MSE hlasi vir - Security Tool

[pupupaj]

Ahoj vsichni!

Jmenuju se Lucie a jsem naprosta pocitacova amaterka. Na mem PC se objevil problem. Kamarad mi poradil, abych to zkusila pres toto forum, ze bych mohla dostat radu, jak se toho zbavit. Jsem pomerne kratce v cizi zemi a jeste nemam moc paru o tom, jak tu vsechno funguje. proto se obracim na Vas s prosbou o pomoc, nez zacnu shanet pomoc tady za stovky euro.
Vcera se mi v PC objevila jista "vec", ktera si rika Security Tool protect your PC. Ma to ve znaku erb se dvema ozubenyma koleckama. Je to svetle modre. Vpravo je nabidka System Scan, Protection, atd. V hlavni casti se mi objevuje System scan a seznam napadenych souboru s nazvy viru. Napriklad Trojan, Malware, Worm, atd. V dolnim rohu je moznost Remove, ktera me hodi na stranku, kde si mam koupit tento Security Tool. Potom je tam jeste moznost Send a Report.
Ikona se mi take objevuje na liste vedle hodin a hlasi mi to, ze si mam updatovat novou verzi. Za tu chce samozrejme take platit.
Dalsi okno, ktere se mi objevuje, je to, ze Security tool nasel hrozbu na Mozile (Mozila security alert) a ze ji blokuje. Je tam nabidka aktivovat Security tool a zase me to potom hodi na stranku, kde mam zaplatit za koupi.
Tyhle ikony mi skacou porad dokola v intervalu cca jedne minuty.

Kdyz se mi spusti PC, tak se mi na plose objevi vsechny ikony. Potom ovsem naskoci tohlo Security Tool a predstira scanovani napadenych souboru a ikony pri tom zmizi.

Muzu otevrit internet, ale shruba po 20ti minutach mi naskoci modra obrazovka, ze Window se vypnul, aby nedoslo k poskozeni PC. Potom se to vrati na tu puvodni stranku a PC se restartuje.

Ne liste vedle hodin mi to hazi zlute bubliny, ze muzu prijit o soubory, ze moje data protekaji ven - vcetne udaju o kreditni karte, coz me konkretne desi nejvic!

Dalsi vec je, ze vedle hodin se mi objevuje cerveny erb s bilym krizkem, ze pocitac je nechranen a napaden. Kdyz na to kliknu pravym, naskoci mi opet Security Tool. Kdyz levym, vubec to nereaguje. Vcera se mi to jednou podarilo rozkliknout a ukazalo se mi, ze Firewall je vypnuta a nepodarila se mi zapnout.

Cely security tool komunikuje pouze v AJ.

Bojim se otevrit treba aplikaci moje banka, aby mi to opravdu nezasahlo tyhle veci. Muze se to stat?
A bojim se i zaplatit neco pres net kartou, aby mi to opravdu nejak nezneuzilo udaje.

Kamarad rikal, ze by to mohl byt Trojan. Taky jsem jeden soubor napadeny Trojanem odstranila pomoci MS Security Essential. Kamarad ale neni profik, takze me odkazal sem a nechal me pouzit svuj ucet.

Omlouvam se za amatersky zpusob vyjadrovani, ale snad je to aspon trochu pochopitelne.

Pomuzete mi to prosim vyresit?

Moc dekuju!
Lucie

[pupupaj]

Dekuju, jdu to zkusit!

[pupupaj]

Tak to zkousim mezi opakovanymi restarty PC. Na plochu se mi to nepordarilo ulozit - nic tam nevidim. Jedine, co muzu udelat, je otevrit ji pres dokumenty a tu slozku tam zkopirovat nebo pretahnout ze Stazene soubory.
Pokusila jsem se to otevrit ze slozky Stazene soubory, ale to mi zahlasilo, ze abraka.com.exe, i kdyz jsem to prejmenovala (zpusobem prava mys - prejmenovat), je nakazeny. A ze mi chce stahnout data o kreditni karte. A nic se nedelo dal. Je to normalni? Nebo neco delam blbe?

[pupupaj]

A jeste jedna vec. red tim, nez se mi restartuje PC, se mi, krome jineho, na te modre obrazovce, objevi, ze problemy zpusobije soubor: SPCMDCOM.sys... ajeste nejak dal, ale to jsem nestacila zapsat. Je to relevantni info?

[pupupaj]

Tak uz jsem to vsechno pres nouzovy rezim a za pomoci kamarada provedla. A nize najdes ten report. Co dal?
Mimochodem, ted uz zase vydim ikony na plose a dal si pauzu s hlaskama...

ComboFix 10-04-12.06 - Marquise 2010-04-13 16:45:40.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1029.18.502.154 [GMT 2:00]
Spuštěný z: c:\documents and settings\Marquise\Dokumenty\Sta×enÚ soubory\abraka.com
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: Outpost Firewall Pro *disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Data aplikací\74171121
c:\documents and settings\All Users\Data aplikací\74171121\74171121.exe
c:\documents and settings\All Users\Dokumenty\Settings
c:\documents and settings\All Users\Dokumenty\Settings\cbss.dll
c:\documents and settings\Marquise\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\documents and settings\Marquise\Plocha\Security Tool.lnk
c:\windows\system32\drivers\0.exe
c:\windows\system32\drivers\250.exe
c:\windows\system32\drivers\375.exe
c:\windows\system32\drivers\406.exe
c:\windows\system32\drivers\500.exe
c:\windows\system32\drivers\593.exe
c:\windows\system32\drivers\671.exe
c:\windows\system32\drivers\687.exe
c:\windows\system32\drivers\718.exe
c:\windows\system32\drivers\734.exe
c:\windows\system32\drivers\750.exe
c:\windows\system32\drivers\953.exe
c:\windows\system32\regedit.exe
c:\windows\system32\tmp.reg

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-13 do 2010-04-13 )))))))))))))))))))))))))))))))
.

2010-04-13 14:33 . 2010-04-13 14:33 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-04-13 13:53 . 2010-04-13 13:53 5136 ----a-w- c:\windows\system32\youm_3.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-13 15:05 . 2004-09-16 16:58 460202 ----a-w- c:\windows\system32\perfh005.dat
2010-04-13 15:05 . 2004-09-16 16:58 91760 ----a-w- c:\windows\system32\perfc005.dat
2010-03-10 19:06 . 2009-11-26 21:59 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-02-25 06:18 . 2004-09-16 16:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 09:16 . 2009-11-26 22:01 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-15 22:53 . 2010-01-19 21:09 -------- d-----w- c:\program files\TorrentMan
2010-02-12 10:03 . 2010-03-05 19:43 293376 ------w- c:\windows\system32\browserchoice.exe
2007-08-05 13:27 . 2007-08-05 13:27 262 ----a-w- c:\program files\xrmxgsuh.txt
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7c5c0f58-e061-457d-9033-77307f5ed00c}"= "c:\program files\TorrentMan\tbTor1.dll" [2010-02-15 2349080]

[HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
2010-02-15 22:53 2349080 ----a-w- c:\program files\TorrentMan\tbTor1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7c5c0f58-e061-457d-9033-77307f5ed00c}"= "c:\program files\TorrentMan\tbTor1.dll" [2010-02-15 2349080]

[HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7C5C0F58-E061-457D-9033-77307F5ED00C}"= "c:\program files\TorrentMan\tbTor1.dll" [2010-02-15 2349080]

[HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-01 1392640]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-11-08 128920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
"tbhSystray"="c:\program files\tbh\base\bin\tbhSystray.exe" [2010-04-13 492840]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\youm_3]
2010-04-13 13:53 5136 ----a-w- c:\windows\system32\youm_3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Windows Search.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2006-08-03 18:51 1032192 ----a-w- c:\program files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:22 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2007-04-29 22:39 5674352 ----a-w- c:\program files\MSN Messenger\MsnMsgr.Exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ModemOnHold"=c:\program files\NetWaiting\netWaiting.exe
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" /background
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe"
"Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe"
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe"
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"SunJavaUpdateSched"=c:\program files\Java\jre1.5.0_06\bin\jusched.exe
"SynTPEnh"=c:\program files\Synaptics\SynTP\SynTPEnh.exe
"WinampAgent"=c:\program files\Winamp\winampa.exe
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\MsnMsgr.Exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Software\\strongDC\\StrongDC.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\tbh\\base\\bin\\tbhDaemon.exe"=
"c:\\Program Files\\tbh\\monitor\\bin\\tbhMonitor.exe"=
"c:\\Program Files\\BitLord2\\BitLord.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5191:TCP"= 5191:TCP:The Browser Highlighter XCOM

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2006-12-30 664064]
R1 MpKsl6743f122;MpKsl6743f122;c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{A80AD0F9-34CF-49D4-9ABB-4087D19FE445}\MpKsl6743f122.sys [2010-04-13 28880]
R2 tbhMonitor.exe;The Browser Highlighter Monitor;c:\program files\tbh\monitor\bin\tbhMonitor.exe [2009-10-22 70952]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - MPKSL6743F122
.
Obsah adresáře 'Naplánované úlohy'

2010-04-13 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 17:02]
.
.
------- Doplňkový sken -------
.
uStart Page = start.qip.ru
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Connection Wizard,ShellNext = hxxp://www1.euro.dell.com/content/default.aspx?c=cz&l=cs&s=bsd
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = hxxp://search.qip.ru/search?query=%s&from=IE
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} - hxxp://asp08.photoprintit.de/microsite/4860/defaults/activex/IPSUploader.cab
FF - ProfilePath - c:\documents and settings\Marquise\Data aplikací\Mozilla\Firefox\Profiles\ax69x9om.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - component: c:\documents and settings\Marquise\Data aplikací\Mozilla\Firefox\Profiles\ax69x9om.default\extensions\browserhighlighter@ebay.com\components\Shim.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-13 17:00
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe >>UNKNOWN [0x82BBB6C8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> 0x82bbb6c8
\Driver\ACPI -> ACPI.sys @ 0xf82e0cb8
\Driver\atapi -> atapi.sys @ 0xf829bb40
IoDeviceObjectType -> ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Broadcom 440x 10/100 Integrated Controller -> SendCompleteHandler -> NDIS.sys @ 0xf81a4bb0
PacketIndicateHandler -> NDIS.sys @ 0xf8193a0d
SendHandler -> NDIS.sys @ 0xf81a7b40
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(896)
c:\windows\system32\youm_3.dll
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(3852)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\windows\system32\DRIVERS\CDANTSRV.EXE
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\SearchIndexer.exe
c:\program files\tbh\base\bin\tbhDaemon.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\stsystra.exe
.
**************************************************************************
.
Celkový čas: 2010-04-13 17:11:16 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-13 15:11

Před spuštěním: 295,657,472
Po spuštění: 3,296,313,344

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - BCA8A44785415AB61568E0CE8F6208EA

[pupupaj]

Moc Ti dekuju!

Udelam to dnes vecer, az budu mit zase na telefonu kamarada. Kdybych mela nejakou potiz, tak aby pomohl. Vysledky poslu:-)

Po provedeni vsech ukonu bude vse ok? Tzn. nemusim se bat zneuzivani dat, hlavne pri uzivani internet banking nebo pri platbe kartou?

[pupupaj]

Ok, hesla zmenim.
Kamarad randi, takze deratizace probehne zitra:-) ALe ted je sviznejsi a uz se mi neobjevuje Security Tool a nerestartuje se. Pouze Essential tam porad neco likviduje.
Dobrou!

[pupupaj]

Ahojky!

Tady je prvni vysledek:
http://www.virustotal.com/cs/analisis/e ... 1271232275

[pupupaj]

http://www.virustotal.com/cs/analisis/5 ... 1271232529

[pupupaj]

http://www.virustotal.com/cs/analisis/3 ... 1271232678

[pupupaj]

http://www.virustotal.com/cs/analisis/1 ... 1271232860

[pupupaj]

Vysledek prvniho scanu z gmeru:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-04-14 10:34:05
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Marquise\LOCALS~1\Temp\uxtdapod.sys


---- System - GMER 1.0.15 ----

SSDT sptd.sys ZwEnumerateKey [0xF8325C22]
SSDT sptd.sys ZwEnumerateValueKey [0xF8325F9A]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 82BBB490

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device -> \Driver\atapi \Device\Harddisk0\DR0 822F1AC8

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

[pupupaj]

Ok.
Delala jsem ten rozsahly scan, ale naskocila mi asi po dvou hodinach scanovani modra obrazovka. Takze to jdu zkusit znovu:-(

[pupupaj]

Ahojky! Mam takovy problem. Nemuzu dostat ten velky scan z gmeru. V nouzovem rezimu je blbe rozliseni a ja nejsem schopna dostat se v oknu niz nez na tlacitko Scan. Nemas nejaky napad, jak se dostat na Safe?

Zatim stahnu jeste ten dalsi odkaz.

Diky!

[pupupaj]

Tady je mbr:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK