Prosím o kontrolu, asi mám virus

pitimir · Příspěvek od **pitimir** » 19 srp 2009 15:09

Do /code si mi to dal narocky?

Otestuj subor(y) na VIRUSTOTALe:

c:\windows\system32\drivers\tcpip.sys
d:\hry\UltraStar Deluxe\zlportio.sys

Ak vypise, ze subor uz bol testovany, daj ho otestovat znovu. Vysledok posli ako LINK.

Ten prvy nepresiel Sigcheckom, druhy nepoznam.

JanHonJan · Příspěvek od **JanHonJan** » 19 srp 2009 15:50

Ne, proč?

Tady jsou ty výsledky: tcpip.sys. V adresáři D:\Hry\UltraStar Deluxe\ ale žádný soubor zlportio.sys nevidím ... Mimochodem, ta cedulka zatím nenaskočila.

(tcpip.sys neprošel asi proto, protože jsem ho upravoval

)

pitimir · Příspěvek od **pitimir** » 19 srp 2009 19:05

To je dobre, ze to uz neskace. Este jedna otazka - poznas tu hru UltraStar Deluxe?

JanHonJan · Příspěvek od **JanHonJan** » 19 srp 2009 19:43

Doufám, že už tu ten virus není

. Mám ještě poslat z něčeho log, jen tak pro jistotu?

Jo, UltraStar Deluxe znám a jen jsem to tak zkoušel

, nehraju to nějak aktivně

.

pitimir · Příspěvek od **pitimir** » 20 srp 2009 09:16

Hod mi este jeden ComboFix (bez /code a /quote

). Takze uz neskace?

JanHonJan · Příspěvek od **JanHonJan** » 20 srp 2009 11:06

Ne, neskáče. Alespoň při posledních 3 spuštěních nevyskočila.

Mimochodem, když jsem dnes pustil PC, vyskočil mi avast! s tím, že nalezl v C:/Program Files/Common Files virus - Win32/Induc. Tak jsem ho smazal. Ale v Delphi nedělám a nikdy jsem nedělal, tak snad to nevadí.

ComboFix hodím

.

JanHonJan · Příspěvek od **JanHonJan** » 20 srp 2009 11:25

Tady je ten log:

ComboFix 09-08-19.04 - JanHonJan 20.08.2009 11:11.2.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1279.762 [GMT 2:00]
Spuštěný z: c:\documents and settings\JanHonJan\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090819-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-07-20 do 2009-08-20 )))))))))))))))))))))))))))))))
.

2009-08-18 15:15 . 2007-12-26 15:30 679936 ----a-w- c:\windows\system32\D3DX81ab.dll
2009-08-18 15:15 . 2007-12-26 15:30 1970176 ----a-w- c:\windows\system32\d3dx9.dll
2009-08-18 11:56 . 2009-08-18 11:56 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2009-08-08 17:19 . 2009-08-08 17:19 -------- d-----w- c:\windows\system32\Futuremark
2009-08-08 17:19 . 2008-09-17 13:14 27672 ----a-r- c:\windows\system32\drivers\Entech.sys
2009-08-08 17:19 . 2009-08-08 17:19 -------- d-----w- c:\program files\Common Files\Futuremark Shared
2009-08-01 21:29 . 2009-08-01 21:29 -------- d-----w- c:\program files\Windows Journal Viewer
2009-08-01 19:04 . 2009-08-19 18:13 -------- d-----w- c:\documents and settings\JanHonJan\Tracing
2009-08-01 19:02 . 2009-08-01 19:02 -------- d-----w- c:\program files\Microsoft
2009-08-01 19:01 . 2009-08-01 19:01 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-08-01 19:01 . 2009-08-01 19:02 -------- d-----w- c:\program files\Windows Live
2009-08-01 18:57 . 2009-08-01 18:57 -------- d-----w- c:\program files\Common Files\Windows Live
2009-07-30 20:54 . 2009-08-01 18:54 -------- d-----w- c:\program files\ViGlance
2009-07-30 20:51 . 2009-08-01 18:54 -------- d-----w- c:\program files\ViSplore
2009-07-29 17:59 . 2009-07-29 18:00 -------- d-----w- c:\windows\.file_store_32
2009-07-24 01:57 . 2009-07-24 01:57 41872 ----a-w- c:\windows\system32\xfcodec.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-19 16:50 . 2008-09-05 13:38 34 ----a-w- c:\documents and settings\JanHonJan\jagex_runescape_preferences.dat
2009-08-19 13:40 . 2004-08-03 21:14 360320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-15 14:17 . 2009-04-11 16:36 -------- d-----w- c:\program files\ATI Technologies
2009-08-08 17:19 . 2008-07-03 13:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-07 15:30 . 2008-07-06 08:23 -------- d-----w- c:\program files\Lx_cats
2009-07-30 17:55 . 2004-08-17 13:49 4154368 ----a-w- c:\windows\system32\logonuiX.exe
2009-07-30 17:54 . 2009-05-29 16:21 163712 ----a-w- c:\windows\system32\drivers\vidstub.sys
2009-06-30 21:22 . 2008-10-17 14:21 141612 ----a-w- c:\windows\system32\drivers\dump_wmimmc.sys
2009-06-30 18:18 . 2009-06-30 18:18 6820 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-20 08:59 . 2009-06-20 08:59 53248 ----a-w- c:\documents and settings\JanHonJan\lametritonus_en.dll
2009-06-20 08:59 . 2009-06-20 08:59 162304 ----a-w- c:\documents and settings\JanHonJan\lame_enc_en.dll
2009-06-19 18:39 . 2009-06-19 18:31 798720 ----a-w- c:\windows\GPInstall.exe
2009-05-31 20:18 . 2009-05-31 20:18 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-05-28 18:14 . 2009-05-28 18:14 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2004-08-17 13:49 . 2008-07-17 09:28 73728 --sha-w- c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-08-19_11.19.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-20 09:01 . 2009-08-20 09:01 16384 c:\windows\Temp\Perflib_Perfdata_980.dat
- 2009-08-18 20:15 . 2009-08-18 20:15 16384 c:\windows\Temp\Perflib_Perfdata_778.dat
+ 2009-08-20 09:01 . 2009-08-20 09:01 16384 c:\windows\Temp\Perflib_Perfdata_778.dat
+ 2009-05-19 15:28 . 2009-08-19 16:50 49152 c:\windows\.jagex_cache_32\runescape\jagmisc.dll
- 2009-05-19 15:28 . 2009-08-18 10:07 49152 c:\windows\.jagex_cache_32\runescape\jagmisc.dll
+ 2009-05-19 15:28 . 2009-08-19 16:50 81920 c:\windows\.jagex_cache_32\runescape\jaggl.dll
- 2009-05-19 15:28 . 2009-08-18 10:07 81920 c:\windows\.jagex_cache_32\runescape\jaggl.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="d:\programy\Daemon Tools\daemon.exe" [2008-07-08 486856]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2008-05-15 95536]
"Sony Ericsson PC Suite"="d:\programy\SE PC Suite\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-02 393216]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]
"Google Update"="c:\documents and settings\JanHonJan\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-07-30 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="d:\programy\AVAST!~1\ashDisp.exe" [2009-02-05 81000]
"lxbumon.exe"="c:\program files\Lexmark 6200 Series\lxbumon.exe" [2004-09-22 188416]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2004-09-22 299008]
"EzPrint"="c:\program files\Lexmark 6200 Series\ezprint.exe" [2004-09-17 61440]
"Adobe Reader Speed Launcher"="d:\programy\Adobe Reader\Reader\Reader_sl.exe" [2008-01-11 39792]
"SMSTray"="d:\programy\Samsung Media Studio 5\SMSTray.exe" [2007-02-23 126976]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2008-05-15 54576]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"ContentTransferWMDetector.exe"="d:\programy\Sony Content Transfer\ContentTransferWMDetector.exe" [2008-07-11 423200]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="d:\programy\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208]
"InCD"="d:\programy\Nero 7\InCD\InCD.exe" [2007-05-15 1057328]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"LogonStudio"="d:\programy\Stardock\LogonStudio\logonstudio.exe" [2002-09-03 987187]
"LXBUCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXBUtime.dll" [2004-09-10 69632]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2007-04-16 577536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\JanHonJan\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.0.lnk - d:\programy\OpenOffice.org\OpenOffice.org 3\program\quickstart.exe [2009-1-15 393216]
WinFlip.lnk - d:\programy\WinFlip\WinFlip.exe [2009-8-13 483328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2008-08-31 15:00 210168 ----a-w- d:\programy\Stardock\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\lxbucoms.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Programy\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Programy\\ICQ 6.5\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Programy\\Skype\\Phone\\Skype.exe"=

R0 BootScreen;BootScreen;\SystemRoot\\SystemRoot\System32\drivers\vidstub.sys --> \SystemRoot\\SystemRoot\System32\drivers\vidstub.sys [?]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [3.7.2008 15:15 114768]
R1 prodrv04;Star Force copy protection driver v4;c:\windows\system32\drivers\prodrv04.sys [24.9.2008 21:56 114496]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3.7.2008 15:15 20560]
S2 gupdate1c9862bdc32f4d4;Google Update Service (gupdate1c9862bdc32f4d4);c:\program files\Google\Update\GoogleUpdate.exe [3.2.2009 20:18 133104]
S2 wmcmgc;Windows Management Configuration;c:\windows\System32\svchost.exe -k netsvcs [17.8.2004 15:49 14336]
S3 cpuz130;cpuz130;\??\c:\docume~1\JANHON~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\JANHON~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [26.12.2008 0:00 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [26.12.2008 0:00 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [26.12.2008 0:00 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [26.12.2008 0:00 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [26.12.2008 0:00 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [26.12.2008 0:00 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [26.12.2008 0:00 115752]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [26.12.2008 0:00 90536]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [26.12.2008 0:00 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [26.12.2008 0:00 122152]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [26.12.2008 0:00 115496]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [26.12.2008 0:00 25768]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [26.12.2008 0:00 111912]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [26.12.2008 0:00 117672]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [19.7.2008 21:13 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [19.7.2008 21:13 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [19.7.2008 21:13 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [19.7.2008 21:13 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [19.7.2008 21:13 98568]
S3 zlportio;zlportio;\??\d:\hry\UltraStar Deluxe\zlportio.sys --> d:\hry\UltraStar Deluxe\zlportio.sys [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
wmcmgc
.
Obsah adresáře 'Naplánované úlohy'

2009-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 18:18]

2009-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 18:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/" onclick="window.open(this.href);return false;
mLocal Page =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Download with Free Download Manager - file://d" onclick="window.open(this.href);return false;:\programy\Free Download Manager\dllink.htm
TCP: {B4DD0554-5777-4884-BC02-8DDACB844BF7} = 10.10.10.1,10.10.10.2
FF - ProfilePath - c:\documents and settings\JanHonJan\Data aplikací\Mozilla\Firefox\Profiles\buv56uf4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz" onclick="window.open(this.href);return false;
FF - prefs.js: network.proxy.type - 4
FF - component: d:\programy\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - plugin: d:\programy\Adobe Reader\Reader\browser\nppdf32.dll
FF - plugin: d:\programy\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: d:\programy\Mozilla Firefox\plugins\NPCentraUpdater.dll

---- NASTAVENÍ FIREFOXU ----
d:\programy\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
d:\programy\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
d:\programy\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
d:\programy\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
d:\programy\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
d:\programy\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
d:\programy\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
d:\programy\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
d:\programy\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
d:\programy\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
d:\programy\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
d:\programy\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
d:\programy\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
d:\programy\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
d:\programy\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
d:\programy\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
d:\programy\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
d:\programy\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
d:\programy\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
d:\programy\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
d:\programy\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
d:\programy\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
d:\programy\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
d:\programy\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
d:\programy\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
d:\programy\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
d:\programy\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
d:\programy\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
d:\programy\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
d:\programy\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
d:\programy\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
d:\programy\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
d:\programy\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
d:\programy\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
d:\programy\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
d:\programy\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
d:\programy\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
d:\programy\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
d:\programy\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
d:\programy\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
d:\programy\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
d:\programy\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
d:\programy\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
d:\programy\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
d:\programy\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
d:\programy\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
d:\programy\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net" onclick="window.open(this.href);return false;
Rootkit scan 2009-08-20 11:18
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXBUCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-602162358-1284227242-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(736)
c:\windows\system32\Ati2evxx.dll
d:\programy\Stardock\WindowBlinds\WBSrv.dll

- - - - - - - > 'explorer.exe'(2728)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
d:\programy\Stardock\IconPackager\iprepair.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2009-08-20 11:21
ComboFix-quarantined-files.txt 2009-08-20 09:21
ComboFix2.txt 2009-08-19 11:30

Před spuštěním: 5 578 084 352
Po spuštění: 6 668 931 072

238 --- E O F --- 2008-07-12 20:00

Doufám, že je tam něco špatně

, protože mám pořád pocit, že je tu virus/trojan/keylogger ...

pitimir · Příspěvek od **pitimir** » 20 srp 2009 12:50

A co ta k tomu pocitu vedie?
Pozrieme sa na rootkity:

1) Stiahni GMER, rozbal ho na plochu a spust. Program automaticky zacne scan (po jeho skonceni vloz log c. 1) - pokial pri scanovani nieco najde (=vyskoci nejake upozornenie), klik na "NO" a vpravo zafajknes vsetky polozky OKREM:

Sections
IAT/EAT
Registry
nesystemovych diskov a particii (system je zvycajne na "C:\" - takze nezaskrtnute nechas "D:\", "E:\"...atd.)
Show All

Klik na "Scan". Po scane klik na "Save" a log c. 2 vloz sem.

Ak nic nenajde (=nevyskoci nic), zaskrtaj vpravo vsetko a spusti scan. Po jeho ukonceni klik na "Copy" a vloz log c. 2.

2) Stiahni RootRepeal. Spustis program, kliknes na "Report" -> "Scan" a zafajknes vsetky polozky. Stlac "OK" a spusti sa scan. Po jeho dokonceni klik na "Save Report" a vzniknuty log skopiruj sem.

Btw, nemas nainstalovany qip?

JanHonJan · Příspěvek od **JanHonJan** » 20 srp 2009 13:09

Prostě mám ten pocit

, měl jsem keylogger, a po startu vyskočí avast! s tím, že mám další virus, ...

QIP mám, ale nepoužívám ho.

Tady je první log z GMERu:

Kód: Vybrat vše

GMER 1.0.15.15077 [gmer.exe] - http://www.gmer.net
Rootkit quick scan 2009-08-20 13:09:43
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

SSDT            spqu.sys                     ZwEnumerateKey [0xF74CDCA2]
SSDT            spqu.sys                     ZwEnumerateValueKey [0xF74CE030]

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs       8972B1F8

AttachedDevice  \FileSystem\Ntfs \Ntfs       aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice  \Driver\Tcpip \Device\Ip     aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice  \Driver\Tcpip \Device\Tcp    aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice  \Driver\Tcpip \Device\Udp    aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice  \Driver\Tcpip \Device\RawIp  aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----

Druhý log bohužel nemám; když jsem pustil scan, šel jsem na chvíli pryč od PC, a když jsem se vrátil, monitor byl zaplý, ale celá obrazovka byla černá, takže jsem PC vypnul opět "natvrdo".

A tady je log z RootRepeal:

Kód: Vybrat vše

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:		2009/08/20 13:26
Program Version:		Version 1.3.5.0
Windows Version:		Windows XP SP2
==================================================

Drivers
-------------------
Name: mppwS.sys
Image Path: C:\DOCUME~1\JANHON~1\LOCALS~1\Temp\mppwS.sys
Address: 0xAD5FB000	Size: 84352	File Visible: No	Signed: -
Status: -

Name: PCI_PNP9234
Image Path: \Driver\PCI_PNP9234
Address: 0x00000000	Size: 0	File Visible: No	Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xAE25E000	Size: 49152	File Visible: No	Signed: -
Status: -

Name: spjw.sys
Image Path: spjw.sys
Address: 0xF74AE000	Size: 1048576	File Visible: No	Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000	Size: 0	File Visible: No	Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\Documents and Settings\JanHonJan\Data aplikací\Mozilla\Firefox\Profiles\buv56uf4.default\sessionstore.js
Status: Could not get file information (Error 0xc0000008)

Path: c:\documents and settings\janhonjan\local settings\data aplikací\mozilla\firefox\profiles\buv56uf4.default\cache\_cache_001_
Status: Size mismatch (API: 855816, Raw: 845899)

Path: c:\documents and settings\janhonjan\local settings\data aplikací\mozilla\firefox\profiles\buv56uf4.default\cache\_cache_002_
Status: Size mismatch (API: 1336886, Raw: 1325889)

Path: c:\documents and settings\janhonjan\local settings\data aplikací\mozilla\firefox\profiles\buv56uf4.default\cache\_cache_003_
Status: Size mismatch (API: 1911868, Raw: 1863834)

Path: C:\Documents and Settings\JanHonJan\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\buv56uf4.default\Cache\25A922D3d01
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\JanHonJan\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\buv56uf4.default\Cache\2BF323ACd01
Status: Visible to the Windows API, but not on disk.

SSDT
-------------------
#: 025	Function Name: NtClose
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb07cc6b8

#: 041	Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb07cc574

#: 065	Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb07cca52

#: 068	Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb07cc14c

#: 071	Function Name: NtEnumerateKey
Status: Hooked by "spjw.sys" at address 0xf74cdca2

#: 073	Function Name: NtEnumerateValueKey
Status: Hooked by "spjw.sys" at address 0xf74ce030

#: 119	Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb07cc64e

#: 122	Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb07cc08c

#: 128	Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb07cc0f0

#: 160	Function Name: NtQueryKey
Status: Hooked by "spjw.sys" at address 0xf74ce108

#: 177	Function Name: NtQueryValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb07cc76e

#: 204	Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb07cc72e

#: 247	Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb07cc8ae

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System	Address: 0x8972b1f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System	Address: 0x8972b1f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System	Address: 0x8972b1f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System	Address: 0x8972b1f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System	Address: 0x8972b1f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System	Address: 0x8972b1f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System	Address: 0x8972b1f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System	Address: 0x8972b1f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x8972b1f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System	Address: 0x8972b1f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System	Address: 0x8972b1f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System	Address: 0x8972b1f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System	Address: 0x8972b1f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x8972b1f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x8972b1f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System	Address: 0x8972b1f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System	Address: 0x8972b1f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System	Address: 0x8972b1f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System	Address: 0x8972b1f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System	Address: 0x8972b1f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System	Address: 0x8972b1f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System	Address: 0x8972b1f8	Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]
Process: System	Address: 0x8972c1f8	Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]
Process: System	Address: 0x8972c1f8	Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x8972c1f8	Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]
Process: System	Address: 0x8972c1f8	Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x8972c1f8	Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]
Process: System	Address: 0x8972c1f8	Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System	Address: 0x8947b418	Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System	Address: 0x8947b418	Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System	Address: 0x8947b418	Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System	Address: 0x8947b418	Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x8947b418	Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x8947b418	Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x8947b418	Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x8947b418	Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System	Address: 0x8947b418	Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x8947b418	Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System	Address: 0x8947b418	Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE]
Process: System	Address: 0x897991f8	Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE]
Process: System	Address: 0x897991f8	Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_READ]
Process: System	Address: 0x897991f8	Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE]
Process: System	Address: 0x897991f8	Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x897991f8	Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x897991f8	Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x897991f8	Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x897991f8	Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_POWER]
Process: System	Address: 0x897991f8	Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x897991f8	Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_PNP]
Process: System	Address: 0x897991f8	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System	Address: 0x895dc1f8	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System	Address: 0x895dc1f8	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x895dc1f8	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x895dc1f8	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System	Address: 0x895dc1f8	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x895dc1f8	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System	Address: 0x895dc1f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System	Address: 0x8972d1f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System	Address: 0x8972d1f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System	Address: 0x8972d1f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x8972d1f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x8972d1f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x8972d1f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x8972d1f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System	Address: 0x8972d1f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System	Address: 0x8972d1f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x8972d1f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System	Address: 0x8972d1f8	Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System	Address: 0x893bd500	Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System	Address: 0x893bd500	Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x893bd500	Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x893bd500	Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System	Address: 0x893bd500	Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System	Address: 0x893bd500	Size: 121

Object: Hidden Code [Driver: av0enpy0ȅఉ瑎捦܉@考, IRP_MJ_CREATE]
Process: System	Address: 0x89322500	Size: 121

Object: Hidden Code [Driver: av0enpy0ȅఉ瑎捦܉@考, IRP_MJ_CLOSE]
Process: System	Address: 0x89322500	Size: 121

Object: Hidden Code [Driver: av0enpy0ȅఉ瑎捦܉@考, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x89322500	Size: 121

Object: Hidden Code [Driver: av0enpy0ȅఉ瑎捦܉@考, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x89322500	Size: 121

Object: Hidden Code [Driver: av0enpy0ȅఉ瑎捦܉@考, IRP_MJ_POWER]
Process: System	Address: 0x89322500	Size: 121

Object: Hidden Code [Driver: av0enpy0ȅఉ瑎捦܉@考, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x89322500	Size: 121

Object: Hidden Code [Driver: av0enpy0ȅఉ瑎捦܉@考, IRP_MJ_PNP]
Process: System	Address: 0x89322500	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System	Address: 0x893b5368	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System	Address: 0x893b5368	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x893b5368	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x893b5368	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System	Address: 0x893b5368	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x893b5368	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System	Address: 0x893b5368	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System	Address: 0x893131f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System	Address: 0x893131f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System	Address: 0x893131f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System	Address: 0x893131f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System	Address: 0x893131f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System	Address: 0x893131f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System	Address: 0x893131f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System	Address: 0x893131f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System	Address: 0x893131f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x893131f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System	Address: 0x893131f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System	Address: 0x893131f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System	Address: 0x893131f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System	Address: 0x893131f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x893131f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x893131f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x893131f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System	Address: 0x893131f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System	Address: 0x893131f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System	Address: 0x893131f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System	Address: 0x893131f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System	Address: 0x893131f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System	Address: 0x893131f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x893131f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System	Address: 0x893131f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System	Address: 0x893131f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System	Address: 0x893131f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System	Address: 0x893131f8	Size: 121

Object: Hidden Code [Driver: CdfsЅఈ牓䍓㩼㩼꯰襯㩐ᡜ멳壬, IRP_MJ_CREATE]
Process: System	Address: 0x88c4e1f8	Size: 121

Object: Hidden Code [Driver: CdfsЅఈ牓䍓㩼㩼꯰襯㩐ᡜ멳壬, IRP_MJ_CLOSE]
Process: System	Address: 0x88c4e1f8	Size: 121

Object: Hidden Code [Driver: CdfsЅఈ牓䍓㩼㩼꯰襯㩐ᡜ멳壬, IRP_MJ_READ]
Process: System	Address: 0x88c4e1f8	Size: 121

Object: Hidden Code [Driver: CdfsЅఈ牓䍓㩼㩼꯰襯㩐ᡜ멳壬, IRP_MJ_QUERY_INFORMATION]
Process: System	Address: 0x88c4e1f8	Size: 121

Object: Hidden Code [Driver: CdfsЅఈ牓䍓㩼㩼꯰襯㩐ᡜ멳壬, IRP_MJ_SET_INFORMATION]
Process: System	Address: 0x88c4e1f8	Size: 121

Object: Hidden Code [Driver: CdfsЅఈ牓䍓㩼㩼꯰襯㩐ᡜ멳壬, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System	Address: 0x88c4e1f8	Size: 121

Object: Hidden Code [Driver: CdfsЅఈ牓䍓㩼㩼꯰襯㩐ᡜ멳壬, IRP_MJ_DIRECTORY_CONTROL]
Process: System	Address: 0x88c4e1f8	Size: 121

Object: Hidden Code [Driver: CdfsЅఈ牓䍓㩼㩼꯰襯㩐ᡜ멳壬, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System	Address: 0x88c4e1f8	Size: 121

Object: Hidden Code [Driver: CdfsЅఈ牓䍓㩼㩼꯰襯㩐ᡜ멳壬, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x88c4e1f8	Size: 121

Object: Hidden Code [Driver: CdfsЅఈ牓䍓㩼㩼꯰襯㩐ᡜ멳壬, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x88c4e1f8	Size: 121

Object: Hidden Code [Driver: CdfsЅఈ牓䍓㩼㩼꯰襯㩐ᡜ멳壬, IRP_MJ_LOCK_CONTROL]
Process: System	Address: 0x88c4e1f8	Size: 121

Object: Hidden Code [Driver: CdfsЅఈ牓䍓㩼㩼꯰襯㩐ᡜ멳壬, IRP_MJ_CLEANUP]
Process: System	Address: 0x88c4e1f8	Size: 121

Object: Hidden Code [Driver: CdfsЅఈ牓䍓㩼㩼꯰襯㩐ᡜ멳壬, IRP_MJ_PNP]
Process: System	Address: 0x88c4e1f8	Size: 121

==EOF==

pitimir · Příspěvek od **pitimir** » 20 srp 2009 16:42

JanHonJan píše:...Prostě mám ten pocit ...

Toto neberiem, aj ja mam vselijake pocity

JanHonJan píše:...a po startu vyskočí avast! s tím, že mám další virus...

Kedy a kde?

Rootkita nemas.

JanHonJan · Příspěvek od **JanHonJan** » 20 srp 2009 18:04

Po startu PC vyskočil

. Teď už neskáče. A ani ta chyba týkající se 2.exe ne, takže ... DÍKY MOC

. Doufám, že už tady nic není, jdu měnit hesla

.

PC-HELP.CZ

CNEWS

Prosím o kontrolu, asi mám virus

Re: Prosím o kontrolu, asi mám virus

Re: Prosím o kontrolu, asi mám virus

Re: Prosím o kontrolu, asi mám virus

Re: Prosím o kontrolu, asi mám virus

Re: Prosím o kontrolu, asi mám virus

Re: Prosím o kontrolu, asi mám virus

Re: Prosím o kontrolu, asi mám virus

Re: Prosím o kontrolu, asi mám virus

Re: Prosím o kontrolu, asi mám virus

Re: Prosím o kontrolu, asi mám virus

Re: Prosím o kontrolu, asi mám virus