Prosím o kontrolu, spomalený PC

[slejdo]

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-07-10 22:22:23
Windows 5.1.2600 Service Pack 2
Running: gmaer.exe; Driver: C:\DOCUME~1\GTX\LOCALS~1\Temp\fxrdapow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----

[vyosek]

Prave na odhaleni tech rootkitu pracujem
Jeste poprosim o druhy log z gmeru - ten hlavni...Ale log z mbr vypada dobre a pritom log z CF rika neco jineho...no ale pockam na druhy log z gmeru...

[vyosek]

Dle meho jste spatne spustil mbr.exe

Stahnete, ale nespoustejte MBR na plochu http://www2.gmer.net/mbr/mbr.exe

Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R

• Vyskoci na Vas okenko, do ktereho zkopirujte text nize

• Kód: Vybrat vše

  "%userprofile%\plocha\mbr" -t

• Kliknete na OK
• Na plose se Vam vytvori log s nazvem mbr.txt, jeho obsah mi sem vlozte

Je nutne dat pozor at do okenka zkopirujete cely text Pri minulem spusteni jste tam zapomel na to -t, takze prosim o dukladnost

[slejdo]

Píše mi, že tento odkaz sa nevzťahuje na umiestnenie.......

[vyosek]

Jaaj, pane je vlastne zo Slovenska, brat, ja zabudol

Tohle by melo fungovat

Kód: Vybrat vše

"%userprofile%\desktop\mbr" -t

[slejdo]

Jó, jo, já jsem ze Slovenska

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys viaide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK

[vyosek]

Ok, jeste tedy logy z gmeru

[slejdo]

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-12 15:55:58
Windows 5.1.2600 Service Pack 2
Running: j0mtl5of.exe; Driver: C:\DOCUME~1\GTX\LOCALS~1\Temp\fxrdapow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xB64FA300, 0x3ACC8, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xF8925300, 0x1B7E, 0xE8000020]
pnidata C:\WINDOWS\system32\DRIVERS\secdrv.sys unknown last section [0xB6485F00, 0x24000, 0x48000000]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

[vyosek]

Ok, jeste tedy druhy (hlavni) log z gmeru...pokud se gmer sekne, tak jej spustte v nouzovem rezimu

[slejdo]

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-12 21:51:20
Windows 5.1.2600 Service Pack 2
Running: z.exe; Driver: C:\DOCUME~1\GTX\LOCALS~1\Temp\fxrdapow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xB9812300, 0x3ACC8, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xF8A6D300, 0x1B7E, 0xE8000020]
pnidata C:\WINDOWS\system32\DRIVERS\secdrv.sys unknown last section [0xB97C5F00, 0x24000, 0x48000000]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

[slejdo]

Dal som zaškrtnúť všetky možnosti napravo a vyhodilo mi len tento log...

[vyosek]

OK, logy jsou v poradku...ComboFix mel falesny poplach jelikoz tam byly emulatory virtualnich mechanik a ty to zkreslily...

Jsou s PC nejake problemy

[slejdo]

Zatiaľ musím 3x poklopať, nie.. Akurát som si všimol, že nemám na lište panel jazykov napriek tomu, že mám ho zaškrtnutý tak, že by tam mal byť...

[vyosek]

Zkuste tento navod http://www.pcpomocnik.cz/c/windows-tipy ... jazyku.htm

[slejdo]

Ďakujem vám veľmi pekne, všetko fachčí ako má, veľmi ste mi pomohli.. ďakujem