VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Objekt: Operační paměť, Infiltrace:Win32/Mebroot trojský kůň

https://forum.viry.cz:443/viewtopic.php?t=101370

Stránka 1 z 2

Objekt: Operační paměť, Infiltrace:Win32/Mebroot trojský kůň

Napsal: 23 kvě 2010 22:44
od j7n
Dobrý večer.
Text v předmětu mi vypsal ESET Smart Security 4.
Je to můj 1. vážný vir, fakt si s ním nevím rady.
Zkoušel jsem dle návodu Konzoli pro zotavení, ale neuspěšně. Vždy se mi to seklo.
Snad mi tu ěkdo poradíte jak s tím prevíta zabít.
Přidávám logy:
Combofix
ComboFix 10-05-23.04 - J7N 23.05.2010 23:22:16.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.589 [GMT 2:00]
Spuštěný z: c:\combofix\ComboFix.exe
Použité ovládací přepínače :: ComboFix
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\J7N~1.J7N\LOCALS~1\Temp\svchost.exe
c:\documents and settings\All Users.WINDOWS\Data aplikací\Wyeke
c:\documents and settings\J7N.J7N-66C4CED9D23\ctfmon.exe
c:\documents and settings\J7N.J7N-66C4CED9D23\Dokumenty\cc_20100523_183657.reg
c:\program files\Wyeke
c:\program files\Wyeke\uninstall.exe
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013
C:\Thumbs.db
c:\windows\system32\Data
c:\windows\system32\winlogon.bak

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-23 do 2010-05-23 )))))))))))))))))))))))))))))))
.

2010-05-23 21:00 . 2010-05-23 20:55 390144 ----a-w- c:\windows\system32\CF11050.exe
2010-05-23 08:21 . 2010-05-23 08:21 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-22 18:37 . 2010-05-22 18:37 -------- d-----w- c:\documents and settings\J7N.J7N-66C4CED9D23\DoctorWeb
2010-05-21 08:50 . 2010-05-21 08:48 344576 ----a-w- c:\windows\system32\berounak.exe
2010-05-21 08:48 . 2010-05-21 08:48 344576 ----a-w- c:\windows\system32\roolafyliw.exe
2010-05-02 15:51 . 2008-08-26 07:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-05-02 15:50 . 2010-02-26 11:19 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2010-05-02 15:49 . 2010-05-09 05:56 -------- d-----w- c:\program files\Nokia

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-09 05:56 . 2009-10-18 18:50 -------- d-----w- c:\program files\Common Files\Nokia
2010-05-02 15:57 . 2010-05-02 15:57 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
2010-05-02 15:57 . 2010-05-02 15:57 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-05-02 15:51 . 2009-08-15 16:37 -------- d-----w- c:\program files\PC Connectivity Solution
2010-04-20 20:22 . 2010-04-20 20:22 -------- d-----w- c:\program files\Microsoft Works
2010-04-20 20:21 . 2010-04-20 20:21 -------- d-----w- c:\program files\Microsoft.NET
2010-04-14 15:29 . 2001-10-25 14:00 68736 ----a-w- c:\windows\system32\perfc005.dat
2010-04-14 15:29 . 2001-10-25 14:00 389664 ----a-w- c:\windows\system32\perfh005.dat
2010-04-14 15:29 . 2010-04-14 15:29 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2010-04-14 15:28 . 2010-04-14 15:28 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2010-04-13 16:59 . 2010-04-13 16:59 -------- d-----w- c:\program files\CoreCodec
2010-04-12 20:33 . 2005-03-05 11:59 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-31 16:18 . 2010-03-31 16:18 -------- d-----w- c:\program files\Common Files\Java
2010-03-26 17:22 . 2010-03-26 17:22 0 ----a-w- c:\windows\ativpsrm.bin
2010-03-26 17:21 . 2005-03-16 18:08 -------- d-----w- c:\program files\ATI Technologies
2010-03-26 17:21 . 2010-03-26 17:21 -------- d-----w- c:\program files\ATI
2010-03-09 02:28 . 2009-10-15 20:07 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-03 04:21 . 2009-10-15 12:33 4630016 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2010-03-03 04:07 . 2006-02-21 18:20 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2010-03-03 04:02 . 2010-03-26 17:21 45056 ----a-w- c:\windows\system32\aticalrt.dll
2010-03-03 04:02 . 2010-03-26 17:21 45056 ----a-w- c:\windows\system32\aticalcl.dll
2010-03-03 04:01 . 2010-03-26 17:21 3641344 ----a-w- c:\windows\system32\aticaldd.dll
2010-03-03 03:44 . 2006-02-21 18:11 14262272 ----a-w- c:\windows\system32\atioglxx.dll
2010-03-03 03:40 . 2010-03-26 17:21 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-03-03 03:40 . 2009-10-15 12:33 3616096 ----a-w- c:\windows\system32\ati3duag.dll
2010-03-03 03:39 . 2009-10-15 12:33 301056 ----a-w- c:\windows\system32\ati2dvag.dll
2010-03-03 03:24 . 2006-02-21 18:41 208896 ----a-w- c:\windows\system32\atipdlxx.dll
2010-03-03 03:24 . 2009-10-15 12:33 2232320 ----a-w- c:\windows\system32\ativvaxx.dll
2010-03-03 03:24 . 2006-02-21 18:40 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-03-03 03:24 . 2010-03-26 17:21 887724 ----a-w- c:\windows\system32\ativva6x.dat
2010-03-03 03:24 . 2010-03-26 17:21 3 ----a-w- c:\windows\system32\ativva5x.dat
2010-03-03 03:24 . 2006-02-21 18:40 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-03-03 03:24 . 2006-02-21 18:40 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-03-03 03:23 . 2006-02-21 18:40 159744 ----a-w- c:\windows\system32\ati2evxx.dll
2010-03-03 03:22 . 2006-02-21 18:39 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2010-03-03 03:21 . 2006-02-21 18:38 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-03-03 03:20 . 2010-03-26 17:21 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-03-03 03:16 . 2006-02-21 18:11 565248 ----a-w- c:\windows\system32\atikvmag.dll
2010-03-03 03:15 . 2010-03-26 17:21 184320 ----a-w- c:\windows\system32\atiadlxx.dll
2010-03-03 03:14 . 2006-02-21 18:10 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-03-03 03:14 . 2010-03-26 17:21 393216 ----a-w- c:\windows\system32\atiok3x2.dll
2010-03-03 03:09 . 2009-10-15 12:33 638976 ----a-w- c:\windows\system32\ati2cqag.dll
2010-03-03 03:07 . 2006-02-21 18:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-03-03 03:07 . 2010-03-26 17:21 65024 ----a-w- c:\windows\system32\atimpc32.dll
2010-03-03 03:07 . 2010-03-26 17:21 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2010-02-26 11:32 . 2009-10-18 18:50 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2010-02-26 11:32 . 2009-10-18 18:50 662016 ----a-w- c:\windows\system32\nmwcdcocls.dll
2010-02-26 11:32 . 2009-10-18 18:50 92672 ----a-w- c:\windows\system32\nmwcdcls.dll
2010-02-26 11:32 . 2009-10-18 18:50 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2010-02-26 11:32 . 2009-10-18 18:50 22528 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2010-02-26 11:32 . 2009-10-18 18:50 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2010-02-26 11:21 . 2009-10-18 18:50 8320 ----a-w- c:\windows\system32\drivers\nmwcdnsuc.sys
2010-02-26 11:21 . 2009-10-18 18:50 137344 ----a-w- c:\windows\system32\drivers\nmwcdnsu.sys
2010-02-25 19:55 . 2006-02-13 11:29 201875 ----a-w- c:\windows\system32\atiicdxx.dat
.

------- Sigcheck -------

[-] 2009-10-15 . B1C66D7B244FC4E2B034D50E86E4E991 . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="e:\programy\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"NokiaOviSuite2"="c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2010-02-24 385928]
"PC Suite Tray"="e:\programy\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-06-19 570664]
"WinampAgent"="e:\programy\Winamp\winampa.exe" [2009-07-01 37888]
"egui"="e:\programy\ESET 4\egui.exe" [2009-09-11 2054360]
"StartCCC"="e:\programy\Ati Catalyst 10_3\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-02 98304]
"pouga"="c:\windows\system32\roolafyliw.exe" [2010-05-21 344576]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"e:\\Programy\\uTorrent\\utorrent.exe"=
"i:\\HRY\\Need for Speed Most Wanted\\speed.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [11.9.2009 8:23 108792]
R2 ekrn;ESET Service;e:\programy\ESET 4\ekrn.exe [11.9.2009 8:24 735960]
R2 iim9cotmohu;Backbone Service;c:\windows\system32\berounak.exe [21.5.2010 10:50 344576]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15.10.2009 21:47 717296]
S2 aitdku;\??\C:;\??\c:\docume~1\J7N~1.J7N\LOCALS~1\Temp\tbkur.sys --> c:\docume~1\J7N~1.J7N\LOCALS~1\Temp\tbkur.sys [?]
S3 G Data Tuner Service;G Data Tuner Service;e:\programy\GData\AVKTuner\AVKTunerService.exe --> e:\programy\GData\AVKTuner\AVKTunerService.exe [?]
S3 NDISKIO;NDISKIO;\??\c:\docume~1\J7N~1.J7N\LOCALS~1\Temp\82d38a3a.nmc\nse\bin\ndiskio.sys --> c:\docume~1\J7N~1.J7N\LOCALS~1\Temp\82d38a3a.nmc\nse\bin\ndiskio.sys [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [18.10.2009 20:50 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [18.10.2009 20:50 8320]
S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [6.12.2009 14:08 32377]
S3 Serenade;Serenade USB DFU Device;c:\windows\system32\drivers\Serenadedfu.sys [17.11.2009 13:25 14336]
S3 UnhookMBRS;UnhookMBRS;\??\c:\docume~1\J7N~1.J7N\LOCALS~1\Temp\82d38a3a.nmc\nse\bin\unhookmbrs.sys --> c:\docume~1\J7N~1.J7N\LOCALS~1\Temp\82d38a3a.nmc\nse\bin\unhookmbrs.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
FF - ProfilePath - c:\documents and settings\J7N.J7N-66C4CED9D23\Data aplikací\Mozilla\Firefox\Profiles\zq6vfpc8.default\
FF - component: c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - plugin: e:\programy\JAVA\bin\new_plugin\npdeploytk.dll
FF - plugin: e:\programy\JAVA\bin\new_plugin\npjp2.dll

---- NASTAVENÍ FIREFOXU ----
e:\programy\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
e:\programy\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
e:\programy\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
e:\programy\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
e:\programy\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-Cmaudio - cmicnfg.cpl
AddRemove-Nokia PC Suite - c:\documents and settings\All Users.WINDOWS\Data aplikací\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_cze_web.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-23 23:26
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(804)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Celkový čas: 2010-05-23 23:27:50
ComboFix-quarantined-files.txt 2010-05-23 21:27

Před spuštěním: 2 779 774 976
Po spuštění: 4 690 731 008

- - End Of File - - 33E213629E7B33807DF9B2C2F45DE231


Trend Micro HijackThis v2.0.2

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:28:39, on 23.5.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
E:\Programy\ESET 4\ekrn.exe
C:\WINDOWS\system32\berounak.exe
C:\WINDOWS\system32\berounak.exe
E:\Programy\JAVA\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\J7N.J7N-66C4CED9D23\Plocha\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Programy\JAVA\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Programy\JAVA\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] E:\Programy\Winamp\winampa.exe
O4 - HKLM\..\Run: [egui] "E:\Programy\ESET 4\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [StartCCC] "E:\Programy\Ati Catalyst 10_3\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [pouga] C:\WINDOWS\system32\roolafyliw.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\Programy\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
O4 - HKCU\..\Run: [PC Suite Tray] "E:\Programy\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Aktualizovat ESET licenci.lnk = E:\Programy\ESET 4\MiNODLogin\MiNODLogin.exe
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Programy\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - E:\Programy\ESET 4\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - E:\Programy\ESET 4\ekrn.exe
O23 - Service: G Data Tuner Service - Unknown owner - E:\Programy\GData\AVKTuner\AVKTunerService.exe (file missing)
O23 - Service: Backbone Service (iim9cotmohu) - Four-F - C:\WINDOWS\system32\berounak.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Programy\JAVA\bin\jqs.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 4441 bytes

Re: Objekt: Operační paměť, Infiltrace:Win32/Mebroot trojský

Napsal: 24 kvě 2010 05:03
od Caroprd111
Zdravím :)


Podle pravidel fóra se zde nelegálním softwarem nezabýváme (nelegální programy představují bezpečnostní hrozbu).
Obstarejte si legální zabezpečení PC (antivir, firewall), poté sem vložte log z RSIT a log z CKScanner.

Vyberte si třeba free Aviru nebo Avast + nějaký firewall (doporučuji ZoneAlarm) http://www.viry.cz/forum/viewtopic.php?f=29&t=6152 + http://www.viry.cz/forum/viewtopic.php?f=41&t=6523

Obrázek Stáhněte na plochu CKScanner http://downloads.malwareremoval.com/CKScanner.exe
  • Spusťte a klikněte na "Search For Files", po dokončení skenu klikněte na "Save List to File" -> "OK"
  • Log s názvem ckfiles.txt bude uložený na ploše, obsah tohoto souboru sem vložte.


Nedoporučuji používat ComboFix z vlastní iniciativy, může dojít k poškození systému!

Re: Objekt: Operační paměť, Infiltrace:Win32/Mebroot trojský

Napsal: 29 kvě 2010 09:02
od j7n
O.K. Eset jsem odinstaloval, nyní mám Aviru. Ta mi Mebroota nehlásí.
Zde je požadovaný log:

CKScanner - Additional Security Risks - These are not necessarily bad
c:\windows\system32\oobe\antiwpa_crypt.dll
scanner sequence 3.AP.11
----- EOF -----



=========================================================
Pro jistotu ještě log z HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:59:46, on 29.5.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
E:\Programy\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
E:\Programy\Winamp\winampa.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\WINDOWS\system32\roolafyliw.exe
E:\Programy\Avira\AntiVir Desktop\avgnt.exe
E:\Programy\Ati Catalyst 10_3\ATI.ACE\Core-Static\MOM.exe
E:\Programy\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
C:\WINDOWS\system32\roolafyliw.exe
E:\Programy\Nokia\Nokia PC Suite 7\PCSuite.exe
E:\Programy\Ati Catalyst 10_3\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe
E:\Programy\Avira\AntiVir Desktop\avguard.exe
E:\Programy\Avira\AntiVir Desktop\avshadow.exe
E:\Programy\JAVA\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
E:\Programy\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Documents and Settings\J7N.J7N-66C4CED9D23\Plocha\CKScanner.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\J7N.J7N-66C4CED9D23\Plocha\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Programy\JAVA\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Programy\JAVA\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] E:\Programy\Winamp\winampa.exe
O4 - HKLM\..\Run: [StartCCC] "E:\Programy\Ati Catalyst 10_3\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [pouga] C:\WINDOWS\system32\roolafyliw.exe
O4 - HKLM\..\Run: [avgnt] "E:\Programy\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\Programy\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
O4 - HKCU\..\Run: [PC Suite Tray] "E:\Programy\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Programy\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - E:\Programy\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - E:\Programy\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: G Data Tuner Service - Unknown owner - E:\Programy\GData\AVKTuner\AVKTunerService.exe (file missing)
O23 - Service: Backbone Service (iim9cotmohu) - Four-F - C:\WINDOWS\system32\berounak.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Programy\JAVA\bin\jqs.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 5651 bytes

Re: Objekt: Operační paměť, Infiltrace:Win32/Mebroot trojský

Napsal: 29 kvě 2010 09:54
od Caroprd111
c:\windows\system32\oobe\antiwpa_crypt.dll - nelegální Windows

:closed:

Re: Objekt: Operační paměť, Infiltrace:Win32/Mebroot trojský

Napsal: 29 kvě 2010 12:00
od j7n
O.K. Licence vyřešena. Log je nyní:

CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11
----- EOF -----

Re: Objekt: Operační paměť, Infiltrace:Win32/Mebroot trojský

Napsal: 29 kvě 2010 14:30
od Caroprd111
Dejte log z RSIT.

Re: Objekt: Operační paměť, Infiltrace:Win32/Mebroot trojský

Napsal: 29 kvě 2010 14:42
od j7n
Logfile of random's system information tool 1.07 (written by random/random)
Run by J7N at 2010-05-29 15:40:39
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 4 GB (24%) free of 15 GB
Total RAM: 1023 MB (31% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:40:44, on 29.5.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
E:\Programy\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
E:\Programy\Winamp\winampa.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\WINDOWS\system32\roolafyliw.exe
E:\Programy\Avira\AntiVir Desktop\avgnt.exe
E:\Programy\Ati Catalyst 10_3\ATI.ACE\Core-Static\MOM.exe
E:\Programy\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
C:\WINDOWS\system32\roolafyliw.exe
E:\Programy\Nokia\Nokia PC Suite 7\PCSuite.exe
E:\Programy\Ati Catalyst 10_3\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe
E:\Programy\Avira\AntiVir Desktop\avguard.exe
E:\Programy\Avira\AntiVir Desktop\avshadow.exe
E:\Programy\JAVA\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
E:\Programy\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
E:\Programy\Recepty doma\ReceptyDoma.exe
C:\Documents and Settings\J7N.J7N-66C4CED9D23\Plocha\RSIT.exe
C:\Program Files\trend micro\J7N.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Programy\JAVA\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Programy\JAVA\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] E:\Programy\Winamp\winampa.exe
O4 - HKLM\..\Run: [StartCCC] "E:\Programy\Ati Catalyst 10_3\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [pouga] C:\WINDOWS\system32\roolafyliw.exe
O4 - HKLM\..\Run: [avgnt] "E:\Programy\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\Programy\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
O4 - HKCU\..\Run: [PC Suite Tray] "E:\Programy\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Programy\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - E:\Programy\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - E:\Programy\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: G Data Tuner Service - Unknown owner - E:\Programy\GData\AVKTuner\AVKTunerService.exe (file missing)
O23 - Service: Backbone Service (iim9cotmohu) - Four-F - C:\WINDOWS\system32\berounak.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Programy\JAVA\bin\jqs.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 5889 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - E:\Programy\JAVA\bin\jp2ssv.dll [2010-03-09 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - E:\Programy\JAVA\lib\deploy\jqs\ie\jqs_plugin.dll [2010-03-09 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2008-06-19 570664]
"WinampAgent"=E:\Programy\Winamp\winampa.exe [2009-07-01 37888]
"StartCCC"=E:\Programy\Ati Catalyst 10_3\ATI.ACE\Core-Static\CLIStart.exe [2010-03-02 98304]
"NokiaMServer"=C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup []
"pouga"=C:\WINDOWS\system32\roolafyliw.exe [2010-05-21 344576]
"avgnt"=E:\Programy\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=E:\Programy\DAEMON Tools Lite\daemon.exe [2008-04-01 486856]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-06-24 1840424]
"NokiaOviSuite2"=C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe [2010-02-24 385928]
"PC Suite Tray"=E:\Programy\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-06-25 1414144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2010-03-03 159744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"E:\Programy\uTorrent\utorrent.exe"="E:\Programy\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"I:\HRY\Need for Speed Most Wanted\speed.exe"="I:\HRY\Need for Speed Most Wanted\speed.exe:*:Enabled:speed"
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-05-29 15:40:40 ----D---- C:\Program Files\trend micro
2010-05-29 15:40:39 ----DC---- C:\rsit
2010-05-28 23:17:41 ----D---- C:\Documents and Settings\J7N.J7N-66C4CED9D23\Data aplikací\Avira
2010-05-28 23:05:50 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Avira
2010-05-28 23:02:11 ----SHDC---- C:\Config.Msi
2010-05-23 23:27:50 ----AC---- C:\ComboFix.txt
2010-05-23 23:21:01 ----A---- C:\WINDOWS\NIRCMD.exe
2010-05-23 23:21:01 ----A---- C:\WINDOWS\MBR.exe
2010-05-23 23:20:58 ----A---- C:\WINDOWS\PEV.exe
2010-05-23 23:20:57 ----A---- C:\WINDOWS\SWREG.exe
2010-05-23 23:20:56 ----A---- C:\WINDOWS\zip.exe
2010-05-23 23:20:56 ----A---- C:\WINDOWS\sed.exe
2010-05-23 23:20:56 ----A---- C:\WINDOWS\grep.exe
2010-05-23 23:20:55 ----A---- C:\WINDOWS\SWSC.exe
2010-05-23 23:20:54 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-05-23 23:00:53 ----D---- C:\WINDOWS\ERDNT
2010-05-23 23:00:14 ----A---- C:\WINDOWS\system32\CF11050.exe
2010-05-23 22:55:51 ----DC---- C:\Qoobox
2010-05-23 12:14:29 ----ASHC---- C:\BOOT.BAK
2010-05-23 12:14:08 ----RASHDC---- C:\cmdcons
2010-05-23 12:14:08 ----A---- C:\WINDOWS\UPGRADE.TXT
2010-05-23 12:14:06 ----D---- C:\WINDOWS\setup.pss
2010-05-23 11:39:25 ----AD---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\TEMP
2010-05-21 10:50:12 ----A---- C:\WINDOWS\system32\berounak.exe
2010-05-21 10:48:54 ----A---- C:\WINDOWS\system32\roolafyliw.exe
2010-05-09 06:58:54 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\OviInstallerCache
2010-05-02 17:57:38 ----HDC---- C:\WINDOWS\$NtUninstallWdf01009$
2010-05-02 17:50:55 ----A---- C:\WINDOWS\system32\wdfcoinstaller01009.dll
2010-05-02 17:49:03 ----D---- C:\Program Files\Nokia

======List of files/folders modified in the last 1 months======

2010-05-29 15:40:44 ----D---- C:\WINDOWS\Prefetch
2010-05-29 15:40:40 ----RAD---- C:\Program Files
2010-05-29 12:58:21 ----D---- C:\WINDOWS\system32\oobe
2010-05-29 12:52:03 ----AC---- C:\fftrlog.txt
2010-05-29 09:53:31 ----D---- C:\WINDOWS\Temp
2010-05-29 09:51:39 ----D---- C:\WINDOWS\system32\CatRoot2
2010-05-29 09:51:33 ----D---- C:\WINDOWS
2010-05-29 09:49:11 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-05-29 01:54:05 ----D---- C:\WINDOWS\system32\NtmsData
2010-05-28 23:17:17 ----SHD---- C:\RECYCLER
2010-05-28 23:14:15 ----D---- C:\WINDOWS\repair
2010-05-28 23:14:01 ----D---- C:\WINDOWS\Registration
2010-05-28 23:05:52 ----D---- C:\WINDOWS\system32\drivers
2010-05-28 23:03:35 ----SHD---- C:\WINDOWS\Installer
2010-05-28 23:02:26 ----D---- C:\WINDOWS\system32
2010-05-28 23:02:19 ----HD---- C:\WINDOWS\inf
2010-05-23 23:27:13 ----SD---- C:\WINDOWS\Tasks
2010-05-23 23:26:27 ----AC---- C:\WINDOWS\system.ini
2010-05-23 23:23:51 ----D---- C:\WINDOWS\AppPatch
2010-05-23 23:23:45 ----D---- C:\Program Files\Common Files
2010-05-23 22:59:17 ----SHD---- C:\System Volume Information
2010-05-23 22:59:17 ----D---- C:\WINDOWS\system32\Restore
2010-05-23 19:31:17 ----A---- C:\WINDOWS\NeroDigital.ini
2010-05-23 19:29:40 ----D---- C:\WINDOWS\system32\config
2010-05-23 18:36:08 ----D---- C:\WINDOWS\Minidump
2010-05-23 18:36:08 ----D---- C:\WINDOWS\Debug
2010-05-23 12:14:30 ----RASHC---- C:\boot.ini
2010-05-23 11:39:54 ----D---- C:\WINDOWS\WinSxS
2010-05-22 03:19:23 ----D---- C:\TEMP
2010-05-09 21:43:03 ----D---- C:\Documents and Settings\J7N.J7N-66C4CED9D23\Data aplikací\PC Suite
2010-05-09 08:16:50 ----D---- C:\Documents and Settings\J7N.J7N-66C4CED9D23\Data aplikací\Nokia
2010-05-09 07:56:49 ----D---- C:\Program Files\Common Files\Nokia
2010-05-02 18:39:50 ----A---- C:\WINDOWS\ModemLog_Nokia E66 USB Modem.txt
2010-05-02 17:51:59 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-05-02 17:51:55 ----D---- C:\Program Files\PC Connectivity Solution
2010-05-02 17:47:22 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Installations

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\E:\Programy\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-03-01 124784]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-14 88192]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2010-03-03 4630016]
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2005-05-12 1332544]
R3 GearAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\drivers\GEARAspiWDM.sys [2008-02-22 16168]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2008-04-14 20992]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2005-04-12 10144]
R3 WmFilter;Logitech Gaming HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2005-04-12 22240]
R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2005-04-12 45504]
S2 aitdku;\??\C:\; \??\C:\DOCUME~1\J7N~1.J7N\LOCALS~1\Temp\tbkur.sys []
S3 al1kq7st;al1kq7st; C:\WINDOWS\system32\drivers\al1kq7st.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\J7N~1.J7N\LOCALS~1\Temp\catchme.sys []
S3 NDISKIO;NDISKIO; \??\C:\DOCUME~1\J7N~1.J7N\LOCALS~1\Temp\82d38a3a.nmc\nse\bin\ndiskio.sys []
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2010-02-26 18176]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2010-02-26 22528]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2010-02-26 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2010-02-26 8320]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 PRODIGY;PRODIGY; C:\WINDOWS\System32\Drivers\PRODIGY.SYS [2006-08-29 32377]
S3 Serenade;Serenade USB DFU Device; C:\WINDOWS\System32\Drivers\Serenadedfu.sys [2006-11-09 14336]
S3 UnhookMBRS;UnhookMBRS; \??\C:\DOCUME~1\J7N~1.J7N\LOCALS~1\Temp\82d38a3a.nmc\nse\bin\unhookmbrs.sys []
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2010-02-26 8192]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbser;Nokia USB Serial Port; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2010-02-26 8192]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2005-04-12 5600]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S4 dwshd;dwshd; C:\WINDOWS\System32\drivers\dwshd.sys []
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirService;Avira AntiVir Guard; E:\Programy\Avira\AntiVir Desktop\avguard.exe [2010-04-01 267432]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; E:\Programy\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2010-03-03 602112]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; E:\Programy\JAVA\bin\jqs.exe [2010-03-09 153376]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-06-24 537896]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-02-26 652800]
S2 iim9cotmohu;Backbone Service; C:\WINDOWS\system32\berounak.exe [2010-05-21 344576]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 G Data Tuner Service;G Data Tuner Service; E:\Programy\GData\AVKTuner\AVKTunerService.exe []
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]

-----------------EOF-----------------

Re: Objekt: Operační paměť, Infiltrace:Win32/Mebroot trojský

Napsal: 29 kvě 2010 15:06
od Caroprd111
Obrázek Pokud nemáte, přesuňte Combofix na plochu
  • Otevřete si Poznámkový blok a zkopírujte do něj text z bílého okénka.

Kód: Vybrat vše

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{53F6FCCD-9E22-4d71-86EA-6E43136192AB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{925DAB62-F9AC-4221-806A-057BFB1014AA}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"pouga"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000

Driver::
aitdku
al1kq7st
NDISKIO
UnhookMBRS
dwshd
iim9cotmohu

File::
C:\DOCUME~1\J7N~1.J7N\LOCALS~1\Temp\tbkur.sys
C:\WINDOWS\system32\drivers\al1kq7st.sys
C:\DOCUME~1\J7N~1.J7N\LOCALS~1\Temp\82d38a3a.nmc\nse\bin\ndiskio.sys
C:\DOCUME~1\J7N~1.J7N\LOCALS~1\Temp\82d38a3a.nmc\nse\bin\unhookmbrs.sys
C:\WINDOWS\System32\drivers\dwshd.sys
C:\WINDOWS\system32\berounak.exe
C:\WINDOWS\system32\roolafyliw.exe
C:\fftrlog.txt

Restore::
c:\windows\system32\winlogon.exe
  • Uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
  • Po uložení uchopte vámi vytvořený skript levým myšítkem a přesuňte ho nad ikonu Combofixu, kde ho upustíte:

    Obrázek
  • Po aplikaci na Vás vypadne další log,vložte ho sem
Může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

Re: Objekt: Operační paměť, Infiltrace:Win32/Mebroot trojský

Napsal: 29 kvě 2010 15:50
od j7n
Děkuji za rady, můžete mi napsat co se mi v PC děje? Opravdu mám infikovanou operační paměť Mebrootem?
Co hrozí? Děkuji, zde je Log:

ComboFix 10-05-28.08 - J7N 29.05.2010 16:36:10.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.671 [GMT 2:00]
Spuštěný z: c:\documents and settings\J7N.J7N-66C4CED9D23\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\J7N.J7N-66C4CED9D23\Plocha\CFScript.txt.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::
"c:\docume~1\J7N~1.J7N\LOCALS~1\Temp\82d38a3a.nmc\nse\bin\ndiskio.sys"
"c:\docume~1\J7N~1.J7N\LOCALS~1\Temp\82d38a3a.nmc\nse\bin\unhookmbrs.sys"
"c:\docume~1\J7N~1.J7N\LOCALS~1\Temp\tbkur.sys"
"C:\fftrlog.txt"
"c:\windows\system32\berounak.exe"
"c:\windows\system32\drivers\al1kq7st.sys"
"c:\windows\System32\drivers\dwshd.sys"
"c:\windows\system32\roolafyliw.exe"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\fftrlog.txt
c:\windows\system32\berounak.exe
c:\windows\system32\roolafyliw.exe

Nakažená kopie c:\windows\system32\winlogon.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\qoobox\Quarantine\C\WINDOWS\system32\winlogon.bak.vir

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AITDKU
-------\Legacy_IIM9COTMOHU
-------\Legacy_NDISKIO
-------\Legacy_UNHOOKMBRS
-------\Service_aitdku
-------\Service_dwshd
-------\Service_iim9cotmohu
-------\Service_NDISKIO
-------\Service_UnhookMBRS


((((((((((((((((((((((((( Soubory vytvořené od 2010-04-28 do 2010-05-29 )))))))))))))))))))))))))))))))
.

2010-05-29 14:30 . 2010-05-29 14:30 390144 ----a-w- c:\windows\system32\CF22804.exe
2010-05-29 13:40 . 2010-05-29 13:40 -------- d-----w- c:\program files\trend micro
2010-05-29 13:40 . 2010-05-29 13:40 -------- dc----w- C:\rsit
2010-05-28 21:05 . 2010-03-01 08:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-05-28 21:05 . 2010-02-16 12:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-05-28 21:05 . 2009-05-11 10:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-05-28 21:05 . 2009-05-11 10:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-05-28 21:02 . 2010-05-28 21:02 42117 ----a-w- c:\windows\system32\epfwdata.bin
2010-05-23 21:00 . 2010-05-23 20:55 390144 ----a-w- c:\windows\system32\CF11050.exe
2010-05-23 08:21 . 2010-05-23 08:21 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-22 18:37 . 2010-05-22 18:37 -------- d-----w- c:\documents and settings\J7N.J7N-66C4CED9D23\DoctorWeb
2010-05-02 15:51 . 2008-08-26 07:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-05-02 15:50 . 2010-02-26 11:19 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2010-05-02 15:49 . 2010-05-09 05:56 -------- d-----w- c:\program files\Nokia

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-09 05:56 . 2009-10-18 18:50 -------- d-----w- c:\program files\Common Files\Nokia
2010-05-02 15:57 . 2010-05-02 15:57 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
2010-05-02 15:57 . 2010-05-02 15:57 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-05-02 15:51 . 2009-08-15 16:37 -------- d-----w- c:\program files\PC Connectivity Solution
2010-04-20 20:22 . 2010-04-20 20:22 -------- d-----w- c:\program files\Microsoft Works
2010-04-20 20:21 . 2010-04-20 20:21 -------- d-----w- c:\program files\Microsoft.NET
2010-04-14 15:29 . 2001-10-25 14:00 68736 ----a-w- c:\windows\system32\perfc005.dat
2010-04-14 15:29 . 2001-10-25 14:00 389664 ----a-w- c:\windows\system32\perfh005.dat
2010-04-14 15:29 . 2010-04-14 15:29 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2010-04-14 15:28 . 2010-04-14 15:28 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2010-04-13 16:59 . 2010-04-13 16:59 -------- d-----w- c:\program files\CoreCodec
2010-04-12 20:33 . 2005-03-05 11:59 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-31 16:18 . 2010-03-31 16:18 -------- d-----w- c:\program files\Common Files\Java
2010-03-26 17:22 . 2010-03-26 17:22 0 ----a-w- c:\windows\ativpsrm.bin
2010-03-09 02:28 . 2009-10-15 20:07 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-03 04:21 . 2009-10-15 12:33 4630016 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2010-03-03 04:07 . 2006-02-21 18:20 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2010-03-03 04:02 . 2010-03-26 17:21 45056 ----a-w- c:\windows\system32\aticalrt.dll
2010-03-03 04:02 . 2010-03-26 17:21 45056 ----a-w- c:\windows\system32\aticalcl.dll
2010-03-03 04:01 . 2010-03-26 17:21 3641344 ----a-w- c:\windows\system32\aticaldd.dll
2010-03-03 03:44 . 2006-02-21 18:11 14262272 ----a-w- c:\windows\system32\atioglxx.dll
2010-03-03 03:40 . 2010-03-26 17:21 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-03-03 03:40 . 2009-10-15 12:33 3616096 ----a-w- c:\windows\system32\ati3duag.dll
2010-03-03 03:39 . 2009-10-15 12:33 301056 ----a-w- c:\windows\system32\ati2dvag.dll
2010-03-03 03:24 . 2006-02-21 18:41 208896 ----a-w- c:\windows\system32\atipdlxx.dll
2010-03-03 03:24 . 2009-10-15 12:33 2232320 ----a-w- c:\windows\system32\ativvaxx.dll
2010-03-03 03:24 . 2006-02-21 18:40 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-03-03 03:24 . 2010-03-26 17:21 887724 ----a-w- c:\windows\system32\ativva6x.dat
2010-03-03 03:24 . 2010-03-26 17:21 3 ----a-w- c:\windows\system32\ativva5x.dat
2010-03-03 03:24 . 2006-02-21 18:40 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-03-03 03:24 . 2006-02-21 18:40 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-03-03 03:23 . 2006-02-21 18:40 159744 ----a-w- c:\windows\system32\ati2evxx.dll
2010-03-03 03:22 . 2006-02-21 18:39 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2010-03-03 03:21 . 2006-02-21 18:38 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-03-03 03:20 . 2010-03-26 17:21 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-03-03 03:16 . 2006-02-21 18:11 565248 ----a-w- c:\windows\system32\atikvmag.dll
2010-03-03 03:15 . 2010-03-26 17:21 184320 ----a-w- c:\windows\system32\atiadlxx.dll
2010-03-03 03:14 . 2006-02-21 18:10 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-03-03 03:14 . 2010-03-26 17:21 393216 ----a-w- c:\windows\system32\atiok3x2.dll
2010-03-03 03:09 . 2009-10-15 12:33 638976 ----a-w- c:\windows\system32\ati2cqag.dll
2010-03-03 03:07 . 2006-02-21 18:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-03-03 03:07 . 2010-03-26 17:21 65024 ----a-w- c:\windows\system32\atimpc32.dll
2010-03-03 03:07 . 2010-03-26 17:21 65024 ----a-w- c:\windows\system32\amdpcom32.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-05-23_21.26.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-29 14:41 . 2010-05-29 14:41 16384 c:\windows\Temp\Perflib_Perfdata_618.dat
+ 2010-05-28 21:05 . 2009-05-11 08:12 28520 c:\windows\system32\drivers\ssmdrv.sys
+ 2008-04-14 06:52 . 2008-04-14 06:52 507904 c:\windows\system32\winlogon.exe
- 2008-04-14 06:52 . 2009-10-15 21:16 507904 c:\windows\system32\winlogon.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="e:\programy\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"NokiaOviSuite2"="c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2010-02-24 385928]
"PC Suite Tray"="e:\programy\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-06-19 570664]
"WinampAgent"="e:\programy\Winamp\winampa.exe" [2009-07-01 37888]
"StartCCC"="e:\programy\Ati Catalyst 10_3\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-02 98304]
"avgnt"="e:\programy\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"e:\\Programy\\uTorrent\\utorrent.exe"=
"i:\\HRY\\Need for Speed Most Wanted\\speed.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15.10.2009 21:47 717296]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;e:\programy\Avira\AntiVir Desktop\sched.exe [28.5.2010 23:05 135336]
S3 G Data Tuner Service;G Data Tuner Service;e:\programy\GData\AVKTuner\AVKTunerService.exe --> e:\programy\GData\AVKTuner\AVKTunerService.exe [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [18.10.2009 20:50 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [18.10.2009 20:50 8320]
S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [6.12.2009 14:08 32377]
S3 Serenade;Serenade USB DFU Device;c:\windows\system32\drivers\Serenadedfu.sys [17.11.2009 13:25 14336]
.
.
------- Doplňkový sken -------
.
FF - ProfilePath - c:\documents and settings\J7N.J7N-66C4CED9D23\Data aplikací\Mozilla\Firefox\Profiles\zq6vfpc8.default\
FF - component: c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - plugin: e:\programy\JAVA\bin\new_plugin\npdeploytk.dll
FF - plugin: e:\programy\JAVA\bin\new_plugin\npjp2.dll

---- NASTAVENÍ FIREFOXU ----
e:\programy\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
e:\programy\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
e:\programy\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
e:\programy\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
e:\programy\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-29 16:42
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spqj.sys >>UNKNOWN [0x86788938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf78a6f28
\Driver\ACPI -> ACPI.sys @ 0xf7701cb8
\Driver\atapi -> atapi.sys @ 0xf7696b40
IoDeviceObjectType -> ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
SecurityProcedure -> ntoskrnl.exe @ 0x805d96a1
\Device\Harddisk0\DR0 -> ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
SecurityProcedure -> ntoskrnl.exe @ 0x805d96a1
NDIS: Realtek RTL8139 Family PCI Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf758dbd4
PacketIndicateHandler -> NDIS.sys @ 0xf7599a21
SendHandler -> NDIS.sys @ 0xf758dd44
user & kernel MBR OK
PE file found in sector at 0x02542D703 !
PE file found in sector at 0x02542D757 !
PE file found in sector at 0x02542D76B !
PE file found in sector at 0x02542D7A0 !
PE file found in sector at 0x02542D7E4 !
PE file found in sector at 0x02542D83B !

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(580)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll

- - - - - - - > 'explorer.exe'(956)
c:\windows\system32\WPDShServiceObj.dll
e:\programy\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
e:\programy\Nokia\Nokia PC Suite 7\NGSCM.DLL
e:\programy\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
e:\programy\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
e:\programy\Avira\AntiVir Desktop\avguard.exe
e:\programy\JAVA\bin\jqs.exe
e:\programy\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
e:\programy\Ati Catalyst 10_3\ATI.ACE\Core-Static\MOM.exe
e:\programy\Ati Catalyst 10_3\ATI.ACE\Core-Static\ccc.exe
c:\program files\Common Files\Nokia\NoA\nokiaaserver.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclIrSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Celkový čas: 2010-05-29 16:44:53 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-05-29 14:44
ComboFix2.txt 2010-05-23 21:27

Před spuštěním: 3 769 409 536
Po spuštění: 4 171 087 872

- - End Of File - - 15226AF3D94106D5F7B48C7BF90C30EA

Re: Objekt: Operační paměť, Infiltrace:Win32/Mebroot trojský

Napsal: 29 kvě 2010 17:28
od Caroprd111
Mebroot tam bude. Zazálohujte si všechna důležitá data :!:


Obrázek Odinstalujte všechny emulátory virtuálních mechanik.

Obrázek Stáhněte SPTD http://www.duplexsecure.com/en/downloads
  • Vyberte verzi podle svého operačního systému (64 & 32b). Uložte na plochu a spusťte.
  • zvolte možnost Uninstall a restartujte PC.

Obrázek Stáhněte a spusťte http://www.jpshortstuff.247fixes.com/Defogger.exe
  • Klikněte na "Disable" a restartujte PC.

Obrázek Stáhněte MBR na plochu http://www2.gmer.net/mbr/mbr.exe

Obrázek Start > Spustit (Win + R)
  • Vyskočí okénko, zkopírujte do něj:

Kód: Vybrat vše

"%userprofile%\plocha\mbr" -t
  • Klikněte na OK
  • Vytvoří se log s názvem mbr.log, vložte ho sem.


Obrázek Dejte log z Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878

Re: Objekt: Operační paměť, Infiltrace:Win32/Mebroot trojský

Napsal: 30 kvě 2010 14:08
od j7n
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
PE file found in sector at 0x02542D703 !
PE file found in sector at 0x02542D757 !
PE file found in sector at 0x02542D76B !
PE file found in sector at 0x02542D7A0 !
PE file found in sector at 0x02542D7E4 !
PE file found in sector at 0x02542D83B !

Mám 3 disky, 1. rozdělen na 3díly, testoval jsem 1.díl -systémový, 15Gb trvalo přibližně 30min!
Při vytváření logu z Gmeru se mi počítač zasekne(po skončení scanu dám save, napíšu jméno logu, dám uložit, kurzor myši se změní
v přesýpací hodiny, dá se s ním hýbat, ale to je vše.ctrl+alt+del nereaguje, musel jsem dát tvrdý reset.

Re: Objekt: Operační paměť, Infiltrace:Win32/Mebroot trojský

Napsal: 30 kvě 2010 14:12
od Caroprd111
Zkuste Gmer přejmenovat na cokoliv.com a spustit v nouzovém režimu.

Re: Objekt: Operační paměť, Infiltrace:Win32/Mebroot trojský

Napsal: 30 kvě 2010 14:51
od j7n
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-30 15:47:19
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\J7N~1.J7N\LOCALS~1\Temp\fgacqaog.sys


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 E:\Programy\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xA0 0xC6 0xF7 0xC0 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x45 0x04 0x58 0xDB ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xB4 0x3A 0x0E 0x84 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 E:\Programy\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xEE 0x76 0x03 0xF4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE2 0x0C 0x68 0xEA ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xB4 0x3A 0x0E 0x84 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 E:\Programy\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xEE 0x76 0x03 0xF4 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE2 0x0C 0x68 0xEA ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xB4 0x3A 0x0E 0x84 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@I:\HRY\LEGO\xae Indiana Jones\x2122 2\Audio\Audio.CFG 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@I:\HRY\LEGO\xae Indiana Jones\x2122 2\Audio\_CutScenes\AkatorHub_Intro.ogg 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@I:\HRY\LEGO\xae Indiana Jones\x2122 2\Audio\_Music\1_0_HUB_1Nepal_Qui.ogg 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@I:\HRY\LEGO\xae Indiana Jones\x2122 2\Movies\PC\attract.bik 1

---- EOF - GMER 1.0.15 ----

Re: Objekt: Operační paměť, Infiltrace:Win32/Mebroot trojský

Napsal: 30 kvě 2010 18:50
od j7n
:( Prosím pomoc :(

Re: Objekt: Operační paměť, Infiltrace:Win32/Mebroot trojský

Napsal: 30 kvě 2010 19:12
od Caroprd111
Obrázek Nabootujte z instalačního CD a vstupte do konzoly pro zotavení. Pro tuto operaci musíte znát heslo k účtu Administrator. Do příkazového řádku napište:

Kód: Vybrat vše

fixmbr
Stskněte >Enter< a potvrďte. Pak napište

Kód: Vybrat vše

exit
opět stiskněte >Enter< . PC se restartuje.



Obrázek Stáhněte MBR na plochu http://www2.gmer.net/mbr/mbr.exe

Obrázek Start > Spustit (Win + R)
  • Vyskočí okénko, zkopírujte do něj:

Kód: Vybrat vše

"%userprofile%\plocha\mbr" -t
  • Klikněte na OK
  • Vytvoří se log s názvem mbr.log, vložte ho sem.
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz