Obsah fóra
PravidláRegistrovaťPrihlásenie




Odpovedať na tému [ Príspevkov: 29 ] 
AutorSpráva
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 06.03.09
Prihlásený: 31.03.14
Príspevky: 70
Témy: 17
Príspevok NapísalOffline : 22.05.2009 22:46

Zdravim mal som alebo mam virusy.... no nod ich pravdepodobne vymazal a uz nenachadza ziadne no zda sa mi ze problemy co mam sposobili alebo sposobuju virusy... no napriklad mi nefunguje obnovovanie systemu a ani vytvorenie bodu a programy co som si stiahol co su urcene na virusy a podobne svinstvo idu sice nainstalovat ale nejdu spustit... prosim pomozte asi mam stale zavireny pocitac... neviem si dat rady... DAKUEJM PEKNE :)
A este som som zabudol ze mi nejde otvorit disky dvojitym kliknutim a vypisuje ze system nemoze najst subor recycler.... toto som uz aj opravil tu na fore co som nasiel trik na to len zase mi to vypisuje...


Offline

Užívateľ
Užívateľ
PROSIM POMOZTE S VIRUSOM !!!

Registrovaný: 07.04.06
Prihlásený: 16.12.14
Príspevky: 3065
Témy: 119
Bydlisko: Nitra
Príspevok NapísalOffline : 22.05.2009 22:53

skus v safe mode este precistit poradne PC, a ked nic nepomaha urcte ti pomoze reinstall winu







_________________
nemam rad ludi ktori hladaju dovody preco by to neslo .. ale krasni su ludia ktori hladaju dovody akoby to slo ....
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 06.03.09
Prihlásený: 31.03.14
Príspevky: 70
Témy: 17
Príspevok Napísal autor témyOffline : 22.05.2009 22:55

Ako myslis ze precistit pc ? cim prosim ta ?


Offline

Užívateľ
Užívateľ
PROSIM POMOZTE S VIRUSOM !!!

Registrovaný: 07.04.06
Prihlásený: 16.12.14
Príspevky: 3065
Témy: 119
Bydlisko: Nitra
Príspevok NapísalOffline : 22.05.2009 22:57

:D prejdes do safe modu, a potom spustai antivirus, antispyware a precistis registre :)







_________________
nemam rad ludi ktori hladaju dovody preco by to neslo .. ale krasni su ludia ktori hladaju dovody akoby to slo ....
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 06.03.09
Prihlásený: 31.03.14
Príspevky: 70
Témy: 17
Príspevok Napísal autor témyOffline : 22.05.2009 23:07

ale ved som pisal ze jedine co mi funguje je nod 32... ziadne antispyware mi nejdu spustit... help ! :(


Offline

Užívateľ
Užívateľ
PROSIM POMOZTE S VIRUSOM !!!

Registrovaný: 03.07.06
Prihlásený: 01.02.24
Príspevky: 1486
Témy: 73
Bydlisko: Martin
Príspevok NapísalOffline : 23.05.2009 0:19

skusal si ten nudzak?


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 20.05.09
Prihlásený: 11.10.09
Príspevky: 265
Témy: 3
Príspevok NapísalOffline : 23.05.2009 6:03

martinerik2 píše:
Zdravim mal som alebo mam virusy.... no nod ich pravdepodobne vymazal a uz nenachadza ziadne no zda sa mi ze problemy co mam sposobili alebo sposobuju virusy... no napriklad mi nefunguje obnovovanie systemu a ani vytvorenie bodu a programy co som si stiahol co su urcene na virusy a podobne svinstvo idu sice nainstalovat ale nejdu spustit... prosim pomozte asi mam stale zavireny pocitac... neviem si dat rady... DAKUEJM PEKNE :)
A este som som zabudol ze mi nejde otvorit disky dvojitym kliknutim a vypisuje ze system nemoze najst subor recycler.... toto som uz aj opravil tu na fore co som nasiel trik na to len zase mi to vypisuje...


Skus tam nahodit superantispirvare pokial ti ide net aby sa aktualizoval alebo hdd na druhy počitač a odvirit


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 06.03.09
Prihlásený: 31.03.14
Príspevky: 70
Témy: 17
Príspevok Napísal autor témyOffline : 23.05.2009 8:41

Ano skusal som nudzak... ani v nom nejdu spustit programy na to svinstvo :jaw: Tak mi prosim vas niekto poradte nieco... hlavne aby som nemusel mazat disk mam ho plny udajov... A este som zabudol ze sa mi RESTARTUJE A ZAMRZA PC velmi casto...


Offline

Skúsený užívateľ
Skúsený užívateľ
PROSIM POMOZTE S VIRUSOM !!!

Registrovaný: 22.03.07
Prihlásený: 23.06.23
Príspevky: 2096
Témy: 15
Bydlisko: Bratislava V
Príspevok NapísalOffline : 23.05.2009 13:01

Pošli UPM log.







_________________
DESKTOP: Intel Pentium Dual Core E2180, Gigabyte GA-P31-DS3L, 3GB DDR2 800Mhz, ASUS Radeon HD3650 256MB, ASUS DRW-1608P3S, Hitachi Deskstar T7K250 160GB, Fortron FSP350-60GLN
NTB: HP 510: Intel Celeron M360, 512MB DDR2 533MHz, Intel GMA 900, Hitachi Travelstar 4K120 40GB, Sony CRX880A
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 06.03.09
Prihlásený: 31.03.14
Príspevky: 70
Témy: 17
Príspevok Napísal autor témyOffline : 23.05.2009 18:36

T u je ten log... tak helpnite odbornici... :)

Windows XP SP 3 (build 2600)
Boot Mode: Normal
Overení sůborů Microsoftu: Áno
Whitelist: Áno
Internet Explorer v6.00.2900.5512 (xpsp.080413-2105)
Log vygenerovaný:23.5.2009 18:33:37
================================================================

SmallARK
================================================================
[R]NtCreateKey -> C:\WINDOWS\system32\drivers\PCTCore.sys
[R]NtCreateProcess -> C:\WINDOWS\system32\drivers\PCTCore.sys
[R]NtCreateProcessEx -> C:\WINDOWS\system32\drivers\PCTCore.sys
[R]NtDeleteKey -> C:\WINDOWS\system32\drivers\PCTCore.sys
[R]NtDeleteValueKey -> C:\WINDOWS\system32\drivers\PCTCore.sys
[?]NtEnumerateKey -> spsv.sys
[?]NtEnumerateValueKey -> spsv.sys
[R]NtOpenKey -> C:\WINDOWS\system32\drivers\PCTCore.sys
[?]NtQueryKey -> spsv.sys
[?]NtQueryValueKey -> spsv.sys
[R]NtRenameKey -> C:\WINDOWS\system32\drivers\PCTCore.sys
[R]NtSetValueKey -> C:\WINDOWS\system32\drivers\PCTCore.sys
[R]NtTerminateProcess -> C:\WINDOWS\system32\drivers\PCTCore.sys


Bežiace procesy
================================================================

C:\WINDOWS\RTHDCPL.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\WINDOWS\SYSTEM32\NVSVC32.EXE
C:\PROGRAM FILES\CANON\CAL\CALMAIN.EXE
C:\DOCUMENTS AND SETTINGS\MARTIN\DESKTOP\UPM.EXE

Scanner
================================================================
[S] explorer.exe
Spúšťa sa po štarte HKLM Winlogon [Shell]

[R] GoogleUpdate.exe
Spúšťa sa po štarte Job [GOOGLE~1.JOB]

[S] rundll32.exe
Spúšťa sa po štarte HKLM Run [NvCplDaemon]

[?] RTHDCPL.EXE
Spúšťa sa po štarte HKLM Run [RTHDCPL]

[?] winampa.exe
Bez výrobcu
Spúšťa sa po štarte HKLM Run [WinampAgent]
Súbor 25%

[R] jusched.exe
Spúšťa sa po štarte HKLM Run [SunJavaUpdateSched]

[R] egui.exe
Spúšťa sa po štarte HKLM Run [egui]

[S] ctfmon.exe
Spúšťa sa po štarte HKCU Run [CTFMON.EXE]

[?] nvsvc32.exe
Non Microsoft v System32:

[?] CALMAIN.exe
Nemá okno
Súbor 7%

[?] UPM.exe
Súbor 7%


Po spustení
================================================================

HKLM Run
|_ [?][NvCplDaemon] C:\WINDOWS\system32\NvCpl.dll ,NvStartup
|_ [?][NvMediaCenter] C:\WINDOWS\system32\NvMcTray.dll ,NvTaskbarInit
|_ [?][RTHDCPL] C:\WINDOWS\RTHDCPL.EXE
|_ [?][Alcmtr] C:\WINDOWS\ALCMTR.EXE
|_ [?][WinampAgent] C:\Program Files\Winamp\winampa.exe
|_ [R][egui] C:\Program Files\ESET\ESET Smart Security\egui.exe /hide /waitservice

HKLM IC
|_ [X][>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP (Súbor nebol nájdený)
|_ [?][{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] C:\WINDOWS\INF\msnetmtg.inf ,NetMtg.Install.PerUser.NT
|_ [?][{5945c046-1e7d-11d1-bc44-00c04fd912be}] C:\WINDOWS\INF\msmsgs.inf ,BLC.QuietInstall.PerUser
|_ [?][{6BF52A52-394A-11d3-B153-00C04F79FAA6}] C:\WINDOWS\INF\wmp11.inf ,PerUserStub
|_ [?][{89820200-ECBD-11cf-8B85-00AA005B4340}] regsvr32.exe /s /n /i:U shell32.dll

Job
|_ [X][{5B57C~1.JOB] C:\WINDOWS\TEMP\tempo-68906.tmp
|_ [X][{5B57C~1.JOB] C:\WINDOWS\TEMP\tempo-68906.tmp


HKLM BHO
|_ [?][{DBC80044-A445-435b-BC74-9C25C1C588A9}] C:\Program Files\Java\jre6\bin\jp2ssv.dll
|_ [?][{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

Služby (Zobraz bežiace: True, Zobraz zastavené: False, Zobraz i bezpečné: False)
================================================================
[?] Canon Camera Access Library 8
|_ Cesta: C:\Program Files\Canon\CAL\CALMAIN.exe
| |_ Výrobca: Canon Inc.
| |_ Popis: Canon Camera Access Library 8
| |_ MD5: 8EF654045E518AC00E52E7A1E2D3AD70
|
|_ Meno: CCALib8
|_ StartName: LocalSystem
|_ Typ spúšťania: Auto Start
|_ Status: Spustené
|_ Typ: Win32 Own Process
|_ Dependency: stisvc

[X] Služba Google Update (gupdate1c99bd1ca85b440)
|_ Cesta: C:\Program Files\Google\Update\GoogleUpdate.exe /svc
| |_ Výrobca:
| |_ Popis:
| |_ MD5:
|
|_ Meno: gupdate1c99bd1ca85b440
|_ StartName: LocalSystem
|_ Typ spúšťania: Auto Start
|_ Status: Zastavené
|_ Typ: Win32 Own Process
|_ Dependency: RPCSS

[X] Java Quick Starter
|_ Cesta: C:\Program Files\Java\jre6\bin\jqs.exe -service -config C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf
| |_ Výrobca:
| |_ Popis:
| |_ MD5:
|
|_ Meno: JavaQuickStarterService
|_ StartName: LocalSystem
|_ Typ spúšťania: Auto Start
|_ Status: Spustené
|_ Typ: Win32 Own Process
|_ Dependency:

[?] NVIDIA Display Driver Service
|_ Cesta: C:\WINDOWS\system32\nvsvc32.exe
| |_ Výrobca: NVIDIA Corporation
| |_ Popis: NVIDIA Driver Helper Service, Version 162.30
| |_ MD5: E534FBD8340B7C6C6A80589383430A53
|
|_ Meno: NVSvc
|_ StartName: LocalSystem
|_ Typ spúšťania: Auto Start
|_ Status: Spustené
|_ Typ: Win32 Own Process
|_ Dependency:


Ovládače (Zobraz bežiace: True, Zobraz zastavené: False, Zobraz i bezpečné: False)
================================================================
[?] Service for Realtek HD Audio (WDM)
|_ Cesta: C:\WINDOWS\system32\drivers\RtkHDAud.sys
| |_ Výrobca: Realtek Semiconductor Corp.
| |_ Popis: Realtek(r) High Definition Audio Function Driver
| |_ MD5: 81B7003BF13FF3AC95D7B2D4C2E8F787
|
|_ Meno: IntcAzAudAddService
|_ StartName:
|_ Typ spúšťania: Ručné spustenie
|_ Status: Spustené
|_ Typ: Kernel Driver
|_ Dependency:

[?] nv
|_ Cesta: C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
| |_ Výrobca: NVIDIA Corporation
| |_ Popis: NVIDIA Compatible Windows 2000 Miniport Driver, Version 162.30
| |_ MD5: FEE170F182D5167B6E06E490DD7B42D7
|
|_ Meno: nv
|_ StartName:
|_ Typ spúšťania: Ručné spustenie
|_ Status: Spustené
|_ Typ: Kernel Driver
|_ Dependency:

[?] Realtek 10/100/1000 PCI NIC Family NDIS XP Driver
|_ Cesta: C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
| |_ Výrobca: Realtek Semiconductor Corporation
| |_ Popis: Realtek 10/100/1000 NDIS 5.1 Driver
| |_ MD5: 1E11171C0B9989E1BDAA59E96B2E81C4
|
|_ Meno: RTL8023xp
|_ StartName:
|_ Typ spúšťania: Ručné spustenie
|_ Status: Spustené
|_ Typ: Kernel Driver
|_ Dependency:

[?] sptd
|_ Cesta: C:\WINDOWS\System32\Drivers\sptd.sys
| |_ Výrobca:
| |_ Popis:
| |_ MD5:
|
|_ Meno: sptd
|_ StartName:
|_ Typ spúšťania: Boot Start
|_ Status: Spustené
|_ Typ: Kernel Driver
|_ Dependency:

[?] Start1Driver
|_ Cesta: C:\WINDOWS\system32\drivers\Start1Driver.sys
| |_ Výrobca: F.Y.N. Technology Inc.
| |_ Popis: Start1Driver
| |_ MD5: 6CADDAF4119AAAD4B4DF4A14AA6DA95A
|
|_ Meno: Start1Driver
|_ StartName:
|_ Typ spúšťania: System Start
|_ Status: Spustené
|_ Typ: Kernel Driver
|_ Dependency:


lNetStat
================================================================
Typ: PID Proces Local <-> Remote Status
----------------------------------------------------------------------------------------
TCP (1280) svchost.exe 0.0.0.0:135 LISTENING
TCP (4) Systém 0.0.0.0:445 LISTENING
TCP (2372) alg.exe 127.0.0.1:1029 LISTENING
TCP (3084) firefox.exe 127.0.0.1:1035 <-> 127.0.0.1:1036 ESTABLISHED
TCP (3084) firefox.exe 127.0.0.1:1036 <-> 127.0.0.1:1035 ESTABLISHED
TCP (3084) firefox.exe 127.0.0.1:1043 <-> 127.0.0.1:1044 ESTABLISHED
TCP (3084) firefox.exe 127.0.0.1:1044 <-> 127.0.0.1:1043 ESTABLISHED
TCP (3084) firefox.exe 127.0.0.1:1075 <-> 127.0.0.1:30606 ESTABLISHED
TCP (3084) firefox.exe 127.0.0.1:1077 <-> 127.0.0.1:30606 ESTABLISHED
TCP (3084) firefox.exe 127.0.0.1:1119 <-> 127.0.0.1:30606 ESTABLISHED
TCP (3084) firefox.exe 127.0.0.1:1155 <-> 127.0.0.1:30606 ESTABLISHED
TCP (3084) firefox.exe 127.0.0.1:1157 <-> 127.0.0.1:30606 ESTABLISHED
TCP (3084) firefox.exe 127.0.0.1:1241 <-> 127.0.0.1:30606 ESTABLISHED
TCP (0) 127.0.0.1:1388 TIME_WAIT
TCP (0) 127.0.0.1:1390 TIME_WAIT
TCP (0) 127.0.0.1:1392 TIME_WAIT
TCP (0) 127.0.0.1:1394 TIME_WAIT
TCP (0) 127.0.0.1:1396 TIME_WAIT
TCP (0) 127.0.0.1:1398 TIME_WAIT
TCP (0) 127.0.0.1:1400 TIME_WAIT
TCP (0) 127.0.0.1:1402 TIME_WAIT
TCP (0) 127.0.0.1:1404 TIME_WAIT
TCP (0) 127.0.0.1:1408 TIME_WAIT
TCP (0) 127.0.0.1:1410 TIME_WAIT
TCP (0) 127.0.0.1:1411 TIME_WAIT
TCP (664) jusched.exe 127.0.0.1:1422 <-> 127.0.0.1:30606 ESTABLISHED
TCP (576) jqs.exe 127.0.0.1:5152 LISTENING
TCP (576) jqs.exe 127.0.0.1:5152 CLOSE_WAIT
TCP (1220) ekrn.exe 127.0.0.1:30606 LISTENING
TCP (1220) ekrn.exe 127.0.0.1:30606 <-> 127.0.0.1:1075 ESTABLISHED
TCP (1220) ekrn.exe 127.0.0.1:30606 <-> 127.0.0.1:1077 ESTABLISHED
TCP (1220) ekrn.exe 127.0.0.1:30606 <-> 127.0.0.1:1119 ESTABLISHED
TCP (1220) ekrn.exe 127.0.0.1:30606 <-> 127.0.0.1:1155 ESTABLISHED
TCP (1220) ekrn.exe 127.0.0.1:30606 <-> 127.0.0.1:1157 ESTABLISHED
TCP (1220) ekrn.exe 127.0.0.1:30606 <-> 127.0.0.1:1241 ESTABLISHED
TCP (0) 127.0.0.1:30606 TIME_WAIT
TCP (0) 127.0.0.1:30606 TIME_WAIT
TCP (0) 127.0.0.1:30606 TIME_WAIT
TCP (0) 127.0.0.1:30606 TIME_WAIT
TCP (0) 127.0.0.1:30606 TIME_WAIT
TCP (0) 127.0.0.1:30606 TIME_WAIT
TCP (0) 127.0.0.1:30606 TIME_WAIT
TCP (0) 127.0.0.1:30606 TIME_WAIT
TCP (0) 127.0.0.1:30606 TIME_WAIT
TCP (0) 127.0.0.1:30606 TIME_WAIT
TCP (1220) ekrn.exe 127.0.0.1:30606 <-> 127.0.0.1:1422 ESTABLISHED
TCP (0) 127.0.0.1:30606 TIME_WAIT
TCP (4) Systém 192.168.0.118:139 LISTENING
TCP (4) Systém 192.168.0.118:1054 CLOSE_WAIT
TCP (1220) ekrn.exe 192.168.0.118:1076 <-> 213.215.107.226:80 ESTABLISHED
TCP (1220) ekrn.exe 192.168.0.118:1078 <-> 213.215.107.226:80 ESTABLISHED
TCP (1220) ekrn.exe 192.168.0.118:1120 <-> 213.215.107.229:80 ESTABLISHED
TCP (1220) ekrn.exe 192.168.0.118:1156 <-> 213.215.107.225:80 ESTABLISHED
TCP (1220) ekrn.exe 192.168.0.118:1160 <-> 213.215.107.225:80 ESTABLISHED
TCP (1220) ekrn.exe 192.168.0.118:1242 <-> 213.215.107.218:80 ESTABLISHED
UDP (4) Systém 0.0.0.0:445 <-> 72.246.94.8:80 ESTABLISHED
UDP (1016) lsass.exe 0.0.0.0:500
UDP (1016) lsass.exe 0.0.0.0:4500
UDP (1404) svchost.exe 127.0.0.1:123
UDP (1608) svchost.exe 127.0.0.1:1900
UDP (1404) svchost.exe 192.168.0.118:123
UDP (4) Systém 192.168.0.118:137
UDP (4) Systém 192.168.0.118:138
UDP (1608) svchost.exe 192.168.0.118:1900

Moduly (Zobraz i bezpečné: False, Len bez výrobcu: True, Zobraz registrované: False)
================================================================
[?] unrar.dll
|_ Cesta: C:\Program Files\Lavasoft\Ad-Aware\unrar.dll
|_ MD5: A3922CD380F968B898DA4BB414C38900
|_ Výrobca:
|_ Procesy
|_ AAWService.exe (1656)

[?] softokn3.dll
|_ Cesta: C:\Program Files\Mozilla Firefox\softokn3.dll
|_ MD5: 387FDF44535C8781606004222B9F5E03
|_ Výrobca: Mozilla Foundation
|_ Procesy
|_ firefox.exe (3084)

[?] freebl3.dll
|_ Cesta: C:\Program Files\Mozilla Firefox\freebl3.dll
|_ MD5: 41E5778C1652AE497144E2C33EFDA723
|_ Výrobca: Mozilla Foundation
|_ Procesy
|_ firefox.exe (3084)



================================================================
Ultimate Process Manager v4.1.3 - [ Lodus Software ] - Not Registered =(


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 06.03.09
Prihlásený: 31.03.14
Príspevky: 70
Témy: 17
Príspevok Napísal autor témyOffline : 23.05.2009 18:41

Linux píše:
omg zase všetci dávajú cool rady... :) prečist Nodom + antispyware... :lol:

//pokiaľ sa to nepodarilo odstrániť doteraz tak pochybujem že to týmto spôsobom pôjde...

jediná rozumná rada je do br4n0 ;) :)


Coze s tou roizumnou radou ? :-)


Offline

Užívateľ
Užívateľ
PROSIM POMOZTE S VIRUSOM !!!

Registrovaný: 01.08.08
Prihlásený: 08.02.15
Príspevky: 327
Témy: 24
Bydlisko: Galanta
Príspevok NapísalOffline : 23.05.2009 19:40

Konkrétne ti neporadím,ale skús tu:

http://www.viry.cz/forum/

Tu majú riešenia na skoro všetko.Prípadné moje problémy v minulosti vždy
vyriešili.







_________________
MB:ASROCK K8NF3-VSTA,GK:Sapphire HD 2600 XT AGP,CPU:AMD Athlon 64 3200+,RAM:2x1Gb Kingston DDR400,TV Karta:AVER TV6 Analog,Zdroj:Fortron 650W,Monitor:ASUS VW 198S,DVD RW:ASUS DRW-2014L1T,HDD:Seagate 250GB+Maxtor 120Gb,Mouse:Microsoft USB Optical 4000,Case:A+ X-BLADE,OS:Windows XP Pro
NB:Toshiba Tecra A10-11M Windows Vista Business
Offline

Skúsený užívateľ
Skúsený užívateľ
PROSIM POMOZTE S VIRUSOM !!!

Registrovaný: 22.03.07
Prihlásený: 23.06.23
Príspevky: 2096
Témy: 15
Bydlisko: Bratislava V
Príspevok NapísalOffline : 23.05.2009 21:25

V UPM zvoľ ďalšie nástroje - ovládače, pravý klik na Start1Driver a Odstrániť.
Ďalej zmaž C:\WINDOWS\Tasks\5B57C~1.JOB

Ešte by si mohol poslať log z rootrepeal.







_________________
DESKTOP: Intel Pentium Dual Core E2180, Gigabyte GA-P31-DS3L, 3GB DDR2 800Mhz, ASUS Radeon HD3650 256MB, ASUS DRW-1608P3S, Hitachi Deskstar T7K250 160GB, Fortron FSP350-60GLN
NTB: HP 510: Intel Celeron M360, 512MB DDR2 533MHz, Intel GMA 900, Hitachi Travelstar 4K120 40GB, Sony CRX880A
Offline

Užívateľ
Užívateľ
PROSIM POMOZTE S VIRUSOM !!!

Registrovaný: 06.07.08
Prihlásený: 13.01.24
Príspevky: 2369
Témy: 134
Príspevok NapísalOffline : 23.05.2009 21:40

No dobre...takze stahovat mozes?Mozes napalit jedno cd?...ak aj tak odporucam toto:

http://www.secit.sk/content/navody?q=co ... tie-livecd

a ked nic tak skus...www.secit.sk


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 06.03.09
Prihlásený: 31.03.14
Príspevky: 70
Témy: 17
Príspevok Napísal autor témyOffline : 24.05.2009 14:19

br4n0 píše:
V UPM zvoľ ďalšie nástroje - ovládače, pravý klik na Start1Driver a Odstrániť.
Ďalej zmaž C:\WINDOWS\Tasks\5B57C~1.JOB

Ešte by si mohol poslať log z rootrepeal.


Z kade mam plis zmazat ten subor C:\WINDOWS\Tasks\5B57C~1.JOB ??? Lebo ho v UPM nemozem najst...


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 06.03.09
Prihlásený: 31.03.14
Príspevky: 70
Témy: 17
Príspevok Napísal autor témyOffline : 24.05.2009 14:40

Tu je log z rootrepal... Vopred dakujem :)

ROOTREPEAL (c) AD, 2007-2008
==================================================
Scan Time: 2009/05/24 14:33
Program Version: Version 1.2.3.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF3650000 Size: 98304 File Visible: No
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7B0E000 Size: 8192 File Visible: No
Status: -

Name: gxvxcldyujolthipfqjwswwsrtudppetilfot.sys
Image Path: C:\WINDOWS\system32\drivers\gxvxcldyujolthipfqjwswwsrtudppetilfot.sys
Address: 0xF3819000 Size: 122880 File Visible: -
Status: Hidden from Windows API!

Name: PCI_PNP8000
Image Path: \Driver\PCI_PNP8000
Address: 0x00000000 Size: 0 File Visible: No
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xBA44B000 Size: 45056 File Visible: No
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No
Status: -

Name: spub.sys
Image Path: spub.sys
Address: 0xF744C000 Size: 1052672 File Visible: No
Status: -

Name: Start1Driver.SYS
Image Path: C:\WINDOWS\System32\Drivers\Start1Driver.SYS
Address: 0xF790E000 Size: 28672 File Visible: No
Status: -

Hidden/Locked Files
-------------------
Path: C:\Program Files\heels\DA_BRI~1.MPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\DA_MAR~1.MPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\GINA&L~1.ZIP:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\GL-FW3~2.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\GL-FW3~3.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\GL-FW3~1.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\KARINA~1.ZIP:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\MGB_BR~1.MPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\PLIB_N~1.MPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\system32\gxvxccounter
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\gxvxckptepbvytaeyxjeojxuqmnrrseurkvuk.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\gxvxcpxrdltareqgooeukdairogqvegoxubqa.dll
Status: Invisible to the Windows API!

Path: C:\Program Files\heels\total new\POVPAN~2.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\total new\POVPAN~1.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\red\JB07DC~1.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\system32\drivers\gxvxcbqoewprrskltoijnbgkvdkmxfqvoyirw.sys
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\drivers\gxvxckneswxrpnwmiecpjnrjlvmxtqjisqswo.sys
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\drivers\gxvxcldyujolthipfqjwswwsrtudppetilfot.sys
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\drivers\gxvxcowftowqbdqomqxfcxrxhkdkbxrmpxuhj.sys
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\drivers\gxvxcqxsduymawofjgewivaqrxmpcimnwhose.sys
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\drivers\gxvxcwwkteooqxrxumejpyavchosrtxnrirsn.sys
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Martin\Local Settings\Temp\etilqs_SeDNqXsi7FLs1CnLIt6A
Status: Allocation size mismatch (API: 32768, Raw: 0)

Path: C:\Program Files\heels\ny\cd1\NY5009~1.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\ny\cd1\NYLON_~3.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\ny\cd1\NY5809~1.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\ny\cd1\NYLON_~4.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\ny\cd1\NY5019~1.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\ny\cd1\NYLON_~1.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\ny\cd1\NYLON_~2.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\ny\cd1\NY5C19~1.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\ny\cd2\NYLON_~1.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\ny\cd2\NYLON_~2.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\ny\cd2\NYLON_~4.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\ny\cd2\NYDC09~1.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\ny\cd2\NYD019~1.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\ny\cd2\NYD419~1.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\ny\cd2\NYD819~1.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\wk5extt3.default\sessionstore.js
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Martin\Local Settings\Application Data\Mozilla\Firefox\Profiles\wk5extt3.default\Cache\_CACHE_001_
Status: Size mismatch (API: 1085233, Raw: 1084609)

Path: E:\NOVE\Sd8V55.rar:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: E:\NOVE\VALENT~1.ZIP:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: E:\NOVE\7929VH~1.AVI:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "PCTCore.sys" at address 0xf735b514

#: 047 Function Name: NtCreateProcess
Status: Hooked by "PCTCore.sys" at address 0xf734a282

#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "PCTCore.sys" at address 0xf734a474

#: 063 Function Name: NtDeleteKey
Status: Hooked by "PCTCore.sys" at address 0xf735bd00

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "PCTCore.sys" at address 0xf735bfb8

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "spub.sys" at address 0xf746bca4

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "spub.sys" at address 0xf746c032

#: 119 Function Name: NtOpenKey
Status: Hooked by "PCTCore.sys" at address 0xf735a3fa

#: 160 Function Name: NtQueryKey
Status: Hooked by "spub.sys" at address 0xf746c10a

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "spub.sys" at address 0xf746bf8a

#: 192 Function Name: NtRenameKey
Status: Hooked by "PCTCore.sys" at address 0xf735c422

#: 247 Function Name: NtSetValueKey
Status: Hooked by "PCTCore.sys" at address 0xf735b7d8

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "PCTCore.sys" at address 0xf7349f32

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x86c841f8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x86c841f8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x86c841f8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x86c841f8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86c841f8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86c841f8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86c841f8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86c841f8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x86c841f8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86c841f8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x86c841f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE]
Process: System Address: 0x86fd81f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE]
Process: System Address: 0x86fd81f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_READ]
Process: System Address: 0x86fd81f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE]
Process: System Address: 0x86fd81f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86fd81f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86fd81f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86fd81f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86fd81f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_POWER]
Process: System Address: 0x86fd81f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86fd81f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_PNP]
Process: System Address: 0x86fd81f8 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System Address: 0x86cce1f8 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System Address: 0x86cce1f8 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86cce1f8 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86cce1f8 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System Address: 0x86cce1f8 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86cce1f8 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System Address: 0x86cce1f8 Size: -

Object: Hidden Code [Driver: axlskjy1؅ఐ卆浩", IRP_MJ_CREATE]
Process: System Address: 0x86c601f8 Size: -

Object: Hidden Code [Driver: axlskjy1؅ఐ卆浩", IRP_MJ_CLOSE]
Process: System Address: 0x86c601f8 Size: -

Object: Hidden Code [Driver: axlskjy1؅ఐ卆浩", IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86c601f8 Size: -

Object: Hidden Code [Driver: axlskjy1؅ఐ卆浩", IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86c601f8 Size: -

Object: Hidden Code [Driver: axlskjy1؅ఐ卆浩", IRP_MJ_POWER]
Process: System Address: 0x86c601f8 Size: -

Object: Hidden Code [Driver: axlskjy1؅ఐ卆浩", IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86c601f8 Size: -

Object: Hidden Code [Driver: axlskjy1؅ఐ卆浩", IRP_MJ_PNP]
Process: System Address: 0x86c601f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x86f691f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x86f691f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x86f691f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86f691f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86f691f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86f691f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86f691f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x86f691f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x86f691f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86f691f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x86f691f8 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x8626a1f8 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x8626a1f8 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8626a1f8 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8626a1f8 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x8626a1f8 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x8626a1f8 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x86ca11f8 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x86ca11f8 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86ca11f8 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86ca11f8 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x86ca11f8 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86ca11f8 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x86ca11f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x8626c1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x8626c1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x8626c1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x8626c1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x8626c1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8626c1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8626c1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x8626c1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x8626c1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8626c1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8626c1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8626c1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8626c1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8626c1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8626c1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8626c1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8626c1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8626c1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x8626c1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x8626c1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8626c1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8626c1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x8626c1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8626c1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x8626c1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8626c1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8626c1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x8626c1f8 Size: -

Object: Hidden Code [Driver: Program F, IRP_MJ_CREATE]
Process: System Address: 0x867a8500 Size: -

Object: Hidden Code [Driver: Program F, IRP_MJ_CLOSE]
Process: System Address: 0x867a8500 Size: -

Object: Hidden Code [Driver: Program F, IRP_MJ_READ]
Process: System Address: 0x867a8500 Size: -

Object: Hidden Code [Driver: Program F, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x867a8500 Size: -

Object: Hidden Code [Driver: Program F, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x867a8500 Size: -

Object: Hidden Code [Driver: Program F, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x867a8500 Size: -

Object: Hidden Code [Driver: Program F, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x867a8500 Size: -

Object: Hidden Code [Driver: Program F, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x867a8500 Size: -

Object: Hidden Code [Driver: Program F, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x867a8500 Size: -

Object: Hidden Code [Driver: Program F, IRP_MJ_SHUTDOWN]
Process: System Address: 0x867a8500 Size: -

Object: Hidden Code [Driver: Program F, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x867a8500 Size: -

Object: Hidden Code [Driver: Program F, IRP_MJ_CLEANUP]
Process: System Address: 0x867a8500 Size: -

Object: Hidden Code [Driver: Program F, IRP_MJ_PNP]
Process: System Address: 0x867a8500 Size: -

Hidden Services
-------------------
Service Name: gxvxcserv.sys
Image Path: C:\WINDOWS\system32\drivers\gxvxcldyujolthipfqjwswwsrtudppetilfot.sys


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 06.03.09
Prihlásený: 31.03.14
Príspevky: 70
Témy: 17
Príspevok Napísal autor témyOffline : 24.05.2009 19:26

martinerik2 píše:
Z kade mam plis zmazat ten subor C:\WINDOWS\Tasks\5B57C~1.JOB ??? Lebo ho v UPM nemozem najst...
No nemozem ho najst ani vo windovse pomocou vyhladavania tak neviem...


Offline

Skúsený užívateľ
Skúsený užívateľ
PROSIM POMOZTE S VIRUSOM !!!

Registrovaný: 22.03.07
Prihlásený: 23.06.23
Príspevky: 2096
Témy: 15
Bydlisko: Bratislava V
Príspevok NapísalOffline : 25.05.2009 13:20

Pozri sa do C:\WINDOWS\Tasks (v UPM ďalšie nástroje - Súbory - Prechádzať a potom Zmazať). Názov bude dlhší. Ak nenájdeš, nevadí. Ešte vymaž C:\WINDOWS\TEMP\tempo-68906.tmp

Ak sa dá, reštartni do núdzového režimu (F8 pri bootovaní)

V RooRepeal na uvedených záložkách zvoľ Scan a potom pravý klik na uvedené súbory a Force Delete (ak nepôjde, tak Wipe File)

Drivers:
Name: gxvxcldyujolthipfqjwswwsrtudppetilfot.sys
Image Path: C:\WINDOWS\system32\drivers\gxvxcldyujolthipfqjwswwsrtudppetilfot.sys

Name: Start1Driver.SYS
Image Path: C:\WINDOWS\System32\Drivers\Start1Driver.SYS


Files:
C:\WINDOWS\system32\gxvxccounter
C:\WINDOWS\system32\gxvxckptepbvytaeyxjeojxuqmnrrseurkvuk.dll
C:\WINDOWS\system32\gxvxcpxrdltareqgooeukdairogqvegoxubqa.dll
C:\WINDOWS\system32\drivers\gxvxcbqoewprrskltoijnbgkvdkmxfqvoyirw.sys
C:\WINDOWS\system32\drivers\gxvxckneswxrpnwmiecpjnrjlvmxtqjisqswo.sys
C:\WINDOWS\system32\drivers\gxvxcowftowqbdqomqxfcxrxhkdkbxrmpxuhj.sys
C:\WINDOWS\system32\drivers\gxvxcqxsduymawofjgewivaqrxmpcimnwhose.sys
C:\WINDOWS\system32\drivers\gxvxcwwkteooqxrxumejpyavchosrtxnrirsn.sys

Reštartni a pošli nový log.







_________________
DESKTOP: Intel Pentium Dual Core E2180, Gigabyte GA-P31-DS3L, 3GB DDR2 800Mhz, ASUS Radeon HD3650 256MB, ASUS DRW-1608P3S, Hitachi Deskstar T7K250 160GB, Fortron FSP350-60GLN
NTB: HP 510: Intel Celeron M360, 512MB DDR2 533MHz, Intel GMA 900, Hitachi Travelstar 4K120 40GB, Sony CRX880A
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 06.03.09
Prihlásený: 31.03.14
Príspevky: 70
Témy: 17
Príspevok Napísal autor témyOffline : 25.05.2009 15:32

tu je dalsi log z rootrepalu... neviem ci sa mi vsetko podarilo... vopred dakujem :D

ROOTREPEAL (c) AD, 2007-2008
==================================================
Scan Time: 2009/05/25 15:26
Program Version: Version 1.2.3.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF34F9000 Size: 98304 File Visible: No
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7AB6000 Size: 8192 File Visible: No
Status: -

Name: PCI_PNP1248
Image Path: \Driver\PCI_PNP1248
Address: 0x00000000 Size: 0 File Visible: No
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xBA21A000 Size: 45056 File Visible: No
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No
Status: -

Name: spzw.sys
Image Path: spzw.sys
Address: 0xF744C000 Size: 1052672 File Visible: No
Status: -

Hidden/Locked Files
-------------------
Path: C:\Program Files\heels\DA_BRI~1.MPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\DA_MAR~1.MPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\GINA&L~1.ZIP:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\GL-FW3~2.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\GL-FW3~3.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\GL-FW3~1.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\KARINA~1.ZIP:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\MGB_BR~1.MPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\PLIB_N~1.MPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\total new\POVPAN~2.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\total new\POVPAN~1.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\red\JB07DC~1.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Martin\Local Settings\Temp\etilqs_aZUNjpRXNQ7R0UcQEPxn
Status: Allocation size mismatch (API: 32768, Raw: 0)

Path: C:\Program Files\heels\ny\cd1\NY5009~1.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\ny\cd1\NYLON_~3.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\ny\cd1\NY5809~1.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\ny\cd1\NYLON_~4.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\ny\cd1\NY5019~1.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\ny\cd1\NYLON_~1.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\ny\cd1\NYLON_~2.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\ny\cd1\NY5C19~1.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\ny\cd2\NYLON_~1.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\ny\cd2\NYLON_~2.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\ny\cd2\NYLON_~4.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\ny\cd2\NYDC09~1.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\ny\cd2\NYD019~1.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\ny\cd2\NYD419~1.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\heels\ny\cd2\NYD819~1.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: E:\NOVE\Sd8V55.rar:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: E:\NOVE\VALENT~1.ZIP:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: E:\NOVE\7929VH~1.AVI:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "PCTCore.sys" at address 0xf735b514

#: 047 Function Name: NtCreateProcess
Status: Hooked by "PCTCore.sys" at address 0xf734a282

#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "PCTCore.sys" at address 0xf734a474

#: 063 Function Name: NtDeleteKey
Status: Hooked by "PCTCore.sys" at address 0xf735bd00

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "PCTCore.sys" at address 0xf735bfb8

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "spzw.sys" at address 0xf746bca4

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "spzw.sys" at address 0xf746c032

#: 119 Function Name: NtOpenKey
Status: Hooked by "PCTCore.sys" at address 0xf735a3fa

#: 160 Function Name: NtQueryKey
Status: Hooked by "spzw.sys" at address 0xf746c10a

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "spzw.sys" at address 0xf746bf8a

#: 192 Function Name: NtRenameKey
Status: Hooked by "PCTCore.sys" at address 0xf735c422

#: 247 Function Name: NtSetValueKey
Status: Hooked by "PCTCore.sys" at address 0xf735b7d8

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "PCTCore.sys" at address 0xf7349f32

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x86f671f8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x86c931f8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x86c931f8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x86c931f8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x86c931f8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86c931f8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86c931f8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86c931f8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86c931f8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x86c931f8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86c931f8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x86c931f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE]
Process: System Address: 0x86fd81f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE]
Process: System Address: 0x86fd81f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_READ]
Process: System Address: 0x86fd81f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE]
Process: System Address: 0x86fd81f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86fd81f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86fd81f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86fd81f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86fd81f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_POWER]
Process: System Address: 0x86fd81f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86fd81f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_PNP]
Process: System Address: 0x86fd81f8 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System Address: 0x86ce51f8 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System Address: 0x86ce51f8 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86ce51f8 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86ce51f8 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System Address: 0x86ce51f8 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86ce51f8 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System Address: 0x86ce51f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x86f691f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x86f691f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x86f691f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86f691f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86f691f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86f691f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86f691f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x86f691f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x86f691f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86f691f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x86f691f8 Size: -

Object: Hidden Code [Driver: sys, IRP_MJ_CREATE]
Process: System Address: 0x86c771f8 Size: -

Object: Hidden Code [Driver: sys, IRP_MJ_CLOSE]
Process: System Address: 0x86c771f8 Size: -

Object: Hidden Code [Driver: sys, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86c771f8 Size: -

Object: Hidden Code [Driver: sys, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86c771f8 Size: -

Object: Hidden Code [Driver: sys, IRP_MJ_POWER]
Process: System Address: 0x86c771f8 Size: -

Object: Hidden Code [Driver: sys, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86c771f8 Size: -

Object: Hidden Code [Driver: sys, IRP_MJ_PNP]
Process: System Address: 0x86c771f8 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x86c9e1f8 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x86c9e1f8 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86c9e1f8 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86c9e1f8 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x86c9e1f8 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x86c9e1f8 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x86cb81f8 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x86cb81f8 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86cb81f8 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86cb81f8 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x86cb81f8 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86cb81f8 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x86cb81f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x868c2500 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x868c2500 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x868c2500 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x868c2500 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x868c2500 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x868c2500 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x868c2500 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x868c2500 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x868c2500 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x868c2500 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x868c2500 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x868c2500 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x868c2500 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x868c2500 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x868c2500 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x868c2500 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x868c2500 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x868c2500 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x868c2500 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x868c2500 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x868c2500 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x868c2500 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x868c2500 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x868c2500 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x868c2500 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x868c2500 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x868c2500 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x868c2500 Size: -

Object: Hidden Code [Driver: Cdfsȅఊ祓ₐ¦¦覸, IRP_MJ_CREATE]
Process: System Address: 0x86559500 Size: -

Object: Hidden Code [Driver: Cdfsȅఊ祓ₐ¦¦覸, IRP_MJ_CLOSE]
Process: System Address: 0x86559500 Size: -

Object: Hidden Code [Driver: Cdfsȅఊ祓ₐ¦¦覸, IRP_MJ_READ]
Process: System Address: 0x86559500 Size: -

Object: Hidden Code [Driver: Cdfsȅఊ祓ₐ¦¦覸, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x86559500 Size: -

Object: Hidden Code [Driver: Cdfsȅఊ祓ₐ¦¦覸, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x86559500 Size: -

Object: Hidden Code [Driver: Cdfsȅఊ祓ₐ¦¦覸, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x86559500 Size: -

Object: Hidden Code [Driver: Cdfsȅఊ祓ₐ¦¦覸, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x86559500 Size: -

Object: Hidden Code [Driver: Cdfsȅఊ祓ₐ¦¦覸, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x86559500 Size: -

Object: Hidden Code [Driver: Cdfsȅఊ祓ₐ¦¦覸, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86559500 Size: -

Object: Hidden Code [Driver: Cdfsȅఊ祓ₐ¦¦覸, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86559500 Size: -

Object: Hidden Code [Driver: Cdfsȅఊ祓ₐ¦¦覸, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x86559500 Size: -

Object: Hidden Code [Driver: Cdfsȅఊ祓ₐ¦¦覸, IRP_MJ_CLEANUP]
Process: System Address: 0x86559500 Size: -

Object: Hidden Code [Driver: Cdfsȅఊ祓ₐ¦¦覸, IRP_MJ_PNP]
Process: System Address: 0x86559500 Size: -

Hidden Services
-------------------
Service Name: gxvxcserv.sys
Image Path: C:\WINDOWS\system32\drivers\gxvxcldyujolthipfqjwswwsrtudppetilfot.sys


Offline

Skúsený užívateľ
Skúsený užívateľ
PROSIM POMOZTE S VIRUSOM !!!

Registrovaný: 22.03.07
Prihlásený: 23.06.23
Príspevky: 2096
Témy: 15
Bydlisko: Bratislava V
Príspevok NapísalOffline : 25.05.2009 16:29

Ešte to zopakuj v Services:
Service Name: gxvxcserv.sys
Image Path: C:\WINDOWS\system32\drivers\gxvxcldyujolthipfqjwswwsrtudppetilfot.sys

Reštartni a pošli log.







_________________
DESKTOP: Intel Pentium Dual Core E2180, Gigabyte GA-P31-DS3L, 3GB DDR2 800Mhz, ASUS Radeon HD3650 256MB, ASUS DRW-1608P3S, Hitachi Deskstar T7K250 160GB, Fortron FSP350-60GLN
NTB: HP 510: Intel Celeron M360, 512MB DDR2 533MHz, Intel GMA 900, Hitachi Travelstar 4K120 40GB, Sony CRX880A
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 06.03.09
Prihlásený: 31.03.14
Príspevky: 70
Témy: 17
Príspevok Napísal autor témyOffline : 25.05.2009 16:31

ako v services ? mozes mi to prosim ta podrobnejsie popisat ?


Offline

Skúsený užívateľ
Skúsený užívateľ
PROSIM POMOZTE S VIRUSOM !!!

Registrovaný: 22.03.07
Prihlásený: 23.06.23
Príspevky: 2096
Témy: 15
Bydlisko: Bratislava V
Príspevok NapísalOffline : 25.05.2009 18:39

Prepáč, nepresne som to uviedol. Záložka Hidden Services v RootRepeal. Rovnaký postup odstránenia. Položka:
Service Name: gxvxcserv.sys
Image Path: C:\WINDOWS\system32\drivers\gxvxcldyujolthipfqjwswwsrtudppetilfot.sys







_________________
DESKTOP: Intel Pentium Dual Core E2180, Gigabyte GA-P31-DS3L, 3GB DDR2 800Mhz, ASUS Radeon HD3650 256MB, ASUS DRW-1608P3S, Hitachi Deskstar T7K250 160GB, Fortron FSP350-60GLN
NTB: HP 510: Intel Celeron M360, 512MB DDR2 533MHz, Intel GMA 900, Hitachi Travelstar 4K120 40GB, Sony CRX880A
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 06.03.09
Prihlásený: 31.03.14
Príspevky: 70
Témy: 17
Príspevok Napísal autor témyOffline : 26.05.2009 11:08

br4n0 píše:
Prepáč, nepresne som to uviedol. Záložka Hidden Services v RootRepeal. Rovnaký postup odstránenia. Položka:
Service Name: gxvxcserv.sys
Image Path: C:\WINDOWS\system32\drivers\gxvxcldyujolthipfqjwswwsrtudppetilfot.sys


Prosim ta a je nutne robit toto este ked uz mi idu spustit nejake programy na to svinstvo ? :)


Offline

Skúsený užívateľ
Skúsený užívateľ
PROSIM POMOZTE S VIRUSOM !!!

Registrovaný: 22.03.07
Prihlásený: 23.06.23
Príspevky: 2096
Témy: 15
Bydlisko: Bratislava V
Príspevok NapísalOffline : 27.05.2009 0:54

Bolo by dobré to dokončiť (log už nemusíš posielať). "Anti" nástroje ti zrejme nepomôžu.







_________________
DESKTOP: Intel Pentium Dual Core E2180, Gigabyte GA-P31-DS3L, 3GB DDR2 800Mhz, ASUS Radeon HD3650 256MB, ASUS DRW-1608P3S, Hitachi Deskstar T7K250 160GB, Fortron FSP350-60GLN
NTB: HP 510: Intel Celeron M360, 512MB DDR2 533MHz, Intel GMA 900, Hitachi Travelstar 4K120 40GB, Sony CRX880A
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 06.03.09
Prihlásený: 31.03.14
Príspevky: 70
Témy: 17
Príspevok Napísal autor témyOffline : 27.05.2009 10:16

Help ! Prosim ta mam problem... spravil som to co si mi naposledy kazal no neslo to... Ked som dal force delete tak mi vyhodilo ze could not force-delete file Error code... no a ked som dal wipe file tak vypisalo Could not find file on disk ! DIKY :)


Offline

Skúsený užívateľ
Skúsený užívateľ
PROSIM POMOZTE S VIRUSOM !!!

Registrovaný: 22.03.07
Prihlásený: 23.06.23
Príspevky: 2096
Témy: 15
Bydlisko: Bratislava V
Príspevok NapísalOffline : 27.05.2009 11:33

Môžeš skúsiť GMER. Počkaj na skončenie úvodného skenu, potom klikni na záložku ">>>", klikni na Services, nájdi gxvxcserv.sys, pravý klik a Delete.
GMER možno hodí chybu, ale mal by to vymazať. V podstate to už aj tak nie je kritické, keďže malware bol odstránený.







_________________
DESKTOP: Intel Pentium Dual Core E2180, Gigabyte GA-P31-DS3L, 3GB DDR2 800Mhz, ASUS Radeon HD3650 256MB, ASUS DRW-1608P3S, Hitachi Deskstar T7K250 160GB, Fortron FSP350-60GLN
NTB: HP 510: Intel Celeron M360, 512MB DDR2 533MHz, Intel GMA 900, Hitachi Travelstar 4K120 40GB, Sony CRX880A
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 06.03.09
Prihlásený: 31.03.14
Príspevky: 70
Témy: 17
Príspevok Napísal autor témyOffline : 27.05.2009 13:51

Pocuj a je to nutne robit s tym gmerom v nudzovom rezime ? lebo uz mi to hodinu skenuje... :jaw:


Offline

Skúsený užívateľ
Skúsený užívateľ
PROSIM POMOZTE S VIRUSOM !!!

Registrovaný: 22.03.07
Prihlásený: 23.06.23
Príspevky: 2096
Témy: 15
Bydlisko: Bratislava V
Príspevok NapísalOffline : 27.05.2009 13:53

Nie, netreba v núdzovom režime.







_________________
DESKTOP: Intel Pentium Dual Core E2180, Gigabyte GA-P31-DS3L, 3GB DDR2 800Mhz, ASUS Radeon HD3650 256MB, ASUS DRW-1608P3S, Hitachi Deskstar T7K250 160GB, Fortron FSP350-60GLN
NTB: HP 510: Intel Celeron M360, 512MB DDR2 533MHz, Intel GMA 900, Hitachi Travelstar 4K120 40GB, Sony CRX880A
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 06.03.09
Prihlásený: 31.03.14
Príspevky: 70
Témy: 17
Príspevok Napísal autor témyOffline : 27.05.2009 15:49

no uz som spravil... vypisalo warning ! gmer has found system modification caused by ROOTKIT activity. No potom to tam uz asi neostalo myslim ten virus... hadam to je v pohode... Inak diky moc ze mi radis :)


Odpovedať na tému [ Príspevkov: 29 ] 


Podobné témy

 Témy  Odpovede  Zobrazenia  Posledný príspevok 
V tomto fóre nie sú ďalšie neprečítané témy. Obnova systemu po napadnuti virusom???Prosim pomoc

v Operačné systémy Microsoft

1

626

16.10.2007 12:14

br4n0 Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. pomozte prosim

v ATI/AMD grafické karty

3

664

27.07.2009 12:12

Gonzo Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Pomôžte prosím

v Assembler, C, C++, Pascal, Java

3

733

04.05.2007 22:43

audiotrack Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. pomozte prosim

v PHP, ASP

3

427

26.10.2007 21:13

Tominator Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Pomôžte prosím

v PHP, ASP

12

645

18.09.2007 17:04

stenley Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. prosim pomožte

v Audio programy

2

440

30.10.2013 18:10

tyrus Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Prosim pomozte

v Redakčné systémy

6

645

01.05.2007 1:24

Tom@S Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Chlapi prosim pomozte!!!

[ Choď na stránku:Choď na stránku: 1, 2 ]

v Antivíry a antispywary

35

2577

24.04.2008 20:31

Jaro Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Pomôžte mi, prosím!

v Notebooky a netbooky

13

592

03.07.2012 22:55

Xaltotun Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Prosím pomôžte. RAM

v Pamäte

4

385

16.09.2012 10:25

kristian99 Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Prosim pomozte mi

v Pamäte

4

698

10.02.2008 15:07

Jaro Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Prosím pomôžte mi

v Biosy a ladenie výkonu

4

535

24.11.2010 19:21

adoooo77 Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Prosím pomôžte mi

v Antivíry a antispywary

3

571

16.07.2007 17:01

Rbot Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. AUTOPLAY-- POMOZTE PROSIM...

v Notebooky a netbooky

2

426

18.05.2009 11:24

MORPHIUM Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Pomozte prosim HD 4850

v ATI/AMD grafické karty

2

488

11.01.2009 14:11

myros33 Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Zlé triedenie...prosím pomôžte!!

v Assembler, C, C++, Pascal, Java

22

937

04.05.2010 22:21

klaudia Zobrazenie posledných príspevkov


Nemôžete zakladať nové témy v tomto fóre
Nemôžete odpovedať na témy v tomto fóre
Nemôžete upravovať svoje príspevky v tomto fóre
Nemôžete mazať svoje príspevky v tomto fóre

Skočiť na:  

Powered by phpBB Jarvis © 2005 - 2024 PCforum, webhosting by WebSupport, secured by GeoTrust, edited by JanoF
Ako väčšina webových stránok aj my používame cookies. Zotrvaním na webovej stránke súhlasíte, že ich môžeme používať.
Všeobecné podmienky, spracovanie osobných údajov a pravidlá fóra