[ Príspevkov: 29 ] 
AutorSpráva
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 06.03.09
Prihlásený: 31.03.14
Príspevky: 70
Témy: 17 | 17
NapísalOffline : 22.05.2009 22:46 | PROSIM POMOZTE S VIRUSOM !!!

Zdravim mal som alebo mam virusy.... no nod ich pravdepodobne vymazal a uz nenachadza ziadne no zda sa mi ze problemy co mam sposobili alebo sposobuju virusy... no napriklad mi nefunguje obnovovanie systemu a ani vytvorenie bodu a programy co som si stiahol co su urcene na virusy a podobne svinstvo idu sice nainstalovat ale nejdu spustit... prosim pomozte asi mam stale zavireny pocitac... neviem si dat rady... DAKUEJM PEKNE :)
A este som som zabudol ze mi nejde otvorit disky dvojitym kliknutim a vypisuje ze system nemoze najst subor recycler.... toto som uz aj opravil tu na fore co som nasiel trik na to len zase mi to vypisuje...


Offline

Užívateľ
Užívateľ
PROSIM POMOZTE S VIRUSOM !!!

Registrovaný: 07.04.06
Prihlásený: 16.12.14
Príspevky: 3071
Témy: 119 | 119
Bydlisko: Nitra
NapísalOffline : 22.05.2009 22:53 | PROSIM POMOZTE S VIRUSOM !!!

skus v safe mode este precistit poradne PC, a ked nic nepomaha urcte ti pomoze reinstall winu


_________________
nemam rad ludi ktori hladaju dovody preco by to neslo .. ale krasni su ludia ktori hladaju dovody akoby to slo ....
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 06.03.09
Prihlásený: 31.03.14
Príspevky: 70
Témy: 17 | 17
Napísal autor témyOffline : 22.05.2009 22:55 | PROSIM POMOZTE S VIRUSOM !!!

Ako myslis ze precistit pc ? cim prosim ta ?


Offline

Užívateľ
Užívateľ
PROSIM POMOZTE S VIRUSOM !!!

Registrovaný: 07.04.06
Prihlásený: 16.12.14
Príspevky: 3071
Témy: 119 | 119
Bydlisko: Nitra
NapísalOffline : 22.05.2009 22:57 | PROSIM POMOZTE S VIRUSOM !!!

:D prejdes do safe modu, a potom spustai antivirus, antispyware a precistis registre :)


_________________
nemam rad ludi ktori hladaju dovody preco by to neslo .. ale krasni su ludia ktori hladaju dovody akoby to slo ....
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 06.03.09
Prihlásený: 31.03.14
Príspevky: 70
Témy: 17 | 17
Napísal autor témyOffline : 22.05.2009 23:07 | PROSIM POMOZTE S VIRUSOM !!!

ale ved som pisal ze jedine co mi funguje je nod 32... ziadne antispyware mi nejdu spustit... help ! :(


Offline

Užívateľ
Užívateľ
PROSIM POMOZTE S VIRUSOM !!!

Registrovaný: 03.07.06
Prihlásený: 30.07.17
Príspevky: 1488
Témy: 73 | 73
Bydlisko: Martin
Vek: 27
NapísalOffline : 23.05.2009 0:19 | PROSIM POMOZTE S VIRUSOM !!!

skusal si ten nudzak?


_________________
OS: Windows 10 Pro CPU: AMD Phenom II X4 840 MB: ASRock 970 Extreme4 RAM: 2x2 GB DDR3 A-DATA 1600 MHz CL9 + 2x2 GB DDR3 Kingston 1600 MHz CL9 HDD: Intel 335 180 GB SSD & Seagate 2 TB HDD GPU: MSI GTX660 2 GB 2GD5/OC DVD-RW: ASUS 2014L1T SC: ASUS Xonar DG CASE: ASUS TA663 PSU: Seasonic 500W LCD: Samsung 2253LW
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 20.05.09
Prihlásený: 11.10.09
Príspevky: 266
Témy: 3 | 3
NapísalOffline : 23.05.2009 6:03 | PROSIM POMOZTE S VIRUSOM !!!

martinerik2 píše:
Zdravim mal som alebo mam virusy.... no nod ich pravdepodobne vymazal a uz nenachadza ziadne no zda sa mi ze problemy co mam sposobili alebo sposobuju virusy... no napriklad mi nefunguje obnovovanie systemu a ani vytvorenie bodu a programy co som si stiahol co su urcene na virusy a podobne svinstvo idu sice nainstalovat ale nejdu spustit... prosim pomozte asi mam stale zavireny pocitac... neviem si dat rady... DAKUEJM PEKNE :)
A este som som zabudol ze mi nejde otvorit disky dvojitym kliknutim a vypisuje ze system nemoze najst subor recycler.... toto som uz aj opravil tu na fore co som nasiel trik na to len zase mi to vypisuje...


Skus tam nahodit superantispirvare pokial ti ide net aby sa aktualizoval alebo hdd na druhy počitač a odvirit


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 06.03.09
Prihlásený: 31.03.14
Príspevky: 70
Témy: 17 | 17
Napísal autor témyOffline : 23.05.2009 8:41 | PROSIM POMOZTE S VIRUSOM !!!

Ano skusal som nudzak... ani v nom nejdu spustit programy na to svinstvo :jaw: Tak mi prosim vas niekto poradte nieco... hlavne aby som nemusel mazat disk mam ho plny udajov... A este som zabudol ze sa mi RESTARTUJE A ZAMRZA PC velmi casto...


Offline

Skúsený užívateľ
Skúsený užívateľ
PROSIM POMOZTE S VIRUSOM !!!

Registrovaný: 22.03.07
Prihlásený: 14.06.14
Príspevky: 2108
Témy: 15 | 15
Bydlisko: Bratislava V
NapísalOffline : 23.05.2009 13:01 | PROSIM POMOZTE S VIRUSOM !!!

Pošli UPM log.


_________________
DESKTOP: Intel Pentium Dual Core E2180, Gigabyte GA-P31-DS3L, 3GB DDR2 800Mhz, ASUS Radeon HD3650 256MB, ASUS DRW-1608P3S, Hitachi Deskstar T7K250 160GB, Fortron FSP350-60GLN
NTB: HP 510: Intel Celeron M360, 512MB DDR2 533MHz, Intel GMA 900, Hitachi Travelstar 4K120 40GB, Sony CRX880A
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 06.03.09
Prihlásený: 31.03.14
Príspevky: 70
Témy: 17 | 17
Napísal autor témyOffline : 23.05.2009 18:36 | PROSIM POMOZTE S VIRUSOM !!!

T u je ten log... tak helpnite odbornici... :)

Windows XP SP 3 (build 2600)
Boot Mode: Normal
Overení sůborů Microsoftu: Áno
Whitelist: Áno
Internet Explorer v6.00.2900.5512 (xpsp.080413-2105)
Log vygenerovaný:23.5.2009 18:33:37
================================================================

SmallARK
================================================================
[R]NtCreateKey -> C:\WINDOWS\system32\drivers\PCTCore.sys
[R]NtCreateProcess -> C:\WINDOWS\system32\drivers\PCTCore.sys
[R]NtCreateProcessEx -> C:\WINDOWS\system32\drivers\PCTCore.sys
[R]NtDeleteKey -> C:\WINDOWS\system32\drivers\PCTCore.sys
[R]NtDeleteValueKey -> C:\WINDOWS\system32\drivers\PCTCore.sys
[?]NtEnumerateKey -> spsv.sys
[?]NtEnumerateValueKey -> spsv.sys
[R]NtOpenKey -> C:\WINDOWS\system32\drivers\PCTCore.sys
[?]NtQueryKey -> spsv.sys
[?]NtQueryValueKey -> spsv.sys
[R]NtRenameKey -> C:\WINDOWS\system32\drivers\PCTCore.sys
[R]NtSetValueKey -> C:\WINDOWS\system32\drivers\PCTCore.sys
[R]NtTerminateProcess -> C:\WINDOWS\system32\drivers\PCTCore.sys


Bežiace procesy
================================================================

C:\WINDOWS\RTHDCPL.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\WINDOWS\SYSTEM32\NVSVC32.EXE
C:\PROGRAM FILES\CANON\CAL\CALMAIN.EXE
C:\DOCUMENTS AND SETTINGS\MARTIN\DESKTOP\UPM.EXE

Scanner
================================================================
[S] explorer.exe
Spúšťa sa po štarte HKLM Winlogon [Shell]

[R] GoogleUpdate.exe
Spúšťa sa po štarte Job [GOOGLE~1.JOB]

[S] rundll32.exe
Spúšťa sa po štarte HKLM Run [NvCplDaemon]

[?] RTHDCPL.EXE
Spúšťa sa po štarte HKLM Run [RTHDCPL]

[?] winampa.exe
Bez výrobcu
Spúšťa sa po štarte HKLM Run [WinampAgent]
Súbor 25%

[R] jusched.exe
Spúšťa sa po štarte HKLM Run [SunJavaUpdateSched]

[R] egui.exe
Spúšťa sa po štarte HKLM Run [egui]

[S] ctfmon.exe
Spúšťa sa po štarte HKCU Run [CTFMON.EXE]

[?] nvsvc32.exe
Non Microsoft v System32:

[?] CALMAIN.exe
Nemá okno
Súbor 7%

[?] UPM.exe
Súbor 7%


Po spustení
================================================================

HKLM Run
|_ [?][NvCplDaemon] C:\WINDOWS\system32\NvCpl.dll ,NvStartup
|_ [?][NvMediaCenter] C:\WINDOWS\system32\NvMcTray.dll ,NvTaskbarInit
|_ [?][RTHDCPL] C:\WINDOWS\RTHDCPL.EXE
|_ [?][Alcmtr] C:\WINDOWS\ALCMTR.EXE
|_ [?][WinampAgent] C:\Program Files\Winamp\winampa.exe
|_ [R][egui] C:\Program Files\ESET\ESET Smart Security\egui.exe /hide /waitservice

HKLM IC
|_ [X][>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP (Súbor nebol nájdený)
|_ [?][{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] C:\WINDOWS\INF\msnetmtg.inf ,NetMtg.Install.PerUser.NT
|_ [?][{5945c046-1e7d-11d1-bc44-00c04fd912be}] C:\WINDOWS\INF\msmsgs.inf ,BLC.QuietInstall.PerUser
|_ [?][{6BF52A52-394A-11d3-B153-00C04F79FAA6}] C:\WINDOWS\INF\wmp11.inf ,PerUserStub
|_ [?][{89820200-ECBD-11cf-8B85-00AA005B4340}] regsvr32.exe /s /n /i:U shell32.dll

Job
|_ [X][{5B57C~1.JOB] C:\WINDOWS\TEMP\tempo-68906.tmp
|_ [X][{5B57C~1.JOB] C:\WINDOWS\TEMP\tempo-68906.tmp


HKLM BHO
|_ [?][{DBC80044-A445-435b-BC74-9C25C1C588A9}] C:\Program Files\Java\jre6\bin\jp2ssv.dll
|_ [?][{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

Služby (Zobraz bežiace: True, Zobraz zastavené: False, Zobraz i bezpečné: False)
================================================================
[?] Canon Camera Access Library 8
|_ Cesta: C:\Program Files\Canon\CAL\CALMAIN.exe
| |_ Výrobca: Canon Inc.
| |_ Popis: Canon Camera Access Library 8
| |_ MD5: 8EF654045E518AC00E52E7A1E2D3AD70
|
|_ Meno: CCALib8
|_ StartName: LocalSystem
|_ Typ spúšťania: Auto Start
|_ Status: Spustené
|_ Typ: Win32 Own Process
|_ Dependency: stisvc

[X] Služba Google Update (gupdate1c99bd1ca85b440)
|_ Cesta: C:\Program Files\Google\Update\GoogleUpdate.exe /svc
| |_ Výrobca:
| |_ Popis:
| |_ MD5:
|
|_ Meno: gupdate1c99bd1ca85b440
|_ StartName: LocalSystem
|_ Typ spúšťania: Auto Start
|_ Status: Zastavené
|_ Typ: Win32 Own Process
|_ Dependency: RPCSS

[X] Java Quick Starter
|_ Cesta: C:\Program Files\Java\jre6\bin\jqs.exe -service -config C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf
| |_ Výrobca:
| |_ Popis:
| |_ MD5:
|
|_ Meno: JavaQuickStarterService
|_ StartName: LocalSystem
|_ Typ spúšťania: Auto Start
|_ Status: Spustené
|_ Typ: Win32 Own Process
|_ Dependency:

[?] NVIDIA Display Driver Service
|_ Cesta: C:\WINDOWS\system32\nvsvc32.exe
| |_ Výrobca: NVIDIA Corporation
| |_ Popis: NVIDIA Driver Helper Service, Version 162.30
| |_ MD5: E534FBD8340B7C6C6A80589383430A53
|
|_ Meno: NVSvc
|_ StartName: LocalSystem
|_ Typ spúšťania: Auto Start
|_ Status: Spustené
|_ Typ: Win32 Own Process
|_ Dependency:


Ovládače (Zobraz bežiace: True, Zobraz zastavené: False, Zobraz i bezpečné: False)
================================================================
[?] Service for Realtek HD Audio (WDM)
|_ Cesta: C:\WINDOWS\system32\drivers\RtkHDAud.sys
| |_ Výrobca: Realtek Semiconductor Corp.
| |_ Popis: Realtek(r) High Definition Audio Function Driver
| |_ MD5: 81B7003BF13FF3AC95D7B2D4C2E8F787
|
|_ Meno: IntcAzAudAddService
|_ StartName:
|_ Typ spúšťania: Ručné spustenie
|_ Status: Spustené
|_ Typ: Kernel Driver
|_ Dependency:

[?] nv
|_ Cesta: C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
| |_ Výrobca: NVIDIA Corporation
| |_ Popis: NVIDIA Compatible Windows 2000 Miniport Driver, Version 162.30
| |_ MD5: FEE170F182D5167B6E06E490DD7B42D7
|
|_ Meno: nv
|_ StartName:
|_ Typ spúšťania: Ručné spustenie
|_ Status: Spustené
|_ Typ: Kernel Driver
|_ Dependency:

[?] Realtek 10/100/1000 PCI NIC Family NDIS XP Driver
|_ Cesta: C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
| |_ Výrobca: Realtek Semiconductor Corporation
| |_ Popis: Realtek 10/100/1000 NDIS 5.1 Driver
| |_ MD5: 1E11171C0B9989E1BDAA59E96B2E81C4
|
|_ Meno: RTL8023xp
|_ StartName:
|_ Typ spúšťania: Ručné spustenie
|_ Status: Spustené
|_ Typ: Kernel Driver
|_ Dependency:

[?] sptd
|_ Cesta: C:\WINDOWS\System32\Drivers\sptd.sys
| |_ Výrobca:
| |_ Popis:
| |_ MD5:
|
|_ Meno: sptd
|_ StartName:
|_ Typ spúšťania: Boot Start
|_ Status: Spustené
|_ Typ: Kernel Driver
|_ Dependency:

[?] Start1Driver
|_ Cesta: C:\WINDOWS\system32\drivers\Start1Driver.sys
| |_ Výrobca: F.Y.N. Technology Inc.
| |_ Popis: Start1Driver
| |_ MD5: 6CADDAF4119AAAD4B4DF4A14AA6DA95A
|
|_ Meno: Start1Driver
|_ StartName:
|_ Typ spúšťania: System Start
|_ Status: Spustené
|_ Typ: Kernel Driver
|_ Dependency:


lNetStat
================================================================
Typ: PID Proces Local <-> Remote Status
----------------------------------------------------------------------------------------
TCP (1280) svchost.exe 0.0.0.0:135 LISTENING
TCP (4) Systém 0.0.0.0:445 LISTENING
TCP (2372) alg.exe 127.0.0.1:1029 LISTENING
TCP (3084) firefox.exe 127.0.0.1:1035 <-> 127.0.0.1:1036 ESTABLISHED
TCP (3084) firefox.exe 127.0.0.1:1036 <-> 127.0.0.1:1035 ESTABLISHED
TCP (3084) firefox.exe 127.0.0.1:1043 <-> 127.0.0.1:1044 ESTABLISHED
TCP (3084) firefox.exe 127.0.0.1:1044 <-> 127.0.0.1:1043 ESTABLISHED
TCP (3084) firefox.exe 127.0.0.1:1075 <-> 127.0.0.1:30606 ESTABLISHED
TCP (3084) firefox.exe 127.0.0.1:1077 <-> 127.0.0.1:30606 ESTABLISHED
TCP (3084) firefox.exe 127.0.0.1:1119 <-> 127.0.0.1:30606 ESTABLISHED
TCP (3084) firefox.exe 127.0.0.1:1155 <-> 127.0.0.1:30606 ESTABLISHED
TCP (3084) firefox.exe 127.0.0.1:1157 <-> 127.0.0.1:30606 ESTABLISHED
TCP (3084) firefox.exe 127.0.0.1:1241 <-> 127.0.0.1:30606 ESTABLISHED
TCP (0) 127.0.0.1:1388 TIME_WAIT
TCP (0) 127.0.0.1:1390 TIME_WAIT
TCP (0) 127.0.0.1:1392 TIME_WAIT
TCP (0) 127.0.0.1:1394 TIME_WAIT
TCP (0) 127.0.0.1:1396 TIME_WAIT
TCP (0) 127.0.0.1:1398 TIME_WAIT
TCP (0) 127.0.0.1:1400 TIME_WAIT
TCP (0) 127.0.0.1:1402 TIME_WAIT
TCP (0) 127.0.0.1:1404 TIME_WAIT
TCP (0) 127.0.0.1:1408 TIME_WAIT
TCP (0) 127.0.0.1:1410 TIME_WAIT
TCP (0) 127.0.0.1:1411 TIME_WAIT
TCP (664) jusched.exe 127.0.0.1:1422 <-> 127.0.0.1:30606 ESTABLISHED
TCP (576) jqs.exe 127.0.0.1:5152 LISTENING
TCP (576) jqs.exe 127.0.0.1:5152 CLOSE_WAIT
TCP (1220) ekrn.exe 127.0.0.1:30606 LISTENING
TCP (1220) ekrn.exe 127.0.0.1:30606 <-> 127.0.0.1:1075 ESTABLISHED
TCP (1220) ekrn.exe 127.0.0.1:30606 <-> 127.0.0.1:1077 ESTABLISHED
TCP (1220) ekrn.exe 127.0.0.1:30606 <-> 127.0.0.1:1119 ESTABLISHED
TCP (1220) ekrn.exe 127.0.0.1:30606 <-> 127.0.0.1:1155 ESTABLISHED
TCP (1220) ekrn.exe 127.0.0.1:30606 <-> 127.0.0.1:1157 ESTABLISHED
TCP (1220) ekrn.exe 127.0.0.1:30606 <-> 127.0.0.1:1241 ESTABLISHED
TCP (0) 127.0.0.1:30606 TIME_WAIT
TCP (0) 127.0.0.1:30606 TIME_WAIT
TCP (0) 127.0.0.1:30606 TIME_WAIT
TCP (0) 127.0.0.1:30606 TIME_WAIT
TCP (0) 127.0.0.1:30606 TIME_WAIT
TCP (0) 127.0.0.1:30606 TIME_WAIT
TCP (0) 127.0.0.1:30606 TIME_WAIT
TCP (0) 127.0.0.1:30606 TIME_WAIT
TCP (0) 127.0.0.1:30606 TIME_WAIT
TCP (0) 127.0.0.1:30606 TIME_WAIT
TCP (1220) ekrn.exe 127.0.0.1:30606 <-> 127.0.0.1:1422 ESTABLISHED
TCP (0) 127.0.0.1:30606 TIME_WAIT
TCP (4) Systém 192.168.0.118:139 LISTENING
TCP (4) Systém 192.168.0.118:1054 CLOSE_WAIT
TCP (1220) ekrn.exe 192.168.0.118:1076 <-> 213.215.107.226:80 ESTABLISHED
TCP (1220) ekrn.exe 192.168.0.118:1078 <-> 213.215.107.226:80 ESTABLISHED
TCP (1220) ekrn.exe 192.168.0.118:1120 <-> 213.215.107.229:80 ESTABLISHED
TCP (1220) ekrn.exe 192.168.0.118:1156 <-> 213.215.107.225:80 ESTABLISHED
TCP (1220) ekrn.exe 192.168.0.118:1160 <-> 213.215.107.225:80 ESTABLISHED
TCP (1220) ekrn.exe 192.168.0.118:1242 <-> 213.215.107.218:80 ESTABLISHED
UDP (4) Systém 0.0.0.0:445 <-> 72.246.94.8:80 ESTABLISHED
UDP (1016) lsass.exe 0.0.0.0:500
UDP (1016) lsass.exe 0.0.0.0:4500
UDP (1404) svchost.exe 127.0.0.1:123
UDP (1608) svchost.exe 127.0.0.1:1900
UDP (1404) svchost.exe 192.168.0.118:123
UDP (4) Systém 192.168.0.118:137
UDP (4) Systém 192.168.0.118:138
UDP (1608) svchost.exe 192.168.0.118:1900

Moduly (Zobraz i bezpečné: False, Len bez výrobcu: True, Zobraz registrované: False)
================================================================
[?] unrar.dll
|_ Cesta: C:\Program Files\Lavasoft\Ad-Aware\unrar.dll
|_ MD5: A3922CD380F968B898DA4BB414C38900
|_ Výrobca:
|_ Procesy
|_ AAWService.exe (1656)

[?] softokn3.dll
|_ Cesta: C:\Program Files\Mozilla Firefox\softokn3.dll
|_ MD5: 387FDF44535C8781606004222B9F5E03
|_ Výrobca: Mozilla Foundation
|_ Procesy
|_ firefox.exe (3084)

[?] freebl3.dll
|_ Cesta: C:\Program Files\Mozilla Firefox\freebl3.dll
|_ MD5: 41E5778C1652AE497144E2C33EFDA723
|_ Výrobca: Mozilla Foundation
|_ Procesy
|_ firefox.exe (3084)



================================================================
Ultimate Process Manager v4.1.3 - [ Lodus Software ] - Not Registered =(


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 06.03.09
Prihlásený: 31.03.14
Príspevky: 70
Témy: 17 | 17
Napísal autor témyOffline : 23.05.2009 18:41 | PROSIM POMOZTE S VIRUSOM !!!

Linux píše:
omg zase všetci dávajú cool rady... :) prečist Nodom + antispyware... :lol:

//pokiaľ sa to nepodarilo odstrániť doteraz tak pochybujem že to týmto spôsobom pôjde...

jediná rozumná rada je do br4n0 ;) :)


Coze s tou roizumnou radou ? :-)


Offline

Užívateľ
Užívateľ
PROSIM POMOZTE S VIRUSOM !!!

Registrovaný: 01.08.08
Prihlásený: 08.02.15
Príspevky: 327
Témy: 24 | 24
Bydlisko: Galanta
NapísalOffline : 23.05.2009 19:40 | PROSIM POMOZTE S VIRUSOM !!!

Konkrétne ti neporadím,ale skús tu:

http://www.viry.cz/forum/

Tu majú riešenia na skoro všetko.Prípadné moje problémy v minulosti vždy
vyriešili.


_________________
MB:ASROCK K8NF3-VSTA,GK:Sapphire HD 2600 XT AGP,CPU:AMD Athlon 64 3200+,RAM:2x1Gb Kingston DDR400,TV Karta:AVER TV6 Analog,Zdroj:Fortron 650W,Monitor:ASUS VW 198S,DVD RW:ASUS DRW-2014L1T,HDD:Seagate 250GB+Maxtor 120Gb,Mouse:Microsoft USB Optical 4000,Case:A+ X-BLADE,OS:Windows XP Pro
NB:Toshiba Tecra A10-11M Windows Vista Business
Offline

Skúsený užívateľ
Skúsený užívateľ
PROSIM POMOZTE S VIRUSOM !!!

Registrovaný: 22.03.07
Prihlásený: 14.06.14
Príspevky: 2108
Témy: 15 | 15
Bydlisko: Bratislava V
NapísalOffline : 23.05.2009 21:25 | PROSIM POMOZTE S VIRUSOM !!!

V UPM zvoľ ďalšie nástroje - ovládače, pravý klik na Start1Driver a Odstrániť.
Ďalej zmaž C:\WINDOWS\Tasks\5B57C~1.JOB

Ešte by si mohol poslať log z rootrepeal.


_________________
DESKTOP: Intel Pentium Dual Core E2180, Gigabyte GA-P31-DS3L, 3GB DDR2 800Mhz, ASUS Radeon HD3650 256MB, ASUS DRW-1608P3S, Hitachi Deskstar T7K250 160GB, Fortron FSP350-60GLN
NTB: HP 510: Intel Celeron M360, 512MB DDR2 533MHz, Intel GMA 900, Hitachi Travelstar 4K120 40GB, Sony CRX880A
Offline

Užívateľ
Užívateľ
PROSIM POMOZTE S VIRUSOM !!!

Registrovaný: 06.07.08
Prihlásený: 09.07.14
Príspevky: 2331
Témy: 133 | 133
Bydlisko: Podhájska,S...
NapísalOffline : 23.05.2009 21:40 | PROSIM POMOZTE S VIRUSOM !!!

No dobre...takze stahovat mozes?Mozes napalit jedno cd?...ak aj tak odporucam toto:

http://www.secit.sk/content/navody?q=co ... tie-livecd

a ked nic tak skus...www.secit.sk


_________________
NB:Samsung 305V A6-3410MX
CPU:AMD® Quad-Core A6-3410MX (1,6 GHz, 4MB, 4 jadrá) GPU: Duálna graficka karta AMD Radeon™ HD6540G2 512MB GDDR3 RAM:4GB DDR3 1333Mhz HDD:640GB OS:Win7 Premium 64 bit
Mobil:iPhone 3G 8GB s Whited00r 5.2.1
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 06.03.09
Prihlásený: 31.03.14
Príspevky: 70
Témy: 17 | 17
Napísal autor témyOffline : 24.05.2009 14:19 | PROSIM POMOZTE S VIRUSOM !!!

br4n0 píše:
V UPM zvoľ ďalšie nástroje - ovládače, pravý klik na Start1Driver a Odstrániť.
Ďalej zmaž C:\WINDOWS\Tasks\5B57C~1.JOB

Ešte by si mohol poslať log z rootrepeal.


Z kade mam plis zmazat ten subor C:\WINDOWS\Tasks\5B57C~1.JOB ??? Lebo ho v UPM nemozem najst...


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 06.03.09
Prihlásený: 31.03.14
Príspevky: 70
Témy: 17 | 17
Napísal autor témyOffline : 24.05.2009 14:40 | PROSIM POMOZTE S VIRUSOM !!!

Tu je log z rootrepal... Vopred dakujem :)

ROOTREPEAL (c) AD, 2007-2008
==================================================
Scan Time: 2009/05/24 14:33
Program Version: Version 1.2.3.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF3650000 Size: 98304 File Visible: No
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7B0E000 Size: 8192 File Visible: No
Status: -

Name: gxvxcldyujolthipfqjwswwsrtudppetilfot.sys
Image Path: C:\WINDOWS\system32\drivers\gxvxcldyujolthipfqjwswwsrtudppetilfot.sys
Address: 0xF3819000 Size: 122880 File Visible: -
Status: Hidden from Windows API!

Name: PCI_PNP8000
Image Path: \Driver\PCI_PNP8000
Address: 0x00000000 Size: 0 File Visible: No
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xBA44B000 Size: 45056 File Visible: No
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No
Status: -

Name: spub.sys
Image Path: spub.sys
Address: 0xF744C000 Size: 1052672 File Visible: No
Status: -

Name: Start1Driver.SYS
Image Path: C:\WINDOWS\System32\Drivers\Start1Driver.SYS
Address: 0xF790E000 Size: 28672 File Visible: No
Status: -

Hidden/Locked Files
-------------------
Path: C:\Program Files\heels\DA_BRI~1.MPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\DA_MAR~1.MPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\GINA&L~1.ZIP:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\GL-FW3~2.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\GL-FW3~3.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\GL-FW3~1.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\KARINA~1.ZIP:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\MGB_BR~1.MPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\PLIB_N~1.MPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\system32\gxvxccounter
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\gxvxckptepbvytaeyxjeojxuqmnrrseurkvuk.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\gxvxcpxrdltareqgooeukdairogqvegoxubqa.dll
Status: Invisible to the Windows API!

Path: C:\Program Files\heels\total new\POVPAN~2.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\total new\POVPAN~1.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\red\JB07DC~1.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\system32\drivers\gxvxcbqoewprrskltoijnbgkvdkmxfqvoyirw.sys
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\drivers\gxvxckneswxrpnwmiecpjnrjlvmxtqjisqswo.sys
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\drivers\gxvxcldyujolthipfqjwswwsrtudppetilfot.sys
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\drivers\gxvxcowftowqbdqomqxfcxrxhkdkbxrmpxuhj.sys
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\drivers\gxvxcqxsduymawofjgewivaqrxmpcimnwhose.sys
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\drivers\gxvxcwwkteooqxrxumejpyavchosrtxnrirsn.sys
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Martin\Local Settings\Temp\etilqs_SeDNqXsi7FLs1CnLIt6A
Status: Allocation size mismatch (API: 32768, Raw: 0)

Path: C:\Program Files\heels\ny\cd1\NY5009~1.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\ny\cd1\NYLON_~3.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\ny\cd1\NY5809~1.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\ny\cd1\NYLON_~4.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\ny\cd1\NY5019~1.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\ny\cd1\NYLON_~1.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\ny\cd1\NYLON_~2.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\ny\cd1\NY5C19~1.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\ny\cd2\NYLON_~1.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\ny\cd2\NYLON_~2.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\ny\cd2\NYLON_~4.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\ny\cd2\NYDC09~1.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\ny\cd2\NYD019~1.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\ny\cd2\NYD419~1.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\ny\cd2\NYD819~1.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\wk5extt3.default\sessionstore.js
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Martin\Local Settings\Application Data\Mozilla\Firefox\Profiles\wk5extt3.default\Cache\_CACHE_001_
Status: Size mismatch (API: 1085233, Raw: 1084609)

Path: E:\NOVE\Sd8V55.rar:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: E:\NOVE\VALENT~1.ZIP:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: E:\NOVE\7929VH~1.AVI:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "PCTCore.sys" at address 0xf735b514

#: 047 Function Name: NtCreateProcess
Status: Hooked by "PCTCore.sys" at address 0xf734a282

#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "PCTCore.sys" at address 0xf734a474

#: 063 Function Name: NtDeleteKey
Status: Hooked by "PCTCore.sys" at address 0xf735bd00

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "PCTCore.sys" at address 0xf735bfb8

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "spub.sys" at address 0xf746bca4

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "spub.sys" at address 0xf746c032

#: 119 Function Name: NtOpenKey
Status: Hooked by "PCTCore.sys" at address 0xf735a3fa

#: 160 Function Name: NtQueryKey
Status: Hooked by "spub.sys" at address 0xf746c10a

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "spub.sys" at address 0xf746bf8a

#: 192 Function Name: NtRenameKey
Status: Hooked by "PCTCore.sys" at address 0xf735c422

#: 247 Function Name: NtSetValueKey
Status: Hooked by "PCTCore.sys" at address 0xf735b7d8

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "PCTCore.sys" at address 0xf7349f32

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x86c841f8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x86c841f8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x86c841f8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x86c841f8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86c841f8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86c841f8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86c841f8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86c841f8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x86c841f8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86c841f8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x86c841f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE]
Process: System Address: 0x86fd81f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE]
Process: System Address: 0x86fd81f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_READ]
Process: System Address: 0x86fd81f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE]
Process: System Address: 0x86fd81f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86fd81f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86fd81f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86fd81f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86fd81f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_POWER]
Process: System Address: 0x86fd81f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86fd81f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_PNP]
Process: System Address: 0x86fd81f8 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System Address: 0x86cce1f8 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System Address: 0x86cce1f8 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86cce1f8 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86cce1f8 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System Address: 0x86cce1f8 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86cce1f8 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System Address: 0x86cce1f8 Size: -

Object: Hidden Code [Driver: axlskjy1؅ఐ卆浩", IRP_MJ_CREATE]
Process: System Address: 0x86c601f8 Size: -

Object: Hidden Code [Driver: axlskjy1؅ఐ卆浩", IRP_MJ_CLOSE]
Process: System Address: 0x86c601f8 Size: -

Object: Hidden Code [Driver: axlskjy1؅ఐ卆浩", IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86c601f8 Size: -

Object: Hidden Code [Driver: axlskjy1؅ఐ卆浩", IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86c601f8 Size: -

Object: Hidden Code [Driver: axlskjy1؅ఐ卆浩", IRP_MJ_POWER]
Process: System Address: 0x86c601f8 Size: -

Object: Hidden Code [Driver: axlskjy1؅ఐ卆浩", IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86c601f8 Size: -

Object: Hidden Code [Driver: axlskjy1؅ఐ卆浩", IRP_MJ_PNP]
Process: System Address: 0x86c601f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x86f691f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x86f691f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x86f691f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86f691f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86f691f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86f691f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86f691f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x86f691f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x86f691f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86f691f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x86f691f8 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x8626a1f8 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x8626a1f8 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8626a1f8 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8626a1f8 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x8626a1f8 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x8626a1f8 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x86ca11f8 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x86ca11f8 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86ca11f8 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86ca11f8 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x86ca11f8 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86ca11f8 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x86ca11f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x8626c1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x8626c1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x8626c1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x8626c1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x8626c1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8626c1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8626c1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x8626c1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x8626c1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8626c1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8626c1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8626c1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8626c1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8626c1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8626c1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8626c1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8626c1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8626c1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x8626c1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x8626c1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8626c1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8626c1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x8626c1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8626c1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x8626c1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8626c1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8626c1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x8626c1f8 Size: -

Object: Hidden Code [Driver: Program F, IRP_MJ_CREATE]
Process: System Address: 0x867a8500 Size: -

Object: Hidden Code [Driver: Program F, IRP_MJ_CLOSE]
Process: System Address: 0x867a8500 Size: -

Object: Hidden Code [Driver: Program F, IRP_MJ_READ]
Process: System Address: 0x867a8500 Size: -

Object: Hidden Code [Driver: Program F, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x867a8500 Size: -

Object: Hidden Code [Driver: Program F, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x867a8500 Size: -

Object: Hidden Code [Driver: Program F, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x867a8500 Size: -

Object: Hidden Code [Driver: Program F, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x867a8500 Size: -

Object: Hidden Code [Driver: Program F, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x867a8500 Size: -

Object: Hidden Code [Driver: Program F, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x867a8500 Size: -

Object: Hidden Code [Driver: Program F, IRP_MJ_SHUTDOWN]
Process: System Address: 0x867a8500 Size: -

Object: Hidden Code [Driver: Program F, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x867a8500 Size: -

Object: Hidden Code [Driver: Program F, IRP_MJ_CLEANUP]
Process: System Address: 0x867a8500 Size: -

Object: Hidden Code [Driver: Program F, IRP_MJ_PNP]
Process: System Address: 0x867a8500 Size: -

Hidden Services
-------------------
Service Name: gxvxcserv.sys
Image Path: C:\WINDOWS\system32\drivers\gxvxcldyujolthipfqjwswwsrtudppetilfot.sys


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 06.03.09
Prihlásený: 31.03.14
Príspevky: 70
Témy: 17 | 17
Napísal autor témyOffline : 24.05.2009 19:26 | PROSIM POMOZTE S VIRUSOM !!!

martinerik2 píše:
Z kade mam plis zmazat ten subor C:\WINDOWS\Tasks\5B57C~1.JOB ??? Lebo ho v UPM nemozem najst...
No nemozem ho najst ani vo windovse pomocou vyhladavania tak neviem...


Offline

Skúsený užívateľ
Skúsený užívateľ
PROSIM POMOZTE S VIRUSOM !!!

Registrovaný: 22.03.07
Prihlásený: 14.06.14
Príspevky: 2108
Témy: 15 | 15
Bydlisko: Bratislava V
NapísalOffline : 25.05.2009 13:20 | PROSIM POMOZTE S VIRUSOM !!!

Pozri sa do C:\WINDOWS\Tasks (v UPM ďalšie nástroje - Súbory - Prechádzať a potom Zmazať). Názov bude dlhší. Ak nenájdeš, nevadí. Ešte vymaž C:\WINDOWS\TEMP\tempo-68906.tmp

Ak sa dá, reštartni do núdzového režimu (F8 pri bootovaní)

V RooRepeal na uvedených záložkách zvoľ Scan a potom pravý klik na uvedené súbory a Force Delete (ak nepôjde, tak Wipe File)

Drivers:
Name: gxvxcldyujolthipfqjwswwsrtudppetilfot.sys
Image Path: C:\WINDOWS\system32\drivers\gxvxcldyujolthipfqjwswwsrtudppetilfot.sys

Name: Start1Driver.SYS
Image Path: C:\WINDOWS\System32\Drivers\Start1Driver.SYS


Files:
C:\WINDOWS\system32\gxvxccounter
C:\WINDOWS\system32\gxvxckptepbvytaeyxjeojxuqmnrrseurkvuk.dll
C:\WINDOWS\system32\gxvxcpxrdltareqgooeukdairogqvegoxubqa.dll
C:\WINDOWS\system32\drivers\gxvxcbqoewprrskltoijnbgkvdkmxfqvoyirw.sys
C:\WINDOWS\system32\drivers\gxvxckneswxrpnwmiecpjnrjlvmxtqjisqswo.sys
C:\WINDOWS\system32\drivers\gxvxcowftowqbdqomqxfcxrxhkdkbxrmpxuhj.sys
C:\WINDOWS\system32\drivers\gxvxcqxsduymawofjgewivaqrxmpcimnwhose.sys
C:\WINDOWS\system32\drivers\gxvxcwwkteooqxrxumejpyavchosrtxnrirsn.sys

Reštartni a pošli nový log.


_________________
DESKTOP: Intel Pentium Dual Core E2180, Gigabyte GA-P31-DS3L, 3GB DDR2 800Mhz, ASUS Radeon HD3650 256MB, ASUS DRW-1608P3S, Hitachi Deskstar T7K250 160GB, Fortron FSP350-60GLN
NTB: HP 510: Intel Celeron M360, 512MB DDR2 533MHz, Intel GMA 900, Hitachi Travelstar 4K120 40GB, Sony CRX880A
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 06.03.09
Prihlásený: 31.03.14
Príspevky: 70
Témy: 17 | 17
Napísal autor témyOffline : 25.05.2009 15:32 | PROSIM POMOZTE S VIRUSOM !!!

tu je dalsi log z rootrepalu... neviem ci sa mi vsetko podarilo... vopred dakujem :D

ROOTREPEAL (c) AD, 2007-2008
==================================================
Scan Time: 2009/05/25 15:26
Program Version: Version 1.2.3.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF34F9000 Size: 98304 File Visible: No
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7AB6000 Size: 8192 File Visible: No
Status: -

Name: PCI_PNP1248
Image Path: \Driver\PCI_PNP1248
Address: 0x00000000 Size: 0 File Visible: No
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xBA21A000 Size: 45056 File Visible: No
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No
Status: -

Name: spzw.sys
Image Path: spzw.sys
Address: 0xF744C000 Size: 1052672 File Visible: No
Status: -

Hidden/Locked Files
-------------------
Path: C:\Program Files\heels\DA_BRI~1.MPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\DA_MAR~1.MPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\GINA&L~1.ZIP:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\GL-FW3~2.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\GL-FW3~3.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\GL-FW3~1.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\KARINA~1.ZIP:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\MGB_BR~1.MPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\PLIB_N~1.MPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\total new\POVPAN~2.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\total new\POVPAN~1.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\red\JB07DC~1.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Martin\Local Settings\Temp\etilqs_aZUNjpRXNQ7R0UcQEPxn
Status: Allocation size mismatch (API: 32768, Raw: 0)

Path: C:\Program Files\heels\ny\cd1\NY5009~1.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\ny\cd1\NYLON_~3.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\ny\cd1\NY5809~1.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\ny\cd1\NYLON_~4.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\ny\cd1\NY5019~1.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\ny\cd1\NYLON_~1.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\ny\cd1\NYLON_~2.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\ny\cd1\NY5C19~1.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\ny\cd2\NYLON_~1.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\ny\cd2\NYLON_~2.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\ny\cd2\NYLON_~4.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\ny\cd2\NYDC09~1.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\ny\cd2\NYD019~1.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\ny\cd2\NYD419~1.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\ny\cd2\NYD819~1.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: E:\NOVE\Sd8V55.rar:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: E:\NOVE\VALENT~1.ZIP:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: E:\NOVE\7929VH~1.AVI:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "PCTCore.sys" at address 0xf735b514

#: 047 Function Name: NtCreateProcess
Status: Hooked by "PCTCore.sys" at address 0xf734a282

#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "PCTCore.sys" at address 0xf734a474

#: 063 Function Name: NtDeleteKey
Status: Hooked by "PCTCore.sys" at address 0xf735bd00

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "PCTCore.sys" at address 0xf735bfb8

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "spzw.sys" at address 0xf746bca4

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "spzw.sys" at address 0xf746c032

#: 119 Function Name: NtOpenKey
Status: Hooked by "PCTCore.sys" at address 0xf735a3fa

#: 160 Function Name: NtQueryKey
Status: Hooked by "spzw.sys" at address 0xf746c10a

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "spzw.sys" at address 0xf746bf8a

#: 192 Function Name: NtRenameKey
Status: Hooked by "PCTCore.sys" at address 0xf735c422

#: 247 Function Name: NtSetValueKey
Status: Hooked by "PCTCore.sys" at address 0xf735b7d8

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "PCTCore.sys" at address 0xf7349f32

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x86c931f8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x86c931f8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x86c931f8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x86c931f8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86c931f8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86c931f8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86c931f8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86c931f8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x86c931f8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86c931f8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x86c931f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE]
Process: System Address: 0x86fd81f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE]
Process: System Address: 0x86fd81f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_READ]
Process: System Address: 0x86fd81f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE]
Process: System Address: 0x86fd81f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86fd81f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86fd81f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86fd81f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86fd81f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_POWER]
Process: System Address: 0x86fd81f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86fd81f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_PNP]
Process: System Address: 0x86fd81f8 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System Address: 0x86ce51f8 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System Address: 0x86ce51f8 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86ce51f8 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86ce51f8 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System Address: 0x86ce51f8 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86ce51f8 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System Address: 0x86ce51f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x86f691f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x86f691f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x86f691f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86f691f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86f691f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86f691f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86f691f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x86f691f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x86f691f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86f691f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x86f691f8 Size: -

Object: Hidden Code [Driver: sys, IRP_MJ_CREATE]
Process: System Address: 0x86c771f8 Size: -

Object: Hidden Code [Driver: sys, IRP_MJ_CLOSE]
Process: System Address: 0x86c771f8 Size: -

Object: Hidden Code [Driver: sys, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86c771f8 Size: -

Object: Hidden Code [Driver: sys, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86c771f8 Size: -

Object: Hidden Code [Driver: sys, IRP_MJ_POWER]
Process: System Address: 0x86c771f8 Size: -

Object: Hidden Code [Driver: sys, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86c771f8 Size: -

Object: Hidden Code [Driver: sys, IRP_MJ_PNP]
Process: System Address: 0x86c771f8 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x86c9e1f8 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x86c9e1f8 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86c9e1f8 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86c9e1f8 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x86c9e1f8 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x86c9e1f8 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x86cb81f8 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x86cb81f8 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86cb81f8 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86cb81f8 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x86cb81f8 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86cb81f8 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x86cb81f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x868c2500 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x868c2500 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x868c2500 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x868c2500 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x868c2500 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x868c2500 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x868c2500 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x868c2500 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x868c2500 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x868c2500 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x868c2500 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x868c2500 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x868c2500 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x868c2500 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x868c2500 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x868c2500 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x868c2500 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x868c2500 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x868c2500 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x868c2500 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x868c2500 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x868c2500 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x868c2500 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x868c2500 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x868c2500 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x868c2500 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x868c2500 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x868c2500 Size: -

Object: Hidden Code [Driver: Cdfsȅఊ祓ₐ¦¦覸, IRP_MJ_CREATE]
Process: System Address: 0x86559500 Size: -

Object: Hidden Code [Driver: Cdfsȅఊ祓ₐ¦¦覸, IRP_MJ_CLOSE]
Process: System Address: 0x86559500 Size: -

Object: Hidden Code [Driver: Cdfsȅఊ祓ₐ¦¦覸, IRP_MJ_READ]
Process: System Address: 0x86559500 Size: -

Object: Hidden Code [Driver: Cdfsȅఊ祓ₐ¦¦覸, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x86559500 Size: -

Object: Hidden Code [Driver: Cdfsȅఊ祓ₐ¦¦覸, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x86559500 Size: -

Object: Hidden Code [Driver: Cdfsȅఊ祓ₐ¦¦覸, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x86559500 Size: -

Object: Hidden Code [Driver: Cdfsȅఊ祓ₐ¦¦覸, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x86559500 Size: -

Object: Hidden Code [Driver: Cdfsȅఊ祓ₐ¦¦覸, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x86559500 Size: -

Object: Hidden Code [Driver: Cdfsȅఊ祓ₐ¦¦覸, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86559500 Size: -

Object: Hidden Code [Driver: Cdfsȅఊ祓ₐ¦¦覸, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86559500 Size: -

Object: Hidden Code [Driver: Cdfsȅఊ祓ₐ¦¦覸, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x86559500 Size: -

Object: Hidden Code [Driver: Cdfsȅఊ祓ₐ¦¦覸, IRP_MJ_CLEANUP]
Process: System Address: 0x86559500 Size: -

Object: Hidden Code [Driver: Cdfsȅఊ祓ₐ¦¦覸, IRP_MJ_PNP]
Process: System Address: 0x86559500 Size: -

Hidden Services
-------------------
Service Name: gxvxcserv.sys
Image Path: C:\WINDOWS\system32\drivers\gxvxcldyujolthipfqjwswwsrtudppetilfot.sys


Offline

Skúsený užívateľ
Skúsený užívateľ
PROSIM POMOZTE S VIRUSOM !!!

Registrovaný: 22.03.07
Prihlásený: 14.06.14
Príspevky: 2108
Témy: 15 | 15
Bydlisko: Bratislava V
NapísalOffline : 25.05.2009 16:29 | PROSIM POMOZTE S VIRUSOM !!!

Ešte to zopakuj v Services:
Service Name: gxvxcserv.sys
Image Path: C:\WINDOWS\system32\drivers\gxvxcldyujolthipfqjwswwsrtudppetilfot.sys

Reštartni a pošli log.


_________________
DESKTOP: Intel Pentium Dual Core E2180, Gigabyte GA-P31-DS3L, 3GB DDR2 800Mhz, ASUS Radeon HD3650 256MB, ASUS DRW-1608P3S, Hitachi Deskstar T7K250 160GB, Fortron FSP350-60GLN
NTB: HP 510: Intel Celeron M360, 512MB DDR2 533MHz, Intel GMA 900, Hitachi Travelstar 4K120 40GB, Sony CRX880A
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 06.03.09
Prihlásený: 31.03.14
Príspevky: 70
Témy: 17 | 17
Napísal autor témyOffline : 25.05.2009 16:31 | PROSIM POMOZTE S VIRUSOM !!!

ako v services ? mozes mi to prosim ta podrobnejsie popisat ?


Offline

Skúsený užívateľ
Skúsený užívateľ
PROSIM POMOZTE S VIRUSOM !!!

Registrovaný: 22.03.07
Prihlásený: 14.06.14
Príspevky: 2108
Témy: 15 | 15
Bydlisko: Bratislava V
NapísalOffline : 25.05.2009 18:39 | PROSIM POMOZTE S VIRUSOM !!!

Prepáč, nepresne som to uviedol. Záložka Hidden Services v RootRepeal. Rovnaký postup odstránenia. Položka:
Service Name: gxvxcserv.sys
Image Path: C:\WINDOWS\system32\drivers\gxvxcldyujolthipfqjwswwsrtudppetilfot.sys


_________________
DESKTOP: Intel Pentium Dual Core E2180, Gigabyte GA-P31-DS3L, 3GB DDR2 800Mhz, ASUS Radeon HD3650 256MB, ASUS DRW-1608P3S, Hitachi Deskstar T7K250 160GB, Fortron FSP350-60GLN
NTB: HP 510: Intel Celeron M360, 512MB DDR2 533MHz, Intel GMA 900, Hitachi Travelstar 4K120 40GB, Sony CRX880A
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 06.03.09
Prihlásený: 31.03.14
Príspevky: 70
Témy: 17 | 17
Napísal autor témyOffline : 26.05.2009 11:08 | PROSIM POMOZTE S VIRUSOM !!!

br4n0 píše:
Prepáč, nepresne som to uviedol. Záložka Hidden Services v RootRepeal. Rovnaký postup odstránenia. Položka:
Service Name: gxvxcserv.sys
Image Path: C:\WINDOWS\system32\drivers\gxvxcldyujolthipfqjwswwsrtudppetilfot.sys


Prosim ta a je nutne robit toto este ked uz mi idu spustit nejake programy na to svinstvo ? :)


Offline

Skúsený užívateľ
Skúsený užívateľ
PROSIM POMOZTE S VIRUSOM !!!

Registrovaný: 22.03.07
Prihlásený: 14.06.14
Príspevky: 2108
Témy: 15 | 15
Bydlisko: Bratislava V
NapísalOffline : 27.05.2009 0:54 | PROSIM POMOZTE S VIRUSOM !!!

Bolo by dobré to dokončiť (log už nemusíš posielať). "Anti" nástroje ti zrejme nepomôžu.


_________________
DESKTOP: Intel Pentium Dual Core E2180, Gigabyte GA-P31-DS3L, 3GB DDR2 800Mhz, ASUS Radeon HD3650 256MB, ASUS DRW-1608P3S, Hitachi Deskstar T7K250 160GB, Fortron FSP350-60GLN
NTB: HP 510: Intel Celeron M360, 512MB DDR2 533MHz, Intel GMA 900, Hitachi Travelstar 4K120 40GB, Sony CRX880A
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 06.03.09
Prihlásený: 31.03.14
Príspevky: 70
Témy: 17 | 17
Napísal autor témyOffline : 27.05.2009 10:16 | PROSIM POMOZTE S VIRUSOM !!!

Help ! Prosim ta mam problem... spravil som to co si mi naposledy kazal no neslo to... Ked som dal force delete tak mi vyhodilo ze could not force-delete file Error code... no a ked som dal wipe file tak vypisalo Could not find file on disk ! DIKY :)


Offline

Skúsený užívateľ
Skúsený užívateľ
PROSIM POMOZTE S VIRUSOM !!!

Registrovaný: 22.03.07
Prihlásený: 14.06.14
Príspevky: 2108
Témy: 15 | 15
Bydlisko: Bratislava V
NapísalOffline : 27.05.2009 11:33 | PROSIM POMOZTE S VIRUSOM !!!

Môžeš skúsiť GMER. Počkaj na skončenie úvodného skenu, potom klikni na záložku ">>>", klikni na Services, nájdi gxvxcserv.sys, pravý klik a Delete.
GMER možno hodí chybu, ale mal by to vymazať. V podstate to už aj tak nie je kritické, keďže malware bol odstránený.


_________________
DESKTOP: Intel Pentium Dual Core E2180, Gigabyte GA-P31-DS3L, 3GB DDR2 800Mhz, ASUS Radeon HD3650 256MB, ASUS DRW-1608P3S, Hitachi Deskstar T7K250 160GB, Fortron FSP350-60GLN
NTB: HP 510: Intel Celeron M360, 512MB DDR2 533MHz, Intel GMA 900, Hitachi Travelstar 4K120 40GB, Sony CRX880A
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 06.03.09
Prihlásený: 31.03.14
Príspevky: 70
Témy: 17 | 17
Napísal autor témyOffline : 27.05.2009 13:51 | PROSIM POMOZTE S VIRUSOM !!!

Pocuj a je to nutne robit s tym gmerom v nudzovom rezime ? lebo uz mi to hodinu skenuje... :jaw:


Offline

Skúsený užívateľ
Skúsený užívateľ
PROSIM POMOZTE S VIRUSOM !!!

Registrovaný: 22.03.07
Prihlásený: 14.06.14
Príspevky: 2108
Témy: 15 | 15
Bydlisko: Bratislava V
NapísalOffline : 27.05.2009 13:53 | PROSIM POMOZTE S VIRUSOM !!!

Nie, netreba v núdzovom režime.


_________________
DESKTOP: Intel Pentium Dual Core E2180, Gigabyte GA-P31-DS3L, 3GB DDR2 800Mhz, ASUS Radeon HD3650 256MB, ASUS DRW-1608P3S, Hitachi Deskstar T7K250 160GB, Fortron FSP350-60GLN
NTB: HP 510: Intel Celeron M360, 512MB DDR2 533MHz, Intel GMA 900, Hitachi Travelstar 4K120 40GB, Sony CRX880A
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 06.03.09
Prihlásený: 31.03.14
Príspevky: 70
Témy: 17 | 17
Napísal autor témyOffline : 27.05.2009 15:49 | PROSIM POMOZTE S VIRUSOM !!!

no uz som spravil... vypisalo warning ! gmer has found system modification caused by ROOTKIT activity. No potom to tam uz asi neostalo myslim ten virus... hadam to je v pohode... Inak diky moc ze mi radis :)


 [ Príspevkov: 29 ] 


PROSIM POMOZTE S VIRUSOM !!!



Podobné témy

 Témy  Odpovede  Zobrazenia  Posledný príspevok 
V tomto fóre nie sú ďalšie neprečítané témy.

Obnova systemu po napadnuti virusom???Prosim pomoc

v Operačné systémy Microsoft

1

323

16.10.2007 12:14

br4n0

V tomto fóre nie sú ďalšie neprečítané témy.

pomozte prosim

v ATI/AMD grafické karty

3

426

27.07.2009 12:12

Gonzo

V tomto fóre nie sú ďalšie neprečítané témy.

Pomôžte prosím

v PHP, ASP

12

371

18.09.2007 17:04

stenley

V tomto fóre nie sú ďalšie neprečítané témy.

Prosim pomozte

v Redakčné systémy

6

436

01.05.2007 1:24

Tom@S

V tomto fóre nie sú ďalšie neprečítané témy.

prosim pomožte

v Audio programy

2

114

30.10.2013 18:10

tyrus

V tomto fóre nie sú ďalšie neprečítané témy.

Pomôžte prosím

v Assembler, C, C++, Pascal, Java

3

526

04.05.2007 22:43

audiotrack

V tomto fóre nie sú ďalšie neprečítané témy.

pomozte prosim

v PHP, ASP

3

253

26.10.2007 21:13

Tominator

V tomto fóre nie sú ďalšie neprečítané témy.

AUTOPLAY-- POMOZTE PROSIM...

v Notebooky a netbooky

2

271

18.05.2009 11:24

MORPHIUM

V tomto fóre nie sú ďalšie neprečítané témy.

Prosim pomozte mi

v Pamäte

4

455

10.02.2008 15:07

Jaro

V tomto fóre nie sú ďalšie neprečítané témy.

Prosím pomôžte mi

v Antivíry a antispywary

3

407

16.07.2007 17:01

Rbot

V tomto fóre nie sú ďalšie neprečítané témy.

Prosím pomôžte mi

v Biosy a ladenie výkonu

4

323

24.11.2010 19:21

adoooo77

V tomto fóre nie sú ďalšie neprečítané témy.

Pomôžte mi, prosím!

v Notebooky a netbooky

13

214

03.07.2012 22:55

Xaltotun

V tomto fóre nie sú ďalšie neprečítané témy.

Prosím pomôžte. RAM

v Pamäte

4

164

16.09.2012 10:25

kristian99

V tomto fóre nie sú ďalšie neprečítané témy.

Chlapi prosim pomozte!!!

[ Choď na stránku:Choď na stránku: 1, 2 ]

v Antivíry a antispywary

35

2024

24.04.2008 20:31

Jaro

V tomto fóre nie sú ďalšie neprečítané témy.

Zablokovane prosim pomôžte mi !

v Siete

4

85

19.02.2013 14:55

void

V tomto fóre nie sú ďalšie neprečítané témy.

prosím pomôžte, troška ajaxu

v JavaScript, VBScript, Ajax

1

234

10.05.2009 14:49

juho



© 2005 - 2017 PCforum, edited by JanoF