Neidentifikovatelný virus (?)

bledulka · Příspěvekod **bledulka** » 30 črc 2010 14:13

Uvidíme, co najde AVPtool.
Takže s eozve hned jak se dostaneš do svého učtu?
Zkus, jestli to dělá i v nouzovém režimu.

Reklama

La_miczka · Příspěvekod **La_miczka** » 30 črc 2010 18:17

AVPtool mi žádný *.txt log nenabídl, jediný výpis je přímo v softwaru:

(pozn: AVPtool chtěl být spuštěn v nouzovém režimu, tak jsme mu vyhověl. nevím, jestli to je problém).

-hlas se ozve někdy hned jak se dostanu do profilu, někdy až po chvíli
-v nouzovém režimu ho neslyším neb je z provozu vyřazeno zvukové zařízení

Příspěvekod **jaro3** » 30 črc 2010 19:50

Pozn. BitDefender Online Scan může být užíván pouze prostřednictvím Internet Exploreru.

Spusť BitDefender Online Scan

Klikni na I Agree.
Nainstaluj si prosím addony , pokud to bude vyžadováno.
Klikni na START Scan
Nech aktualizovat virovou databázi. Poté se spustí automaticky sken všech souborů a složek.
Je-li nalezena infekce , pokusí se program o její dezinfekci/smazání .
Po skenu klikni na More Detail >>
Jdi k Detected Problems tabulce a klikni na Click here to export the scan report.
Ulož si report jako .html na svojí plochu. Zkopíruj celý text a vlož do pozn. bloku ( notepadu). Ulož si výsledek do pozn. bloku a vlož sem celý jeho obsah.

La_miczka · Příspěvekod **La_miczka** » 30 črc 2010 23:28

log BitDefender Online Scanner

Scan report generated at: Fri, Jul 30, 2010 - 22:55:51

Scan path: A:\;C:\;D:\;E:\;F:\;G:\;

Statistics

Time
01:22:26
Files
319223
Folders
8520
Boot Sectors
0
Archives
2269
Packed Files
28761

Results
Identified Viruses
3
Infected Files
5
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
4

Engines Info

Virus Definitions
6195142
Engine build
AVCORE v2.1 Windows/i386 11.0.0.33 (Jun 18 2010)
Scan plugins
18
Archive plugins
44
Unpack plugins
10
E-mail plugins
6
System plugins
4
Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions

Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes

Scanned File
Status

C:\Program Files\XoftSpy\Quarantine\Quarantine07-11-2005-12-25-28.xpy=>(Embedded EXE g)
Detected with: Adware.Whenu.Whenusearch.F

C:\Program Files\XoftSpy\Quarantine\Quarantine07-11-2005-12-25-28.xpy=>(Embedded EXE g)
Disinfection failed

C:\Program Files\XoftSpy\Quarantine\Quarantine07-11-2005-12-25-28.xpy=>(Embedded EXE g)
Delete failed

C:\Qoobox\Quarantine\C\Program Files\Mozilla Firefox\plugins\npclntax.dll.vir
Detected with: Application.Generic.184421

C:\Qoobox\Quarantine\C\Program Files\Mozilla Firefox\plugins\npclntax.dll.vir
Disinfection failed

C:\Qoobox\Quarantine\C\Program Files\Mozilla Firefox\plugins\npclntax.dll.vir
Deleted

C:\System Volume Information\_restore{5894495E-EBF0-411E-96B2-5C64AC5AEB89}\RP1220\A0257464.dll
Detected with: Application.Generic.184421

C:\System Volume Information\_restore{5894495E-EBF0-411E-96B2-5C64AC5AEB89}\RP1220\A0257464.dll
Disinfection failed

C:\System Volume Information\_restore{5894495E-EBF0-411E-96B2-5C64AC5AEB89}\RP1220\A0257464.dll
Deleted

C:\System Volume Information\_restore{5894495E-EBF0-411E-96B2-5C64AC5AEB89}\RP1223\A0258269.sys
Infected with: Rootkit.Bagle.K

C:\System Volume Information\_restore{5894495E-EBF0-411E-96B2-5C64AC5AEB89}\RP1223\A0258269.sys
Deleted

C:\WINDOWS\system32\drivers\uti4mty3.sys
Infected with: Rootkit.Bagle.K

C:\WINDOWS\system32\drivers\uti4mty3.sys
Deleted

EDIT: pořád mele...

Příspěvekod **jaro3** » 30 črc 2010 23:29

Já musím končit , možná pomůže bledulka , já až zítra...

bledulka · Příspěvekod **bledulka** » 31 črc 2010 00:02

Zajímavé

Stáhni http://rootrepeal.googlepages.com/RootRepeal.zip
-rozbal a spusť
- postupně udělej všechny záložky
-proběhne sken, po něm klikni na Save Report , tím se uloží log, který zkopíruješ sem

Příspěvekod **jaro3** » 31 črc 2010 09:15

Až uděláš rootrepeal , tak ještě tohle, nákazy pak smažeme v něm:

Stáhni si OTL
na plochu. Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Výstup klikni na minimální výstup.Pod Běžné registry změň na Vše. Zatrhni Kontrola na havěť “LOP“ a Kontrola na havěť “ Purity“ . Klikni na Prohledat. Všechny ostatní nastavení ponech jak jsou. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt
Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj.

La_miczka · Příspěvekod **La_miczka** » 31 črc 2010 18:07

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/07/31 17:53
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: 00000040
Image Path: \Driver\00000040
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: azemplr4.SYS
Image Path: C:\WINDOWS\System32\Drivers\azemplr4.SYS
Address: 0xF68A1000 Size: 303104 File Visible: No Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB2586000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7BBD000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xF785F000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\RootRepeal report 07-31-10 (17-53-02).txt
Status: Visible to the Windows API, but not on disk.

Path: c:\documents and settings\maik2\data aplikací\skype\etilqs_zcxsh4ecqb9x6kzvhxvf
Status: Allocation size mismatch (API: 65536, Raw: 32768)

SSDT
-------------------
#: 025 Function Name: NtClose
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb25a66b8

#: 037 Function Name: NtCreateFile
Status: Hooked by "C:\WINDOWS\system32\drivers\fwdrv.sys" at address 0xb27b2552

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb25a6574

#: 047 Function Name: NtCreateProcess
Status: Hooked by "C:\WINDOWS\system32\drivers\fwdrv.sys" at address 0xb27b1a1a

#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "C:\WINDOWS\system32\drivers\fwdrv.sys" at address 0xb27b1910

#: 053 Function Name: NtCreateThread
Status: Hooked by "C:\WINDOWS\system32\drivers\fwdrv.sys" at address 0xb27b1f2a

#: 062 Function Name: NtDeleteFile
Status: Hooked by "C:\WINDOWS\system32\drivers\fwdrv.sys" at address 0xb27b3034

#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\system32\drivers\fwdrv.sys" at address 0xb27aed54

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb25a6a52

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb25a614c

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "sptd.sys" at address 0xf757d84c

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "sptd.sys" at address 0xf757dbec

#: 097 Function Name: NtLoadDriver
Status: Hooked by "C:\WINDOWS\system32\drivers\khips.sys" at address 0xb260ff64

#: 108 Function Name: NtMapViewOfSection
Status: Hooked by "C:\WINDOWS\system32\drivers\khips.sys" at address 0xb261024a

#: 116 Function Name: NtOpenFile
Status: Hooked by "C:\WINDOWS\system32\drivers\fwdrv.sys" at address 0xb27b2906

#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb25a664e

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb25a608c

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb25a60f0

#: 160 Function Name: NtQueryKey
Status: Hooked by "sptd.sys" at address 0xf757dcc4

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb25a676e

#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb25a672e

#: 206 Function Name: NtResumeThread
Status: Hooked by "C:\WINDOWS\system32\drivers\fwdrv.sys" at address 0xb27b20dc

#: 224 Function Name: NtSetInformationFile
Status: Hooked by "C:\WINDOWS\system32\drivers\fwdrv.sys" at address 0xb27b2ce0

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb25a68ae

#: 274 Function Name: NtWriteFile
Status: Hooked by "C:\WINDOWS\system32\drivers\fwdrv.sys" at address 0xb27b2bb2

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x873bd1d8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x873bd1d8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x873bd1d8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x873bd1d8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x873bd1d8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x873bd1d8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x873bd1d8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x873bd1d8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x873bd1d8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x873bd1d8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x873bd1d8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x873bd1d8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x873bd1d8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x873bd1d8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x873bd1d8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x873bd1d8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x873bd1d8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x873bd1d8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x873bd1d8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x873bd1d8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x873bd1d8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x873bd1d8 Size: 463

Object: Hidden Code [Driver: azemplr4Ѕఎ敓摓耄H, IRP_MJ_CREATE]
Process: System Address: 0x871341d8 Size: 463

Object: Hidden Code [Driver: azemplr4Ѕఎ敓摓耄H, IRP_MJ_CLOSE]
Process: System Address: 0x871341d8 Size: 463

Object: Hidden Code [Driver: azemplr4Ѕఎ敓摓耄H, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x871341d8 Size: 463

Object: Hidden Code [Driver: azemplr4Ѕఎ敓摓耄H, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x871341d8 Size: 463

Object: Hidden Code [Driver: azemplr4Ѕఎ敓摓耄H, IRP_MJ_POWER]
Process: System Address: 0x871341d8 Size: 463

Object: Hidden Code [Driver: azemplr4Ѕఎ敓摓耄H, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x871341d8 Size: 463

Object: Hidden Code [Driver: azemplr4Ѕఎ敓摓耄H, IRP_MJ_PNP]
Process: System Address: 0x871341d8 Size: 463

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x8715c980 Size: 463

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x8715c980 Size: 463

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x8715c980 Size: 463

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x8715c980 Size: 463

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8715c980 Size: 463

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8715c980 Size: 463

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8715c980 Size: 463

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8715c980 Size: 463

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x8715c980 Size: 463

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8715c980 Size: 463

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x8715c980 Size: 463

Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE]
Process: System Address: 0x873521d8 Size: 463

Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE]
Process: System Address: 0x873521d8 Size: 463

Object: Hidden Code [Driver: dmio, IRP_MJ_READ]
Process: System Address: 0x873521d8 Size: 463

Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE]
Process: System Address: 0x873521d8 Size: 463

Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x873521d8 Size: 463

Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x873521d8 Size: 463

Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x873521d8 Size: 463

Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN]
Process: System Address: 0x873521d8 Size: 463

Object: Hidden Code [Driver: dmio, IRP_MJ_POWER]
Process: System Address: 0x873521d8 Size: 463

Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x873521d8 Size: 463

Object: Hidden Code [Driver: dmio, IRP_MJ_PNP]
Process: System Address: 0x873521d8 Size: 463

Object: Hidden Code [Driver: usbohci, IRP_MJ_CREATE]
Process: System Address: 0x8719b1d8 Size: 463

Object: Hidden Code [Driver: usbohci, IRP_MJ_CLOSE]
Process: System Address: 0x8719b1d8 Size: 463

Object: Hidden Code [Driver: usbohci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8719b1d8 Size: 463

Object: Hidden Code [Driver: usbohci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8719b1d8 Size: 463

Object: Hidden Code [Driver: usbohci, IRP_MJ_POWER]
Process: System Address: 0x8719b1d8 Size: 463

Object: Hidden Code [Driver: usbohci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8719b1d8 Size: 463

Object: Hidden Code [Driver: usbohci, IRP_MJ_PNP]
Process: System Address: 0x8719b1d8 Size: 463

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x873bf1d8 Size: 463

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x873bf1d8 Size: 463

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x873bf1d8 Size: 463

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x873bf1d8 Size: 463

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x873bf1d8 Size: 463

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x873bf1d8 Size: 463

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x873bf1d8 Size: 463

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x873bf1d8 Size: 463

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x873bf1d8 Size: 463

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x873bf1d8 Size: 463

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x873bf1d8 Size: 463

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x869001d8 Size: 463

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x869001d8 Size: 463

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x869001d8 Size: 463

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x869001d8 Size: 463

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x869001d8 Size: 463

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x869001d8 Size: 463

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x871b71d8 Size: 463

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x871b71d8 Size: 463

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x871b71d8 Size: 463

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x871b71d8 Size: 463

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x871b71d8 Size: 463

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x871b71d8 Size: 463

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x871b71d8 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x8663c1d8 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x8663c1d8 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x8663c1d8 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x8663c1d8 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x8663c1d8 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8663c1d8 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8663c1d8 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x8663c1d8 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x8663c1d8 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8663c1d8 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8663c1d8 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8663c1d8 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8663c1d8 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8663c1d8 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8663c1d8 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8663c1d8 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8663c1d8 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8663c1d8 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x8663c1d8 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x8663c1d8 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8663c1d8 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8663c1d8 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x8663c1d8 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8663c1d8 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x8663c1d8 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8663c1d8 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8663c1d8 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x8663c1d8 Size: 463

Object: Hidden Code [Driver: Cdfsȅఅ瑁䅭꟠쀆ࠁFileNa, IRP_MJ_CREATE]
Process: System Address: 0x87027348 Size: 463

Object: Hidden Code [Driver: Cdfsȅఅ瑁䅭꟠쀆ࠁFileNa, IRP_MJ_CLOSE]
Process: System Address: 0x87027348 Size: 463

Object: Hidden Code [Driver: Cdfsȅఅ瑁䅭꟠쀆ࠁFileNa, IRP_MJ_READ]
Process: System Address: 0x87027348 Size: 463

Object: Hidden Code [Driver: Cdfsȅఅ瑁䅭꟠쀆ࠁFileNa, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x87027348 Size: 463

Object: Hidden Code [Driver: Cdfsȅఅ瑁䅭꟠쀆ࠁFileNa, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x87027348 Size: 463

Object: Hidden Code [Driver: Cdfsȅఅ瑁䅭꟠쀆ࠁFileNa, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x87027348 Size: 463

Object: Hidden Code [Driver: Cdfsȅఅ瑁䅭꟠쀆ࠁFileNa, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x87027348 Size: 463

Object: Hidden Code [Driver: Cdfsȅఅ瑁䅭꟠쀆ࠁFileNa, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x87027348 Size: 463

Object: Hidden Code [Driver: Cdfsȅఅ瑁䅭꟠쀆ࠁFileNa, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x87027348 Size: 463

Object: Hidden Code [Driver: Cdfsȅఅ瑁䅭꟠쀆ࠁFileNa, IRP_MJ_SHUTDOWN]
Process: System Address: 0x87027348 Size: 463

Object: Hidden Code [Driver: Cdfsȅఅ瑁䅭꟠쀆ࠁFileNa, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x87027348 Size: 463

Object: Hidden Code [Driver: Cdfsȅఅ瑁䅭꟠쀆ࠁFileNa, IRP_MJ_CLEANUP]
Process: System Address: 0x87027348 Size: 463

Object: Hidden Code [Driver: Cdfsȅఅ瑁䅭꟠쀆ࠁFileNa, IRP_MJ_PNP]
Process: System Address: 0x87027348 Size: 463

==EOF==

Příspěvekod **jaro3** » 31 črc 2010 21:46

Vymaž karanténu u XoftSpy\Quarantine

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG či Avast, následně T-Cleaner smaž a zapni si AVG či Avast.

**************************************************************************************************************************************

Udělej pak OTL , viz výše.

PinHole · Příspěvekod **PinHole** » 31 črc 2010 22:26

Jestli se muzu pripojit do tematu. Jiz jsem objevil mnoho programu, ktere misto signalu pouzivaji mluveni, abych pravdu rek, je mi to neprijemne a kdybych mel tvoje PC tak by asi jiz letelo z okna.
Zkus si projit programy ktere mas nainstalovane, treba tam mas nejaky podivny antivirak na ktery si postupem casu zapomel a on jede v pozadi. V logach co jsi sem dal se nevyznam, takze me omluvte jestli melu pitomosti, jinak, pokud se PC krom tohodle chova normalne tak to muze byt pouze zertovny program, podivej se do Startu na programy po spusteni, nebo zkus najit obnovitelny bod ktery by souhlasil s datem, kdy bylo vse v poradku.

Příspěvekod **Pic** » 31 črc 2010 22:59

Po přečtení celého topicu se též domnívám, že příčinou je instalovaný program a ne vir, či jiná "potvora".

Příspěvekod **jaro3** » 01 srp 2010 08:51

spusť HJT , klikni na Open the misc tools section-klikni pak na open uninstall manager.
, pak klikni na save list , ulož si ho do dokumentů a zkopíruj sem celý jeho obsah.
+
Udělej ten OTL.

Neidentifikovatelný virus (?)

Re: Neidentifikovatelný virus (?)

Re: Neidentifikovatelný virus (?)

Re: Neidentifikovatelný virus (?)

Re: Neidentifikovatelný virus (?)

Re: Neidentifikovatelný virus (?)

Re: Neidentifikovatelný virus (?)

Re: Neidentifikovatelný virus (?)

Re: Neidentifikovatelný virus (?)

Re: Neidentifikovatelný virus (?)

Re: Neidentifikovatelný virus (?)

Re: Neidentifikovatelný virus (?)

Re: Neidentifikovatelný virus (?)

Kdo je online