VIRY.CZ

Ani na plose ten log ulozeny neni?

Pouze toto:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK

To je presne ono - log s nazvem mbr.txt

Druhy (hlavni) sken z gmeru delate

Jj jede hned to bude

No tim hned bych si nebyl jist - nekterym navstevnikum to trvalo i 4 hodiny

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-16 00:06:12
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Mama\LOCALS~1\Temp\kxrdqpow.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xEE25C6B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xEE25C574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xEE25CA52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xEE25C14C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xEE25C64E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xEE25C08C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xEE25C0F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xEE25C76E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xEE25C72E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xEE25C8AE]

---- Kernel code sections - GMER 1.0.15 ----

? C:\DOCUME~1\Mama\LOCALS~1\Temp\mbr.sys Systém nemůže nalézt uvedený soubor. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[3164] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\WINDOWS\system32\SearchIndexer.exe[3512] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[1156] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002
IAT C:\WINDOWS\system32\services.exe[1156] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----

Tak rootkity tez vyvraceny...co Vam dlouho nacita - plochu?

Me pride ze se to ted dost zrychlilo od pouziti defogger apod...

PC zrychlene je to jste psal jak jsme ho procistili, ale rikate ze se vam dlouho loguje (cca 5 min) - to trva nez se nacte plocha

Jj vyberu ucet a plocha se nacyta dlouho ale jak rikam o 75% se zrychlilo inacitani plochy

Nemate na plose moc slozek a veci - neberu zastupce - to totiz muze tez rapidne zpomalit nacitani

Stahnete SytemLook (viz muj podpis) a ulozte jej na plochu

Do okna vlozte skript nize
Kód: Vybrat vše
```
:dir
%userprofile%\Plocha /sub
```
Kliknete na Look
Tlacitko Look se zmeni na Scanning a zsedne
Pockejte pokud se tlacitko Scanning opet nezmeni na Look - tak poznate ze SystemLook dokoncil svou praci
Vyskoci na Vas log s nazvemSystemLook (pripadne bude ulozen na ploe), jeho obsah mi sem vlozte

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 09:37 on 16/06/2010 by Mama (Administrator - Elevation successful)

========== dir ==========

C:\Documents and Settings\Mama\Plocha - Parameters: "/sub"

---Files---
BSplayer.lnk --a--- 775 bytes [22:57 07/05/2010] [22:57 07/05/2010]
CCleaner.lnk --a--- 1548 bytes [19:52 13/04/2009] [21:08 11/06/2010]
Cute.bin --a--- 659 bytes [07:40 10/11/2000] [07:13 22/12/2000]
Defogger.exe --a--- 50477 bytes [20:46 15/06/2010] [20:46 15/06/2010]
defogger_disable.log --a--- 444 bytes [20:46 15/06/2010] [20:46 15/06/2010]
EVEREST Ultimate Edition.lnk --a--- 787 bytes [19:43 29/01/2010] [19:43 29/01/2010]
FixDownadup.exe --a--- 2269056 bytes [20:09 13/04/2009] [20:09 13/04/2009]
Format Factory.lnk --a--- 851 bytes [14:13 14/12/2009] [14:13 14/12/2009]
full.pls --a--- 867 bytes [10:00 16/08/2009] [10:00 16/08/2009]
gmer.exe --a--- 293376 bytes [20:57 15/06/2010] [09:24 15/12/2009]
IrfanView.lnk --a--- 685 bytes [11:09 07/09/2009] [11:09 07/09/2009]
Kalkulačka (2).lnk --a--- 1498 bytes [08:32 19/04/2009] [08:32 19/04/2009]
mbam-log-2010-06-15 (21-34-12).txt --a--- 1310 bytes [19:34 15/06/2010] [19:34 15/06/2010]
mbr.exe --a--- 77312 bytes [20:53 15/06/2010] [20:53 15/06/2010]
mbr.log --a--- 298 bytes [20:54 15/06/2010] [21:03 15/06/2010]
Microsoft Office Word 2003.lnk --a--- 2561 bytes [11:55 26/04/2009] [08:10 05/11/2009]
Mp3 Editor for Free.lnk --a--- 725 bytes [14:01 14/12/2009] [14:01 14/12/2009]
Ovládací panely.lnk --a--- 124 bytes [19:24 13/04/2009] [19:24 13/04/2009]
QIP Infium.lnk --a--- 676 bytes [10:32 13/10/2009] [10:32 13/10/2009]
SpeedFan.lnk --a--- 682 bytes [21:53 24/07/2009] [21:53 24/07/2009]
Spybot - Search & Destroy.lnk --a--- 933 bytes [09:14 19/07/2009] [09:14 19/07/2009]
SystemLook.exe --a--- 100908 bytes [07:11 16/06/2010] [07:11 16/06/2010]
SystemLook.txt --a--- 0 bytes [07:36 16/06/2010] [07:37 16/06/2010]
TFC.exe --a--- 444416 bytes [18:26 15/06/2010] [18:26 15/06/2010]
Total Commander.lnk --a--- 548 bytes [20:38 13/04/2009] [20:38 13/04/2009]
VNC Viewer 4.lnk --a--- 695 bytes [11:31 16/08/2009] [11:31 16/08/2009]
winsockxpfix.exe --a--- 1445888 bytes [20:08 13/04/2009] [20:08 13/04/2009]
Zástupce - E-mail.lnk --a--- 104 bytes [17:36 01/05/2009] [17:36 01/05/2009]
Zástupce - StrongDC.lnk --a--- 610 bytes [10:11 26/04/2009] [10:11 26/04/2009]

C:\Documents and Settings\Mama\Plocha\Hry d----- [12:19 05/06/2010]
ParadisePoker.lnk --a--- 544 bytes [20:13 30/06/2009] [20:13 30/06/2009]
Play Project IGI.lnk --a--- 659 bytes [12:36 16/11/2009] [12:36 16/11/2009]
WD_II.exe.lnk --a--- 512 bytes [17:54 24/05/2010] [17:54 24/05/2010]
World of Warcraft.lnk --a--- 581 bytes [14:38 31/01/2010] [15:03 31/01/2010]
Zuma Deluxe.lnk --a--- 525 bytes [08:42 12/10/2009] [08:42 12/10/2009]

-=End Of File=-

Plocha vypada tez cista, pouze drobnosti

Spybot - Search & Destroy doporucuji odinstalovat - ma uz nejlepsi leta za sebou

Co jste provadel s winsockxpfix.exe

a na co jste pouzival FixDownadup.exe

gmer, mbr a systemlook a s nimi spojene logy muzete smazat

- co tedy misto spybota?
- ty programy co jste zminoval jsou z drivejsiho cisteni od Vaseho kolegy jeste sem je nesmaz, ale sam je nepouzivam

Takze je taktez smazte

Nahrada Spybota

Spyware Terminator - info o nem http://www.viry.cz/forum/viewtopic.php?f=29&t=44730
SuperAntiSpyare - info o nem http://www.viry.cz/forum/viewtopic.php?f=29&t=51359
Samozrejme pouzivejte jen jeden z nich

Jinak PC je z me strany cisty, nemam tucha co muze zpomalovat to logovani

VIRY.CZ

Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu