Poškodené služby po štarte a problém s ESETom

[Budovi]

Takže dobrá správa je, že systém je v stave dva dni dozadu.
Zlá správa je že som v núdzovom režime, pretože vtedy ten problém začal. Ale možno poriešime viac, tu je log z RSIT:

---Posledný log nižšie---

Symptómy:
Po štarte sa nezapne ESS, sidebar.exe a nejde spustiť žiaden program.

[Budovi]

Takže žiadne nápady?

Ja sa len spýtam, čo s týmto súborom čo ComboFix prvý krát zmazal, teraz ho tu nevidím ale možno sa skrýva

C:\windows\system32\FD.dll

[chodnik74]

mrknu na to večer momentálně jsem mimo domov

[Budovi]

Ja sa nikam neponáhľam len som to teda nevydržal a "bavil sa sám"

No a vyzerá že som si celkom poradil, ale od posledných logov sa toho veľa zmenilo, takže by som ich nepovažoval za aktuálne.

Spustil som druhýkrát Combofix (kvôli tomu súboru) a opäť ho odmazal, log priložím ale aj od neho sa veľa zmenilo (hlavne poriadok v registroch) takže jedine ak je tam nejaká potvorka tak už len tie by mali ísť preč, tie odtiaľ (zatiaľ) nevylúštim

Takže windows defender funkčný, firewall tiež, eset by mal byť komplet v keli, zatiaľ som nenahodil AV (stále váham ktorý), sidebar aj plocha je už OK

Mám (mal som) jeden problém ktorý akoby sa sám vytratil, a to je poškodzovanie súborov (spúšťal som chkdsk v režime opráv PC, z windowsu ani ten nešiel , medzitým mi dvakrát odrovnalo CCleaner a Firefiox) a tak sem hodím ešte teda preventívny LOG, ale našťastie je všetko momentálne OK a mám porobenú novú HDD zálohu

A ináč... Toto je ten súbor čo sa nepáčil ComboFix: http://www.virustotal.com/file-scan/rep ... 1310307980

[Budovi]

Aktuálny RSIT LOG.txt
a INFO.TXT

Edit: zistil som že ten CF log je poškodený, takže nebude

[chodnik74]

Zdravím...

takže C:\ComboFix.txt tento soubor tu nemáte? je to log z CF

V logu nic zákeřného nevidím,jen neplatné hodnoty,ale to teď nemá cenu opravovat,když máme problémy jinde

Viděl bych to následovně..

1)Mrkneme,jak je to na HDD

Stáhněte si CrystalDiskInfo

• Nainstalujte a spuste
• Klikněte na Úpravy-Kopírovat
• A pak sem vložte pomocí CTRL+V

2)Poté udělejte logy z GMER,návod najdete v mém podpisu

Kolegové radili opravnou instalaci windows,ale to necháme až jako poslední

[Budovi]

No CrystalDisk som len teraz odinštaloval v rámci čistenia, je to OK, žiadne chyby čítania a ani zapisovania, žiadne sektory realokované, len nejaké údaje o teplote (tá je OK) a počítadlá tam nič netypické, nechce sa mi to zas trepať do PC ale ak na tom trváte

Gmer vykonám, ale mám taký pocit že to ani nebude nákaza ale proste... nejaká chyba, prečo sa tak dokašľal systém súborov neviem ale je to divné

[Budovi]

prvý log je čisto ani čiarka pre ten druhý sa nedá zaškrtnúť nič okrem toho čo je... čo robím zle?

[chodnik74]

Poprosím o tel log z Crystaldisku

U gmeru nechte jen to co je

[Budovi]

----------------------------------------------------------------------------
CrystalDiskInfo 4.0.2 (C) 2008-2011 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows 7 Home Premium Edition SP1 [6.1 Build 7601] (x64)
Date : 2011/07/10 21:22:03

-- Controller Map ----------------------------------------------------------
+ ATA Channel 0 (0) [ATA]
- Hitachi HTS545050B9A300 ATA Device
+ ATA Channel 2 (2) [ATA]
- PIONEER DVD-RW DVRTD10RS ATA Device
+ Intel(R) 6 Series/C200 Series Chipset Family 6 Port SATA AHCI Controller - 1C03 [ATA]
- ATA Channel 0 (0)
- ATA Channel 2 (2)
- StarPort Storage Controller (Lite) [SCSI]

-- Disk List ---------------------------------------------------------------
(1) Hitachi HTS545050B9A300 : 500.1 GB [0-0-0, pd1]

----------------------------------------------------------------------------
(1) Hitachi HTS545050B9A300
----------------------------------------------------------------------------
Model : Hitachi HTS545050B9A300
Firmware : PB4OC60F
Serial Number : 110109PBN403M7DXZL1E
Disk Size : 500.1 GB (8.4/137.4/500.1)
Buffer Size : 7208 KB
Queue Depth : 32
# of Sectors : 976773168
Rotation Rate : 5400 RPM
Interface : Serial ATA
Major Version : ATA8-ACS
Minor Version : ATA8-ACS version 6
Transfer Mode : SATA/300
Power On Hours : 714 hours
Power On Count : 558 count
Temparature : 37 C (98 F)
Health Status : Good
Features : S.M.A.R.T., APM, AAM, 48bit LBA, NCQ
APM Level : 4080h [ON]
AAM Level : 80FEh [OFF]

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 100 100 _62 000000000000 Read Error Rate
02 100 100 _40 000000000000 Throughput Performance
03 147 147 _33 001500000002 Spin-Up Time
04 100 100 __0 000000000237 Start/Stop Count
05 100 100 __5 000000000000 Reallocated Sectors Count
07 100 100 _67 000000000000 Seek Error Rate
08 100 100 _40 000000000000 Seek Time Performance
09 _99 _99 __0 0000000002CA Power-On Hours
0A 100 100 _60 000000000000 Spin Retry Count
0C 100 100 __0 00000000022E Power Cycle Count
BF 100 100 __0 000000000000 G-Sense Error Rate
C0 100 100 __0 000000000011 Power-off Retract Count
C1 100 100 __0 000000000C2F Load/Unload Cycle Count
C2 148 148 __0 002B00120025 Temperature
C4 100 100 __0 000000000000 Reallocation Event Count
C5 100 100 __0 000000000000 Current Pending Sector Count
C6 100 100 __0 000000000000 Uncorrectable Sector Count
C7 200 200 __0 000000000000 UltraDMA CRC Error Count
DF 100 100 __0 000000000000 Load/Unload Retry Count

-- IDENTIFY_DEVICE ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 04 5A 3F FF C8 37 00 10 00 00 00 00 00 3F 00 00
010: 00 00 00 00 31 31 30 31 30 39 50 42 4E 34 30 33
020: 4D 37 44 58 5A 4C 31 45 00 03 38 50 00 04 50 42
030: 34 4F 43 36 30 46 48 69 74 61 63 68 69 20 48 54
040: 53 35 34 35 30 35 30 42 39 41 33 30 30 20 20 20
050: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 80 10
060: 40 00 0F 00 40 00 02 00 02 00 00 07 3F FF 00 10
070: 00 3F FC 10 00 FB 01 00 FF FF 0F FF 00 00 04 07
080: 00 03 00 78 00 78 00 78 00 78 00 00 00 00 00 00
090: 00 00 00 00 00 00 00 1F 17 06 00 00 00 5E 00 40
0A0: 01 FC 00 28 74 6B 7F 69 61 63 74 69 BC 49 61 63
0B0: 00 7F 00 4E 00 4F 40 80 FF FE 00 00 80 FE 00 00
0C0: 00 00 00 00 00 00 00 00 60 30 3A 38 00 00 00 00
0D0: 00 00 00 00 00 00 88 48 50 00 CC A6 7C DB 44 B2
0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 1C
0F0: 40 1C 00 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 00 29 00 0B 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 40 01 00 00 80 00 00 00
130: 34 4F 00 00 00 00 72 81 72 81 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 3D 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 15 18 00 00 00 00 00 00 00 00 10 1F 00 21
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 01 02 C7 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 D6 A5

[chodnik74]

Disk vypada dobře

[Budovi]

Já jsem to říkal

Ok už sa nebudem pokúšať o češtinu (idem študovať do Brna koľko to vydržím )

Na gmer-e sa pracuje

[chodnik74]

Jasan jinak v logu z CF,RSIT nic vidět nešlo..MBAM nic nenašel..takže vir přítomen by neměl být..GMER by mohl eventuálně ukázat rootkit,na ten by byl MBAM krátký..jinak můžeme mrknou pak na log z OTL,který je podpobnější,ale pochybuji..uvidíme

[Budovi]

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-07-10 21:45:09
Windows 6.1.7601 Service Pack 1
Running: gmer.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00106052add7
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00106052add7@001e3a07deee 0xE9 0x5A 0xDC 0x69 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@FrequencyCorrectRate 4
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@PollAdjustFactor 5
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@LargePhaseOffset 50000000
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@SpikeWatchPeriod 900
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@LocalClockDispersion 10
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@HoldPeriod 5
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@PhaseCorrectRate 1
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@UpdateInterval 360000
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@EventLogFlags 2
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@AnnounceFlags 10
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@TimeJumpAuditOffset 28800
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@MinPollInterval 10
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@MaxPollInterval 15
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@MaxNegPhaseCorrection 54000
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@MaxPosPhaseCorrection 54000
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@MaxAllowedPhaseOffset 1
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient@DllName %systemroot%\system32\w32time.dll
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient@Enabled 1
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient@InputProvider 1
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient@AllowNonstandardModeCombinations 1
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient@CrossSiteSyncFlags 2
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient@ResolvePeerBackoffMinutes 15
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient@ResolvePeerBackoffMaxTimes 7
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient@CompatibilityFlags -2147483648
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient@EventLogFlags 1
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient@LargeSampleSkew 3
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient@SpecialPollInterval 604800
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient@SpecialPollTimeRemaining time.windows.com,7b8bdf5???????????
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpServer
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpServer@DllName %systemroot%\system32\w32time.dll
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpServer@Enabled 0
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpServer@InputProvider 0
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpServer@AllowNonstandardModeCombinations 1
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpServer@EventLogFlags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpServer@ChainEntryTimeout 16
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpServer@ChainMaxEntries 128
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpServer@ChainMaxHostEntries 4
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpServer@ChainDisable 0
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpServer@ChainLoggingRate 30
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00106052add7 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\W32Time\Config@FrequencyCorrectRate 4
Reg HKLM\SYSTEM\ControlSet002\services\W32Time\Config@PollAdjustFactor 5
Reg HKLM\SYSTEM\ControlSet002\services\W32Time\Config@LargePhaseOffset 50000000
Reg HKLM\SYSTEM\ControlSet002\services\W32Time\Config@SpikeWatchPeriod 900
Reg HKLM\SYSTEM\ControlSet002\services\W32Time\Config@LocalClockDispersion 10
Reg HKLM\SYSTEM\ControlSet002\services\W32Time\Config@HoldPeriod 5
Reg HKLM\SYSTEM\ControlSet002\services\W32Time\Config@PhaseCorrectRate 1
Reg HKLM\SYSTEM\ControlSet002\services\W32Time\Config@UpdateInterval 360000
Reg HKLM\SYSTEM\ControlSet002\services\W32Time\Config@EventLogFlags 2
Reg HKLM\SYSTEM\ControlSet002\services\W32Time\Config@AnnounceFlags 10
Reg HKLM\SYSTEM\ControlSet002\services\W32Time\Config@TimeJumpAuditOffset 28800
Reg HKLM\SYSTEM\ControlSet002\services\W32Time\Config@MinPollInterval 10
Reg HKLM\SYSTEM\ControlSet002\services\W32Time\Config@MaxPollInterval 15
Reg HKLM\SYSTEM\ControlSet002\services\W32Time\Config@MaxNegPhaseCorrection 54000
Reg HKLM\SYSTEM\ControlSet002\services\W32Time\Config@MaxPosPhaseCorrection 54000
Reg HKLM\SYSTEM\ControlSet002\services\W32Time\Config@MaxAllowedPhaseOffset 1
Reg HKLM\SYSTEM\ControlSet002\services\W32Time\TimeProviders\NtpClient (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\W32Time\TimeProviders\NtpClient@DllName %systemroot%\system32\w32time.dll
Reg HKLM\SYSTEM\ControlSet002\services\W32Time\TimeProviders\NtpClient@Enabled 1
Reg HKLM\SYSTEM\ControlSet002\services\W32Time\TimeProviders\NtpClient@InputProvider 1
Reg HKLM\SYSTEM\ControlSet002\services\W32Time\TimeProviders\NtpClient@AllowNonstandardModeCombinations 1
Reg HKLM\SYSTEM\ControlSet002\services\W32Time\TimeProviders\NtpClient@CrossSiteSyncFlags 2
Reg HKLM\SYSTEM\ControlSet002\services\W32Time\TimeProviders\NtpClient@ResolvePeerBackoffMinutes 15
Reg HKLM\SYSTEM\ControlSet002\services\W32Time\TimeProviders\NtpClient@ResolvePeerBackoffMaxTimes 7
Reg HKLM\SYSTEM\ControlSet002\services\W32Time\TimeProviders\NtpClient@CompatibilityFlags -2147483648
Reg HKLM\SYSTEM\ControlSet002\services\W32Time\TimeProviders\NtpClient@EventLogFlags 1
Reg HKLM\SYSTEM\ControlSet002\services\W32Time\TimeProviders\NtpClient@LargeSampleSkew 3
Reg HKLM\SYSTEM\ControlSet002\services\W32Time\TimeProviders\NtpClient@SpecialPollInterval 604800
Reg HKLM\SYSTEM\ControlSet002\services\W32Time\TimeProviders\NtpClient@SpecialPollTimeRemaining time.windows.com,7b86d46???????????
Reg HKLM\SYSTEM\ControlSet002\services\W32Time\TimeProviders\NtpServer (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\W32Time\TimeProviders\NtpServer@DllName %systemroot%\system32\w32time.dll
Reg HKLM\SYSTEM\ControlSet002\services\W32Time\TimeProviders\NtpServer@Enabled 0
Reg HKLM\SYSTEM\ControlSet002\services\W32Time\TimeProviders\NtpServer@InputProvider 0
Reg HKLM\SYSTEM\ControlSet002\services\W32Time\TimeProviders\NtpServer@AllowNonstandardModeCombinations 1
Reg HKLM\SYSTEM\ControlSet002\services\W32Time\TimeProviders\NtpServer@EventLogFlags 0
Reg HKLM\SYSTEM\ControlSet002\services\W32Time\TimeProviders\NtpServer@ChainEntryTimeout 16
Reg HKLM\SYSTEM\ControlSet002\services\W32Time\TimeProviders\NtpServer@ChainMaxEntries 128
Reg HKLM\SYSTEM\ControlSet002\services\W32Time\TimeProviders\NtpServer@ChainMaxHostEntries 4
Reg HKLM\SYSTEM\ControlSet002\services\W32Time\TimeProviders\NtpServer@ChainDisable 0
Reg HKLM\SYSTEM\ControlSet002\services\W32Time\TimeProviders\NtpServer@ChainLoggingRate 30

---- Files - GMER 1.0.15 ----

File C:\ProgramData\Kaspersky Lab\AVP12\SysWHist\amlogs\3342 0 bytes
File C:\ProgramData\Kaspersky Lab\AVP12\SysWHist\amlogs\3343 0 bytes
File C:\ProgramData\Kaspersky Lab\AVP12\SysWHist\amlogs\3344 0 bytes
File C:\ProgramData\Kaspersky Lab\AVP12\SysWHist\amlogs\3345 0 bytes
File C:\Windows\temp\kls475E.tmp 96208 bytes

---- EOF - GMER 1.0.15 ----

[chodnik74]

Tohle by mělo být v pohodě...zkusil bych opravnou instalaci systému windows..máte instalační CD systému?