Kontrola HJT - problém s připojením na net Vyřešeno

[folty07]

Ahoj,
prosím o kontrolu logu z HJT níže. Mám problém s připojením k netu, pomalé načítání str. a stahování souborů(připojení bych měl mít kolem 4Mb/s), kdy na speed testu mám download pouhých 0,38 Mb/s, ale upload 4,7 Mb/s. Mám obavy z nějaké narušitele.
Děkuji za pomoc

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:23:09, on 13.11.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\nvsvc32.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\windows\system32\RunDll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\windows\system32\RUNDLL32.EXE
C:\windows\system32\ctfmon.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\windows\system32\drivers\KodakCCS.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\windows\system32\PnkBstrA.exe
C:\windows\system32\PnkBstrB.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\windows\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\windows\system32\wscntfy.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: - - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab3.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab2.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/ ... TSUEng.cab
O16 - DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} (Settings Class) - http://adisepo.mfcr.cz/adis/jepo/epo/bin/capicom.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/ ... /CTPID.cab
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Update Service (gupdate1c98a03c5fc91ee) (gupdate1c98a03c5fc91ee) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\windows\system32\drivers\KodakCCS.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\windows\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

--
End of file - 10566 bytes

[Reklama]

[pitimir]

Ahoj.

Stiahni ComboFix, najlepsie na plochu. Vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall. Spust program cez ucet s administratorskymi pravami a postupuj podla instrukcii. Cely sken bude trvat cca 10 minut. Pocas neho moze byt PC restartovane. Log, ktory ComboFix vytvori, najdes na adrese "C:\ComboFix.txt".
Ten vloz sem.

Pozor: Kym ComboFix nevytvori log, na nic neklikat, nic nestlacat !!

[folty07]

Ahoj,

tady to je



ComboFix 09-11-14.03 - Michal 14.11.2009 14:42.3.2 - FAT32x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3070.2533 [GMT 1:00]
Spuštěný z: c:\documents and settings\Michal\Plocha\ComboFix.exe
AV: Eset NOD32 Antivirus 2.70 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Sunbelt Personal Firewall *disabled* {BFD080F6-3BF0-40E1-9507-9CA969C35870}
* Vytvořen nový Bod Obnovení

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Michal\Dokumenty\cc_20080314_2114.reg
c:\windows\system32\ieuinit.inf

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-10-14 do 2009-11-14 )))))))))))))))))))))))))))))))
.

2009-11-10 21:11 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-11-10 21:11 . 2009-09-04 16:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-11-10 21:11 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-11-10 21:11 . 2009-09-04 16:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-11-10 21:11 . 2009-09-04 16:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-11-10 21:11 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-11-10 21:11 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-10-28 09:26 . 2009-10-28 09:26 -------- d-----w- c:\windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-14 13:06 . 2007-11-12 20:02 708526 ----a-w- c:\windows\system32\drivers\fwdrv.err
2009-11-11 22:52 . 2008-03-14 19:34 -------- d-----w- c:\program files\CCleaner
2009-11-10 20:58 . 2007-05-26 12:12 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-28 09:26 . 2007-07-26 18:46 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-25 16:47 . 2001-10-25 13:00 82372 ----a-w- c:\windows\system32\perfc005.dat
2009-10-25 16:47 . 2001-10-25 13:00 437558 ----a-w- c:\windows\system32\perfh005.dat
2009-09-27 17:34 . 2007-07-26 18:46 -------- d-----w- c:\program files\AGEIA Technologies
2009-09-04 16:44 . 2009-05-31 12:20 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-08-30 19:15 . 2007-09-11 20:35 139072 -c--a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-08-30 19:15 . 2007-09-11 20:35 189672 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-08-17 01:04 . 2009-08-17 01:04 2505248 ----a-w- c:\windows\system32\nvcpluir.dll
2009-08-17 01:03 . 2009-08-17 01:03 3674112 ----a-w- c:\windows\system32\nvwssr.dll
2009-08-17 01:03 . 2009-08-17 01:03 4616192 ----a-w- c:\windows\system32\nvvitvsr.dll
2009-08-17 01:03 . 2009-08-17 01:03 2854912 ----a-w- c:\windows\system32\nvmoblsr.dll
2009-08-17 01:03 . 2009-08-17 01:03 4640768 ----a-w- c:\windows\system32\nvgamesr.dll
2009-08-17 01:03 . 2009-08-17 01:03 458752 ----a-w- c:\windows\system32\nvmccssr.dll
2009-08-17 01:03 . 2009-08-17 01:03 8085504 ----a-w- c:\windows\system32\nvdispsr.dll
2009-08-16 22:57 . 2007-05-26 12:20 485920 ----a-w- c:\windows\system32\nvudisp.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 81920]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-03-02 257088]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-11-13 949376]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-29 198160]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-30 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13750272]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-04-30 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2003-12-13 630915]
Kodak software updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe [2003-6-8 16432]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"aawservice"=2 (0x2)
"PnkBstrB"=2 (0x2)
"PnkBstrA"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2009\\3dsmax.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"e:\\Hry\\EA GAMES\\Battlefield 2\\BF2.exe"=
"e:\\Hry\\CAPCOM\\RESIDENT EVIL 5\\RE5DX9.EXE"=
"e:\\Hry\\CAPCOM\\RESIDENT EVIL 5\\RE5DX10.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 13:46 63352]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [26.4.2007 10:21 302000]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [26.4.2007 10:21 72624]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [13.11.2007 22:47 15424]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\kpf4ss.exe [26.4.2007 10:21 1234480]
R3 c65013264;C-Media CM6501 Like Sound UDAX Interface;c:\windows\system32\drivers\c6501.sys [26.5.2007 11:25 1310720]
S2 gupdate1c98a03c5fc91ee;Google Update Service (gupdate1c98a03c5fc91ee);c:\program files\Google\Update\GoogleUpdate.exe [8.2.2009 16:41 133104]
S2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [9.3.2008 23:04 65536]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [18.12.2007 20:33 16512]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - MBR
*NewlyCreated* - PROCEXP113
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
Obsah adresáře 'Naplánované úlohy'

2009-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-08 15:41]

2009-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-08 15:41]

2009-10-02 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-05-03 20:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Michal\Data aplikací\Mozilla\Firefox\Profiles\kidq8r39.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-C6501Sound - c6501.cpl
AddRemove-Ultimate Terrain X - Europe - d:\hry\Microsoft Games\Microsoft Flight Simulator X\UnInstUtEur.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-14 14:51
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys >>UNKNOWN [0x8AC401F8]<<
kernel: MBR read successfully
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-73586283-963894560-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:95,00,33,56,37,6b,ed,75,40,3a,1e,95,0a,a1,ee,1f,f3,c8,c6,53,c5,ba,1e,
bc,4b,76,a0,0a,39,04,36,33,49,02,86,b8,6d,3d,dd,10,34,d6,6d,4a,66,0a,0e,51,\
"??"=hex:69,3e,43,58,9f,64,ba,75,fe,6b,77,07,2a,78,dd,74

[HKEY_USERS\S-1-5-21-73586283-963894560-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:c3,b0,8c,fd,1c,21,53,c9,2e,ae,24,9e,ef,af,3f,45,d3,02,72,18,92,
29,ca,1f,03,20,7b,87,29,b3,cd,e7,ce,56,63,d9,eb,a4,4a,e6,dc,63,ee,19,d0,69,\
"rkeysecu"=hex:a4,ba,3b,5f,28,9b,8d,cb,03,f1,13,d9,34,8f,e8,8f
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(852)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
Celkový čas: 2009-11-14 14:54
ComboFix-quarantined-files.txt 2009-11-14 13:54

Před spuštěním: Volných bajtů: 17 292 738 560
Po spuštění: Volných bajtů: 17 331 429 376

- - End Of File - - C4A3DE24345A65E1C178D80A9E0EE233

[pitimir]

1) Stiahni MbAM. Uloz na plochu, otvor "mbam-setup.exe" a nainstaluj. Updatuj. Potom spravis kompletny scan - co program najde, zmaz. Nasledny log vloz sem.


2) Stiahni RootRepeal. Spustis program, kliknes na "Report" -> "Scan" a zafajknes vsetky polozky. Stlac "OK" a spusti sa scan. Po jeho dokonceni klik na "Save Report" a vzniknuty log skopiruj sem.

[folty07]

Ahoj,

tak log z Mbam

Malwarebytes' Anti-Malware 1.41
Verze databáze: 2775
Windows 5.1.2600 Service Pack 3

14.11.2009 17:18:33
mbam-log-2009-11-14 (17-18-33).txt

Typ kontroly: Kompletní kontrola (C:\|D:\|E:\|)
Zkontrolované objekty: 277042
Uplynulý čas: 57 minute(s), 10 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 2

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
C:\System Volume Information\_restore{835343A4-FC29-4D79-8D35-CAAC9C663BED}\RP70\A0032541.EXE (Trojan.Hacktool) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{835343A4-FC29-4D79-8D35-CAAC9C663BED}\RP70\A0032580.exe (Trojan.Agent) -> Quarantined and deleted successfully.


za chvilku přidám log rootu

[folty07]

a log z root repeal

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/11/14 17:42
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name:
Image Path:
Address: 0x00000000 Size: -2141828160 File Visible: - Signed: -
Status: -

Name: 000.fcl
Image Path: C:\Program Files\CyberLink\PowerDVD\000.fcl
Address: 0xB85FE000 Size: 6656 File Visible: - Signed: -
Status: -

Name: 1394BUS.SYS
Image Path: C:\windows\System32\DRIVERS\1394BUS.SYS
Address: 0xB80B8000 Size: 57344 File Visible: - Signed: -
Status: -

Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xB7E60000 Size: 188288 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: C:\windows\System32\drivers\afd.sys
Address: 0xADD90000 Size: 138496 File Visible: - Signed: -
Status: -

Name: AmdK8.sys
Image Path: C:\windows\system32\DRIVERS\AmdK8.sys
Address: 0xB8218000 Size: 65536 File Visible: - Signed: -
Status: -

Name: amon.sys
Image Path: C:\windows\system32\drivers\amon.sys
Address: 0xA24AE000 Size: 501952 File Visible: - Signed: -
Status: -

Name: arp1394.sys
Image Path: C:\windows\System32\DRIVERS\arp1394.sys
Address: 0xAF896000 Size: 60800 File Visible: - Signed: -
Status: -

Name: ASACPI.sys
Image Path: C:\windows\System32\DRIVERS\ASACPI.sys
Address: 0xB85EC000 Size: 5152 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0xB7DF2000 Size: 98304 File Visible: - Signed: -
Status: -

Name: atksgt.sys
Image Path: C:\windows\system32\DRIVERS\atksgt.sys
Address: 0xA2443000 Size: 272384 File Visible: - Signed: -
Status: -

Name: ATMFD.DLL
Image Path: C:\windows\System32\ATMFD.DLL
Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -
Status: -

Name: audstub.sys
Image Path: C:\windows\System32\DRIVERS\audstub.sys
Address: 0xB87C1000 Size: 3072 File Visible: - Signed: -
Status: -

Name: awootfs9.SYS
Image Path: C:\windows\System32\Drivers\awootfs9.SYS
Address: 0xB5F6C000 Size: 229376 File Visible: - Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\windows\System32\Drivers\Beep.SYS
Address: 0xB85D6000 Size: 4224 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\windows\system32\BOOTVID.dll
Address: 0xB84B8000 Size: 12288 File Visible: - Signed: -
Status: -

Name: c6501.sys
Image Path: C:\windows\system32\drivers\c6501.sys
Address: 0xA993C000 Size: 1617920 File Visible: - Signed: -
Status: -

Name: Cdfs.SYS
Image Path: C:\windows\System32\Drivers\Cdfs.SYS
Address: 0xA3120000 Size: 63744 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\windows\System32\DRIVERS\cdrom.sys
Address: 0xB82A8000 Size: 62976 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\windows\System32\DRIVERS\CLASSPNP.SYS
Address: 0xB8118000 Size: 53248 File Visible: - Signed: -
Status: -

Name: DcCam.sys
Image Path: C:\windows\system32\DRIVERS\DcCam.sys
Address: 0xB417D000 Size: 36864 File Visible: - Signed: -
Status: -

Name: dcfs2k.sys
Image Path: C:\windows\system32\drivers\dcfs2k.sys
Address: 0xB81A8000 Size: 38688 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xB8108000 Size: 36352 File Visible: - Signed: -
Status: -

Name: dmio.sys
Image Path: dmio.sys
Address: 0xB7E0A000 Size: 153856 File Visible: - Signed: -
Status: -

Name: dmload.sys
Image Path: dmload.sys
Address: 0xB85AC000 Size: 5888 File Visible: - Signed: -
Status: -

Name: drmk.sys
Image Path: C:\windows\system32\drivers\drmk.sys
Address: 0xAAA5D000 Size: 61440 File Visible: - Signed: -
Status: -

Name: dump_nvata.sys
Image Path: C:\windows\System32\Drivers\dump_nvata.sys
Address: 0xA277E000 Size: 94208 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\windows\System32\Drivers\dump_WMILIB.SYS
Address: 0xB85DE000 Size: 8192 File Visible: No Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\windows\System32\drivers\Dxapi.sys
Address: 0xA339D000 Size: 12288 File Visible: - Signed: -
Status: -

Name: dxg.sys
Image Path: C:\windows\System32\drivers\dxg.sys
Address: 0xBD000000 Size: 73728 File Visible: - Signed: -
Status: -

Name: dxgthk.sys
Image Path: C:\windows\System32\drivers\dxgthk.sys
Address: 0xB86EA000 Size: 4096 File Visible: - Signed: -
Status: -

Name: EXPORTIT.SYS
Image Path: C:\windows\system32\DRIVERS\EXPORTIT.SYS
Address: 0xADED5000 Size: 151552 File Visible: - Signed: -
Status: -

Name: Fips.SYS
Image Path: C:\windows\System32\Drivers\Fips.SYS
Address: 0xAF876000 Size: 44544 File Visible: - Signed: -
Status: -

Name: fltmgr.sys
Image Path: fltmgr.sys
Address: 0xB7DBB000 Size: 129792 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\windows\System32\Drivers\Fs_Rec.SYS
Address: 0xB85D4000 Size: 7936 File Visible: - Signed: -
Status: -

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xB7E30000 Size: 125184 File Visible: - Signed: -
Status: -

Name: fwdrv.sys
Image Path: C:\windows\system32\drivers\fwdrv.sys
Address: 0xADE6C000 Size: 296320 File Visible: - Signed: -
Status: -

Name: GEARAspiWDM.sys
Image Path: C:\windows\System32\Drivers\GEARAspiWDM.sys
Address: 0xB8478000 Size: 28672 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: C:\windows\system32\hal.dll
Address: 0x806E4000 Size: 134400 File Visible: - Signed: -
Status: -

Name: HIDCLASS.SYS
Image Path: C:\windows\System32\DRIVERS\HIDCLASS.SYS
Address: 0xAAA6D000 Size: 36864 File Visible: - Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\windows\system32\DRIVERS\HIDPARSE.SYS
Address: 0xB4781000 Size: 28672 File Visible: - Signed: -
Status: -

Name: hidusb.sys
Image Path: C:\windows\System32\DRIVERS\hidusb.sys
Address: 0xAC24B000 Size: 10368 File Visible: - Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\windows\System32\Drivers\HTTP.sys
Address: 0xA1D5B000 Size: 264832 File Visible: - Signed: -
Status: -

Name: i8042prt.sys
Image Path: C:\windows\System32\DRIVERS\i8042prt.sys
Address: 0xB82D8000 Size: 52096 File Visible: - Signed: -
Status: -

Name: imapi.sys
Image Path: C:\windows\System32\DRIVERS\imapi.sys
Address: 0xB8298000 Size: 42112 File Visible: - Signed: -
Status: -

Name: ipnat.sys
Image Path: C:\windows\System32\DRIVERS\ipnat.sys
Address: 0xADDB2000 Size: 152832 File Visible: - Signed: -
Status: -

Name: ipsec.sys
Image Path: C:\windows\System32\DRIVERS\ipsec.sys
Address: 0xADE59000 Size: 75264 File Visible: - Signed: -
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xB80C8000 Size: 37248 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\windows\System32\DRIVERS\kbdclass.sys
Address: 0xB8390000 Size: 24576 File Visible: - Signed: -
Status: -

Name: kbdhid.sys
Image Path: C:\windows\system32\DRIVERS\kbdhid.sys
Address: 0xAC243000 Size: 14592 File Visible: - Signed: -
Status: -

Name: KDCOM.DLL
Image Path: C:\windows\system32\KDCOM.DLL
Address: 0xB85A8000 Size: 8192 File Visible: - Signed: -
Status: -

Name: khips.sys
Image Path: C:\windows\system32\drivers\khips.sys
Address: 0xADCA8000 Size: 66944 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: C:\windows\System32\DRIVERS\ks.sys
Address: 0xB67E8000 Size: 143360 File Visible: - Signed: -
Status: -

Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xB7D92000 Size: 92288 File Visible: - Signed: -
Status: -

Name: lirsgt.sys
Image Path: C:\windows\system32\DRIVERS\lirsgt.sys
Address: 0xAA5F3000 Size: 18560 File Visible: - Signed: -
Status: -

Name: mnmdd.SYS
Image Path: C:\windows\System32\Drivers\mnmdd.SYS
Address: 0xB85D8000 Size: 4224 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\windows\System32\DRIVERS\mouclass.sys
Address: 0xB83B0000 Size: 23040 File Visible: - Signed: -
Status: -

Name: mouhid.sys
Image Path: C:\windows\System32\DRIVERS\mouhid.sys
Address: 0xAC23F000 Size: 12160 File Visible: - Signed: -
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xB80D8000 Size: 42368 File Visible: - Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\windows\System32\DRIVERS\mrxdav.sys
Address: 0xA2529000 Size: 180608 File Visible: - Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\windows\System32\DRIVERS\mrxsmb.sys
Address: 0xADCB9000 Size: 455296 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\windows\System32\Drivers\Msfs.SYS
Address: 0xB4771000 Size: 19072 File Visible: - Signed: -
Status: -

Name: msgpc.sys
Image Path: C:\windows\System32\DRIVERS\msgpc.sys
Address: 0xB8318000 Size: 35072 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\windows\System32\DRIVERS\mssmbios.sys
Address: 0xB8588000 Size: 15488 File Visible: - Signed: -
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xB7C71000 Size: 105344 File Visible: - Signed: -
Status: -

Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xB7CC5000 Size: 182656 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\windows\System32\DRIVERS\ndistapi.sys
Address: 0xB856C000 Size: 10112 File Visible: - Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\windows\System32\DRIVERS\ndisuio.sys
Address: 0xACDC4000 Size: 14592 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\windows\System32\DRIVERS\ndiswan.sys
Address: 0xB5F41000 Size: 91520 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\windows\System32\Drivers\NDProxy.SYS
Address: 0xB5A75000 Size: 40576 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: C:\windows\System32\DRIVERS\netbios.sys
Address: 0xAF8B6000 Size: 34688 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: C:\windows\System32\DRIVERS\netbt.sys
Address: 0xADDD8000 Size: 162816 File Visible: - Signed: -
Status: -

Name: nic1394.sys
Image Path: C:\windows\System32\DRIVERS\nic1394.sys
Address: 0xB8168000 Size: 61824 File Visible: - Signed: -
Status: -

Name: nod32drv.sys
Image Path: C:\windows\system32\drivers\nod32drv.sys
Address: 0xB85DC000 Size: 7648 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\windows\System32\Drivers\Npfs.SYS
Address: 0xB0666000 Size: 30848 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xB7CF2000 Size: 574976 File Visible: - Signed: -
Status: -

Name: ntkrnlpa.exe
Image Path: C:\windows\system32\ntkrnlpa.exe
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: C:\windows\System32\Drivers\Null.SYS
Address: 0xB8713000 Size: 2944 File Visible: - Signed: -
Status: -

Name: nv4_disp.dll
Image Path: C:\windows\System32\nv4_disp.dll
Address: 0xBD012000 Size: 5898240 File Visible: - Signed: -
Status: -

Name: nv4_mini.sys
Image Path: C:\windows\system32\DRIVERS\nv4_mini.sys
Address: 0xB5FB8000 Size: 8055584 File Visible: - Signed: -
Status: -

Name: nvata.sys
Image Path: nvata.sys
Address: 0xB7DDB000 Size: 93568 File Visible: - Signed: -
Status: -

Name: NVENETFD.sys
Image Path: C:\windows\System32\DRIVERS\NVENETFD.sys
Address: 0xB5A55000 Size: 34048 File Visible: - Signed: -
Status: -

Name: nvnetbus.sys
Image Path: C:\windows\System32\DRIVERS\nvnetbus.sys
Address: 0xB8558000 Size: 13056 File Visible: - Signed: -
Status: -

Name: NVNRM.SYS
Image Path: C:\windows\System32\DRIVERS\NVNRM.SYS
Address: 0xB679E000 Size: 303104 File Visible: - Signed: -
Status: -

Name: nvoclock.sys
Image Path: C:\WINDOWS\nvoclock.sys
Address: 0xB8616000 Size: 6912 File Visible: - Signed: -
Status: -

Name: NVSNPU.SYS
Image Path: C:\windows\System32\DRIVERS\NVSNPU.SYS
Address: 0xB6767000 Size: 225280 File Visible: - Signed: -
Status: -

Name: ohci1394.sys
Image Path: ohci1394.sys
Address: 0xB80A8000 Size: 61696 File Visible: - Signed: -
Status: -

Name: parport.sys
Image Path: C:\windows\System32\DRIVERS\parport.sys
Address: 0xB5F58000 Size: 80000 File Visible: - Signed: -
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xB8330000 Size: 19712 File Visible: - Signed: -
Status: -

Name: ParVdm.SYS
Image Path: C:\windows\System32\Drivers\ParVdm.SYS
Address: 0xAB175000 Size: 6784 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xB7E4F000 Size: 68736 File Visible: - Signed: -
Status: -

Name: PCI_PNP7410
Image Path: \Driver\PCI_PNP7410
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: pciide.sys
Image Path: pciide.sys
Address: 0xB8670000 Size: 3328 File Visible: - Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\windows\System32\DRIVERS\PCIIDEX.SYS
Address: 0xB8328000 Size: 28672 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: portcls.sys
Image Path: C:\windows\system32\drivers\portcls.sys
Address: 0xA9918000 Size: 147456 File Visible: - Signed: -
Status: -

Name: psched.sys
Image Path: C:\windows\System32\DRIVERS\psched.sys
Address: 0xB5F30000 Size: 69120 File Visible: - Signed: -
Status: -

Name: ptilink.sys
Image Path: C:\windows\System32\DRIVERS\ptilink.sys
Address: 0xB83A0000 Size: 17792 File Visible: - Signed: -
Status: -

Name: PxHelp20.sys
Image Path: PxHelp20.sys
Address: 0xB8128000 Size: 35712 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\windows\System32\DRIVERS\rasacd.sys
Address: 0xB4278000 Size: 8832 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\windows\System32\DRIVERS\rasl2tp.sys
Address: 0xB82E8000 Size: 51328 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\windows\System32\DRIVERS\raspppoe.sys
Address: 0xB82F8000 Size: 41472 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\windows\System32\DRIVERS\raspptp.sys
Address: 0xB8308000 Size: 48384 File Visible: - Signed: -
Status: -

Name: raspti.sys
Image Path: C:\windows\System32\DRIVERS\raspti.sys
Address: 0xB83A8000 Size: 16512 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\windows\System32\DRIVERS\rdbss.sys
Address: 0xADD65000 Size: 175744 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\windows\System32\DRIVERS\RDPCDD.sys
Address: 0xB85DA000 Size: 4224 File Visible: - Signed: -
Status: -

Name: rdpdr.sys
Image Path: C:\windows\System32\DRIVERS\rdpdr.sys
Address: 0xB5F00000 Size: 196224 File Visible: - Signed: -
Status: -

Name: redbook.sys
Image Path: C:\windows\System32\DRIVERS\redbook.sys
Address: 0xB82B8000 Size: 58496 File Visible: - Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\windows\system32\drivers\rootrepeal.sys
Address: 0x9FED7000 Size: 49152 File Visible: No Signed: -
Status: -

Name: SCSIPORT.SYS
Image Path: C:\windows\System32\Drivers\SCSIPORT.SYS
Address: 0xB7E8E000 Size: 98304 File Visible: - Signed: -
Status: -

Name: secdrv.sys
Image Path: C:\windows\System32\DRIVERS\secdrv.sys
Address: 0xB48B6000 Size: 40960 File Visible: - Signed: -
Status: -

Name: serenum.sys
Image Path: C:\windows\System32\DRIVERS\serenum.sys
Address: 0xB8568000 Size: 15744 File Visible: - Signed: -
Status: -

Name: serial.sys
Image Path: C:\windows\System32\DRIVERS\serial.sys
Address: 0xB82C8000 Size: 64256 File Visible: - Signed: -
Status: -

Name: sfdrv01.sys
Image Path: sfdrv01.sys
Address: 0xB7C8B000 Size: 73728 File Visible: - Signed: -
Status: -

Name: sfdrv01a.sys
Image Path: sfdrv01a.sys
Address: 0xB7C9D000 Size: 81920 File Visible: - Signed: -
Status: -

Name: sfhlp02.sys
Image Path: sfhlp02.sys
Address: 0xB8338000 Size: 32768 File Visible: - Signed: -
Status: -

Name: sfsync02.sys
Image Path: sfsync02.sys
Address: 0xB80E8000 Size: 36864 File Visible: - Signed: -
Status: -

Name: sfvfs02.sys
Image Path: sfvfs02.sys
Address: 0xB7CB1000 Size: 81920 File Visible: - Signed: -
Status: -

Name: spof.sys
Image Path: spof.sys
Address: 0xB7EA6000 Size: 1052672 File Visible: No Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: sr.sys
Image Path: sr.sys
Address: 0xB7DA9000 Size: 73344 File Visible: - Signed: -
Status: -

Name: srv.sys
Image Path: C:\windows\System32\DRIVERS\srv.sys
Address: 0xA23A1000 Size: 333952 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: C:\windows\System32\DRIVERS\swenum.sys
Address: 0xB85EE000 Size: 4352 File Visible: - Signed: -
Status: -

Name: sysaudio.sys
Image Path: C:\windows\system32\drivers\sysaudio.sys
Address: 0xA2139000 Size: 60800 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\windows\System32\DRIVERS\tcpip.sys
Address: 0xADE00000 Size: 361600 File Visible: - Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\windows\System32\DRIVERS\TDI.SYS
Address: 0xB8398000 Size: 20480 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: C:\windows\System32\DRIVERS\termdd.sys
Address: 0xB8228000 Size: 40704 File Visible: - Signed: -
Status: -

Name: update.sys
Image Path: C:\windows\System32\DRIVERS\update.sys
Address: 0xB5EA2000 Size: 384768 File Visible: - Signed: -
Status: -

Name: usbccgp.sys
Image Path: C:\windows\System32\DRIVERS\usbccgp.sys
Address: 0xAAC30000 Size: 32128 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\windows\System32\DRIVERS\USBD.SYS
Address: 0xB8662000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\windows\System32\DRIVERS\usbehci.sys
Address: 0xB8470000 Size: 30208 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\windows\System32\DRIVERS\usbhub.sys
Address: 0xB5A65000 Size: 59520 File Visible: - Signed: -
Status: -

Name: usbohci.sys
Image Path: C:\windows\System32\DRIVERS\usbohci.sys
Address: 0xB8468000 Size: 17152 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\windows\System32\DRIVERS\USBPORT.SYS
Address: 0xB680B000 Size: 147456 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: C:\windows\System32\drivers\vga.sys
Address: 0xB4779000 Size: 20992 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\windows\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xB5FA4000 Size: 81920 File Visible: - Signed: -
Status: -

Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xB80F8000 Size: 52480 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\windows\System32\DRIVERS\wanarp.sys
Address: 0xAF8C6000 Size: 34560 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\windows\System32\watchdog.sys
Address: 0xA32EC000 Size: 20480 File Visible: - Signed: -
Status: -

Name: wdmaud.sys
Image Path: C:\windows\system32\drivers\wdmaud.sys
Address: 0xA2094000 Size: 83072 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: C:\windows\System32\win32k.sys
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\windows\System32\Drivers\WMILIB.SYS
Address: 0xB85AA000 Size: 8192 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: ws2ifsl.sys
Image Path: C:\windows\System32\drivers\ws2ifsl.sys
Address: 0xB2409000 Size: 12032 File Visible: - Signed: -
Status: -

Name: WudfPf.sys
Image Path: WudfPf.sys
Address: 0xB7D7F000 Size: 77696 File Visible: - Signed: -
Status: -

[pitimir]

Pravda nebolo zaskrtnutych vsetkych 7 stvorcekov?

[folty07]

Ahoj,

asi jsem trochu blbej, ale jakých sedm čtverečků myslíš? v Root jsem žádné checkboxy neměl viz screen

[pitimir]

Klikni na "Report" a uvidis
V navode je to presne napisane a ked to uz pochopilo XYZ ludi pred tebou, mal by si to zvladnut aj ty :)

[folty07]

no jo nebýt lenivý a troch to proklikat

už mi to došlo, ale nastal další problém, jakmile označím všechny položky a dále pak označím disky na kterých má proběhnout kontrola, PC se sekne a následně se samo restartuje

[pitimir]

Pouzi GMER:
Stiahni GMER, rozbal ho na plochu a spust. Program automaticky zacne scan (po jeho skonceni vloz log c. 1) - pokial pri scanovani nieco najde (=vyskoci nejake upozornenie), klik na "NO" a vpravo zafajknes vsetky polozky OKREM:

• Sections
• IAT/EAT
• Registry
• nesystemovych diskov a particii (system je zvycajne na "C:\" - takze nezaskrtnute nechas "D:\", "E:\"...atd.)
• Show All

Klik na "Scan". Po scane klik na "Save" a log c. 2 vloz sem.

Ak nic nenajde (=nevyskoci nic), zaskrtaj vpravo vsetko a spusti scan. Po jeho ukonceni klik na "Copy" a vloz log c. 2.

[folty07]

tak tady je první log z gmeru


GMER 1.0.15.15227 - http://www.gmer.net
Rootkit quick scan 2009-11-17 14:25:03
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Michal\LOCALS~1\Temp\fxndypog.sys


---- System - GMER 1.0.15 ----

SSDT sphf.sys ZwEnumerateKey [0xB7EC5CA4]
SSDT sphf.sys ZwEnumerateValueKey [0xB7EC6032]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8ACAE1F8

AttachedDevice \FileSystem\Ntfs \Ntfs amon.sys (Amon monitor/Eset )
AttachedDevice \Driver\Tcpip \Device\Ip fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\Tcp fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\Udp fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\RawIp fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)

Device \Driver\nvata -> \Driver\nvata \Device\Harddisk0\DR0 8ACAF1F8

---- EOF - GMER 1.0.15 ----