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[696] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!CloseHandle] [04E3C3F0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[696] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [04E62D20] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[696] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] [04E3BB60] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[696] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExA] [04E62DC0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[696] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!WriteFile] [04E3C5B0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[696] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!ReadFile] [04E3C4F0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[696] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [04E62DF0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[696] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CloseHandle] [04E3C3F0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[696] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!ReadFile] [04E3C4F0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[696] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [04E3C040] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[696] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] [04E62DC0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[696] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [04E62E30] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[696] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [04E62D20] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[696] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [04E3BB60] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[696] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [04E62DF0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[696] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [04E62CF0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[696] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [04E62D20] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[696] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [04E62E30] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[696] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CloseHandle] [04E3C3F0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[696] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!WriteFile] [04E3C5B0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[696] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [04E3BB60] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[696] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [04E62D20] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[696] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WriteFile] [04E3C5B0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[696] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReadFile] [04E3C4F0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[696] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [04E62CF0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[696] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [04E62DF0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[696] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [04E3BB60] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[696] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [04E3B950] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[696] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [04E62E30] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[696] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [04E62DC0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[696] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CloseHandle] [04E3C3F0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[696] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DialogBoxParamW] [04E3A1A0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[696] @ C:\Windows\system32\SHELL32.dll [USER32.dll!DialogBoxParamW] [04E3A1A0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[696] @ C:\Windows\system32\SHELL32.dll [USER32.dll!MessageBoxIndirectW] [04E3B1D0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[696] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [04E62CF0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[696] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [04E62D20] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[696] @ C:\Windows\system32\ole32.dll [USER32.dll!DialogBoxParamW] [04E3A1A0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[696] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [04E62D20] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[696] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [04E62CF0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[696] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!CreateFileA] [04E3B950] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[696] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [04E62DF0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[696] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!ReadFile] [04E3C4F0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[696] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!WriteFile] [04E3C5B0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[696] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!CloseHandle] [04E3C3F0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[696] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!CreateFileW] [04E3BB60] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[696] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [04E62DC0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[696] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [04E62CF0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[696] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [04E62E30] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[696] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [04E62D20] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[696] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [04E62DF0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[696] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [04E62E30] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[696] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [04E62CF0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[696] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!CloseHandle] [04E3C3F0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[696] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!ReadFile] [04E3C4F0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[696] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!CreateFileA] [04E3B950] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[696] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!CreateFileW] [04E3BB60] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[696] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!WriteFile] [04E3C5B0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[696] @ C:\Windows\system32\WININET.dll [USER32.dll!DialogBoxParamW] [04E3A1A0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[696] @ C:\Windows\system32\inetmib1.dll [KERNEL32.dll!CloseHandle] [04E3C3F0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Windows\system32\rundll32.exe[1184] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75425D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1184] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75425D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1184] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75425D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1184] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75425D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[1660] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75425D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[1660] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75425D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[1660] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75425D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[1660] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75425D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[1660] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75425D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7415250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74152494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74135624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [741356E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74148573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74144D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [741450CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [741451A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [741466D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [741482CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74148819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7414907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7414E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74144C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2772] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75425D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2772] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75425D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2772] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75425D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2772] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75425D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\QIP Infium\infium.exe[3208] @ C:\Windows\system32\user32.dll [KERNEL32.dll!CreateThread] [00450220] C:\Program Files\QIP Infium\infium.exe (QIP Infium/QIP)
IAT C:\Program Files\QIP Infium\infium.exe[3208] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [00450220] C:\Program Files\QIP Infium\infium.exe (QIP Infium/QIP)
IAT C:\Program Files\QIP Infium\infium.exe[3208] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!QueueUserWorkItem] [00450424] C:\Program Files\QIP Infium\infium.exe (QIP Infium/QIP)
IAT C:\Program Files\QIP Infium\infium.exe[3208] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!QueueUserWorkItem] [00450424] C:\Program Files\QIP Infium\infium.exe (QIP Infium/QIP)
IAT C:\Program Files\QIP Infium\infium.exe[3208] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!CreateThread] [00450220] C:\Program Files\QIP Infium\infium.exe (QIP Infium/QIP)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)
AttachedDevice \Driver\tdx \Device\Tcp pctgntdi.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000005d halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001167000000
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001167000000@347e39513cf9 0x6F 0x90 0xDA 0x54 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001167000000 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001167000000@347e39513cf9 0x6F 0x90 0xDA 0x54 ...

---- EOF - GMER 1.0.15 ----

Re: poprosim kontrolu - samo otvara browser

Napsal: 25 bře 2010 22:42
od motji
Jak to ted vypadá s počítačem?

Otestujte na http://www.virustotal.com
C:\Windows\system32\DRIVERS\nvlddmkm.sys
C:\Windows\system32\drivers\ACEDRV07.sys
Všechny časy jsou v UTC+01:00
Stránka 4 z 6

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz