Panel pre stiahnutie suboru V IE8

[7654321]

tu je 1. log a 2. uz dnes asi nestihnem, lebo ked som ho robil minule, trval asi 3 hodiny, takze racej zajtra. zatial pekne dakujem za pomoc a trpezlivost

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-06-20 22:50:01
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pxtdypow.sys


---- System - GMER 1.0.15 ----

SSDT spyb.sys ZwEnumerateKey [0xF74FCDA4]
SSDT spyb.sys ZwEnumerateValueKey [0xF74FD132]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8AD4D1F8

AttachedDevice \FileSystem\Ntfs \Ntfs tdrpm258.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)

---- EOF - GMER 1.0.15 ----

[7654321]

snazil som sa spravit aj ten druhy log, ale vzdy sa mi po case ukaze: vyskytol sa problem s aplikaciou GMER.exe a je nutne ju ukoncit .....

[riffman]

zkuste to v nouzovem rezimu

[7654321]

po asi 6 hodin dlhom skenovani vam tu davam log

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-21 15:22:53
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pxtdypow.sys


---- Kernel code sections - GMER 1.0.15 ----

.xreloc C:\WINDOWS\system32\drivers\ps7anrjb.sys unknown last section [0xF7876000, 0x9F4, 0x40000040]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs tdrpm258.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 tdrpm258.sys (Acronis Try&Decide Volume Filter Driver/Acronis)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6D 0x07 0x0A 0x15 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x12 0xED 0x55 0x94 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x74 0x12 0xC9 0x86 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9D 0x6A 0xFC 0x63 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x12 0xED 0x55 0x94 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC6 0xB0 0x7F 0x56 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7C 0xC8 0xAA 0x63 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x12 0xED 0x55 0x94 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x3E 0x50 0x77 0x7E ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x2F 0x79 0x4E 0x74 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x5D 0x05 0x17 0x49 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF6 0x98 0xC0 0xBF ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x12 0xED 0x55 0x94 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x74 0x12 0xC9 0x86 ...

---- EOF - GMER 1.0.15 ----

[riffman]

C:\WINDOWS\system32\drivers\ps7anrjb.sys otestujte na VIRUSTOTALu

(navod prosty: po nacteni stranky kliknete na tlacitko Prochazet, najdete cestu k vyse zminenemu souboru a kliknete na tlacitko Odeslat soubor, ignorujte pripadne hlasky, ze soubor byl jiz testovan a provedte sken znova; dejte skenerum nejakych deset minut; vysledek sem vlozte at uz zkopirovanim textu, nebo pripadne vlozenim odkazu po ukonceni skenu)

[7654321]

a-squared 5.0.0.30 2010.06.21 -
AhnLab-V3 2010.06.21.02 2010.06.21 -
AntiVir 8.2.2.6 2010.06.21 -
Antiy-AVL 2.0.3.7 2010.06.18 -
Authentium 5.2.0.5 2010.06.21 -
Avast 4.8.1351.0 2010.06.21 -
Avast5 5.0.332.0 2010.06.21 -
AVG 9.0.0.787 2010.06.21 -
BitDefender 7.2 2010.06.21 -
CAT-QuickHeal 10.00 2010.06.18 -
ClamAV 0.96.0.3-git 2010.06.21 -
Comodo 5175 2010.06.21 -
DrWeb 5.0.2.03300 2010.06.21 -
eSafe 7.0.17.0 2010.06.20 -
eTrust-Vet 36.1.7654 2010.06.21 -
F-Prot 4.6.1.107 2010.06.20 -
F-Secure 9.0.15370.0 2010.06.21 -
Fortinet 4.1.133.0 2010.06.21 -
GData 21 2010.06.21 -
Ikarus T3.1.1.84.0 2010.06.21 -
Jiangmin 13.0.900 2010.06.15 -
Kaspersky 7.0.0.125 2010.06.21 -
McAfee 5.400.0.1158 2010.06.21 -
McAfee-GW-Edition 2010.1 2010.06.21 -
Microsoft 1.5902 2010.06.21 -
NOD32 5215 2010.06.21 -
Norman 6.05.06 2010.06.21 -
nProtect 2010-06-21.01 2010.06.21 -
Panda 10.0.2.7 2010.06.20 -
PCTools 7.0.3.5 2010.06.21 -
Prevx 3.0 2010.06.21 -
Rising 22.53.00.04 2010.06.21 -
Sophos 4.54.0 2010.06.21 -
Sunbelt 6483 2010.06.21 -
Symantec 20101.1.0.89 2010.06.21 -
TheHacker 6.5.2.0.302 2010.06.20 -
TrendMicro 9.120.0.1004 2010.06.21 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.21 -
VBA32 3.12.12.5 2010.06.21 -
ViRobot 2010.6.21.3896 2010.06.21 -
VirusBuster 5.0.27.0 2010.06.21 -
Rozšiřující informace
File size: 68224 bytes
MD5...: f539bbe87f60e9b6b8a6d061ec47d159
SHA1..: 390fed4e82094114d7e720c30bbc51359b3bed79
SHA256: c7c16f9535c23b67aaea452018631d8dd7a777343473ed652596f5229ae163d9
ssdeep: 1536:6B80qmvZ3IdGYRlIQLoqna6y4IZlxLLj7f953ZRO5LBE:6B80qmvZ3IdGYR
vlfEF/f953ZROk

PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x91c0
timedatestamp.....: 0x4725d1cf (Mon Oct 29 12:27:59 2007)
machinetype.......: 0x14c (I386)

( 9 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1154 0x1200 6.18 d3a83ae3f554ccf1b8e364ceb643d548
.rdata 0x3000 0x160d 0x1800 4.79 76f63ccf2c0e26429c1bbf1da745744b
.data 0x5000 0x3cc 0x200 0.63 d2e116575be99730bd600741d4970811
.lisign2 0x6000 0x108 0x200 4.57 db96b18ba18b2cac7e700b09a00255dc
PAGEI 0x7000 0x2202 0x2400 5.34 8e222a3cc7ecb44576b238f294c1363f
PAGE 0xa000 0x872c 0x8800 6.49 be4341ab173bb442363827b2e6f60b8b
.xinit 0x13000 0x12a 0x200 3.37 1fa2be0cc54f8ee2290337d7bd3782a2
.rsrc 0x14000 0x5d8 0x600 3.41 7a278560e24b5d5667c4b92b0e475eb7
.xreloc 0x15000 0x9f4 0xa00 6.14 855c35bbc4a23bda21fe88106b1c8be3

( 1 imports )
> ntoskrnl.exe: MmSystemRangeStart, ZwQuerySystemInformation, ExFreePoolWithTag, ExAllocatePoolWithTag, MmGetSystemRoutineAddress, IoWriteErrorLogEntry, IoAllocateErrorLogEntry, PsGetVersion, KeBugCheckEx

( 0 exports )

RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: 1C
copyright....: (c) 1C
product......: HUMMER 4x4
description..: HUMMER 4x4 Synchronization Driver
original name: ps7anrjb.sys
internal name: ps7anrjb.sys
file version.: 7.06
comments.....: n/a
signers......: Protection Technology, Ltd.
VeriSign Class 3 Code Signing 2004 CA
Class 3 Public Primary Certification Authority
signing date.: 2:25 PM 10/29/2007
verified.....: -

[riffman]

ja tam nikde nic nevidim... zkousel jste IE preinstalovat?

[7654321]

zda sa mi ze sa to uz nestava, a ak ano tak velmi zriedkavo. ak by sa to este vyskytlo, napisem sem do temy. este raz dakujem za pomoc

[riffman]

no nemate zac