Prosim o kontrolu logu RSIT - spomaleny PC

Zpráva

peter.peco · #1 Příspěvek od **peter.peco** » 05 zář 2011 12:12

PC bez pripojenia na siet funguje v podstate OK, ale akonahle ho pripojim na siet, reakcie sa spomalia az sa s nim neda nic robit. Vopred dakujem za kontrolu. Tu je log z RSIT:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Andrea at 2011-09-05 13:08:07
Systém Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 3 GB (4%) free of 80 GB
Total RAM: 1023 MB (63% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-606747145-1336601894-682003330-1004Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-606747145-1336601894-682003330-1004UA.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{4BCBEE3E-2BAE-4AB8-9E83-8B3B5C57E0BB}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll [2011-04-11 767280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-12-17 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-12-17 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2004-10-27 61952]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2005-09-07 716800]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2005-08-06 61440]
"WinFast Schedule"=C:\Program Files\WinFast\WFTVFM\WFWIZ.exe [2006-07-07 348160]
"Ulead Quick-Drop"=C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 4.0 Suite\Ulead Quick-Drop 1.0\Quick-Drop.exe WINDOWCALL []
"LWBMOUSE"=C:\Program Files\Tech\Wheel Mouse\5.0\MOUSE32A.EXE [2002-05-24 357376]
"pdfSaver3"= []
"SeekmoOE"=C:\Program Files\Seekmo\bin\10.0.406.0\OEAddOn.exe []
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-03-06 177472]
"MP10_EnsureFileVer"=C:\WINDOWS\inf\unregmp2.exe [2008-04-14 208896]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-03-12 342312]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2011-07-04 3493720]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-06-08 37296]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]
"Philips Device Listener"=C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe [2010-10-15 380416]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"pdfSaver3"=C:\Program Files\PDF\pdfSaver\pdfSaver3.exe [2004-05-19 385024]
"Sony Ericsson PC Companion"=C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe [2011-07-25 433360]
"Google Update"=C:\Documents and Settings\Andrea\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-05 136176]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
ATI CATALYST System Tray.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

C:\Documents and Settings\Andrea\Start Menu\Programs\Startup
Outlook Express.lnk - C:\Program Files\Outlook Express\msimn.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-08-04 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Ahead\Nero ShowTime\ShowTime.exe"="C:\Program Files\Ahead\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime"
"C:\WINDOWS\system32\LMabcoms.exe"="C:\WINDOWS\system32\LMabcoms.exe:*:Enabled:Lexmark Enhanced TCP/IP"
"C:\Program Files\Lexmark\PSSU\pssu.exe"="C:\Program Files\Lexmark\PSSU\pssu.exe:*:Enabled:IP Setup Utility"
"D:\Inštalačné programy\strongdc++\StrongDC.exe"="D:\Inštalačné programy\strongdc++\StrongDC.exe:*:Enabled:StrongDC++"
"C:\Program Files\DC++\DCPlusPlus.exe"="C:\Program Files\DC++\DCPlusPlus.exe:*:Enabled:DC++"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Creative\Creative Centrale\CTUPnPFn.exe"="C:\Program Files\Creative\Creative Centrale\CTUPnPFn.exe:LocalSubNet:Enabled:Creative Centrale Media Server Component"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Disabled:Java(TM) Platform SE binary"
"C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe"="C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe:*:Enabled:WiselinkPro"
"C:\Program Files\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe"="C:\Program Files\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe:*:Enabled:http_ss_win_pro"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet.exe"
"C:\Documents and Settings\Andrea\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\Andrea\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
"C:\WINDOWS\system32\java.exe"="C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\DTS\MAS-SAS\DtsJobQueue.exe"="C:\Program Files\DTS\MAS-SAS\DtsJobQueue.exe:*:Enabled:DtsJobQueue"
"C:\Program Files\DTS\MAS-SAS\DTSToolFramewrk.exe"="C:\Program Files\DTS\MAS-SAS\DTSToolFramewrk.exe:*:Enabled:DTSToolFramewrk"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"midi"=wdmaud.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"VIDC.dvsd"=mcdvd_32.dll
"VIDC.MJPG"=pvmjpg30.dll
"VIDC.PIMJ"=pvljpg20.dll
"VIDC.PVW2"=PVWV220.dll
"VIDC.DIVX"=divx.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll
"msacm.ac3filter"=ac3filter.acm
"SENTINEL"=snti386.dll

======List of files/folders created in the last 1 month======

2011-09-05 13:08:07 ----D---- C:\rsit
2011-09-05 13:08:07 ----D---- C:\Program Files\trend micro
2011-09-05 12:50:16 ----A---- C:\WINDOWS\system32\drivers\kbdhid.sys
2011-09-04 08:46:41 ----D---- C:\WINDOWS\Minidump
2011-08-24 13:42:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2570791$
2011-08-15 02:13:33 ----A---- C:\WINDOWS\system32\sysprs7.dll
2011-08-15 02:13:33 ----A---- C:\WINDOWS\system32\ssprs.dll
2011-08-15 02:13:33 ----A---- C:\WINDOWS\system32\lsprst7.dll
2011-08-15 02:13:33 ----A---- C:\WINDOWS\system32\clauth2.dll
2011-08-15 02:13:33 ----A---- C:\WINDOWS\system32\clauth1.dll
2011-08-15 02:06:50 ----A---- C:\WINDOWS\system32\SNTI386.DLL
2011-08-15 02:06:50 ----A---- C:\WINDOWS\system32\RNBOVDD.DLL
2011-08-15 02:06:50 ----A---- C:\WINDOWS\system32\drivers\SENTINEL.SYS
2011-08-15 02:06:49 ----D---- C:\WINDOWS\system32\RNBOSENT
2011-08-15 01:08:16 ----D---- C:\Documents and Settings\All Users\Application Data\DTS
2011-08-15 00:53:40 ----D---- C:\Program Files\DTS
2011-08-10 22:26:09 ----HDC---- C:\WINDOWS\$NtUninstallKB2567680$
2011-08-10 22:25:55 ----HDC---- C:\WINDOWS\$NtUninstallKB2536276-v2$
2011-08-10 22:25:40 ----HDC---- C:\WINDOWS\$NtUninstallKB2570222$
2011-08-10 22:22:44 ----HDC---- C:\WINDOWS\$NtUninstallKB2566454$
2011-08-10 22:22:30 ----HDC---- C:\WINDOWS\$NtUninstallKB2562937$

======List of files/folders modified in the last 1 month======

2011-09-05 13:08:07 ----RD---- C:\Program Files
2011-09-05 13:07:48 ----D---- C:\WINDOWS\Prefetch
2011-09-05 13:05:44 ----D---- C:\Program Files\BitComet
2011-09-05 13:03:59 ----D---- C:\WINDOWS\Temp
2011-09-05 13:03:43 ----D---- C:\WINDOWS
2011-09-05 13:01:47 ----D---- C:\WINDOWS\system32
2011-09-05 12:50:22 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-09-05 12:50:17 ----D---- C:\WINDOWS\system32\drivers
2011-09-05 12:49:53 ----HD---- C:\WINDOWS\inf
2011-09-05 12:49:43 ----D---- C:\WINDOWS\system32\CatRoot2
2011-09-04 08:39:33 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-09-02 13:09:10 ----D---- C:\Downloads
2011-09-02 06:41:34 ----DC---- C:\WINDOWS\system32\DRVSTORE
2011-08-24 07:34:25 ----D---- C:\Documents and Settings\Andrea\Application Data\BitComet
2011-08-20 06:21:01 ----HD---- C:\Program Files\InstallShield Installation Information
2011-08-20 01:00:44 ----D---- C:\Documents and Settings\Andrea\Application Data\foobar2000
2011-08-18 05:50:58 ----SHD---- C:\WINDOWS\Installer
2011-08-18 05:50:55 ----D---- C:\Documents and Settings\Andrea\Application Data\Mozilla
2011-08-14 08:16:29 ----D---- C:\ALFA
2011-08-12 07:20:29 ----D---- C:\WINDOWS\Microsoft.NET
2011-08-12 07:20:18 ----RSD---- C:\WINDOWS\assembly
2011-08-10 22:29:09 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-08-10 22:28:42 ----D---- C:\WINDOWS\WinSxS
2011-08-10 22:26:13 ----A---- C:\WINDOWS\imsins.BAK
2011-08-10 22:25:49 ----HD---- C:\WINDOWS\$hf_mig$
2011-08-10 22:23:28 ----A---- C:\WINDOWS\system32\MRT.exe
2011-08-10 22:23:17 ----D---- C:\Program Files\Internet Explorer
2011-08-10 22:23:03 ----D---- C:\WINDOWS\ie8updates
2011-08-08 01:51:25 ----D---- C:\Program Files\JDownloader
2011-08-07 01:05:07 ----D---- C:\Documents and Settings\Andrea\Application Data\vlc

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2005-04-25 20640]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-07-04 30808]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-07-04 25432]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2011-07-04 441176]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-07-04 309848]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-07-04 43608]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R2 Angelnt;Angelnt; C:\WINDOWS\System32\Drivers\ANGELNT.SYS [2009-11-08 51072]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-07-04 19544]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-07-04 102616]
R2 CX23880;WinFast CX2388x WDM Video Capture.; C:\WINDOWS\system32\drivers\cx88vid.sys [2005-06-28 163584]
R2 CXTUNE;WinFast CX2388x WDM TVTuner.; C:\WINDOWS\system32\drivers\CX88TUNE.sys [2005-06-28 30976]
R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2008-12-28 73728]
R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver; C:\WINDOWS\system32\DRIVERS\thdudf.sys [2011-05-03 66944]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2005-10-05 141312]
R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-03-04 127872]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-04 1273344]
R3 CXAVXBAR;WinFast CX2388x WDM Crossbar.; C:\WINDOWS\system32\drivers\cxavxbar.sys [2005-06-28 9728]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2010-11-11 15664]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2006-04-06 81664]
R3 seehcri;Sony Ericsson seehcri Device Driver; C:\WINDOWS\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2005-08-11 393088]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 WFIOCTL;WFIOCTL; \??\C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-10-27 145920]
S3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\pcouffin.sys []
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM); C:\WINDOWS\system32\DRIVERS\s1018bus.sys [2009-03-25 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s1018mdfl.sys [2009-03-25 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s1018mdm.sys [2009-03-25 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s1018mgmt.sys [2009-03-25 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS); C:\WINDOWS\system32\DRIVERS\s1018nd5.sys [2009-03-25 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s1018obex.sys [2009-03-25 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM); C:\WINDOWS\system32\DRIVERS\s1018unic.sys [2009-03-25 109864]
S3 s716bus;Sony Ericsson Device 716 driver (WDM); C:\WINDOWS\system32\DRIVERS\s716bus.sys [2007-04-04 83208]
S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s716mdfl.sys [2007-04-04 15112]
S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s716mdm.sys [2007-04-04 108552]
S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s716mgmt.sys [2007-04-04 100360]
S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS); C:\WINDOWS\system32\DRIVERS\s716nd5.sys [2007-04-04 23176]
S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s716obex.sys [2007-04-04 98568]
S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM); C:\WINDOWS\system32\DRIVERS\s716unic.sys [2007-04-04 98952]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBVSP;USBVSP; C:\WINDOWS\system32\drivers\Usbvsp.sys []
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\WINDOWS\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-04 380928]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-07-04 42184]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-12-17 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-04-24 73728]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-03-12 656168]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2005-08-05 516096]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-08-14 136176]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-08-14 136176]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 lmab_device;lmab_device; C:\WINDOWS\system32\LMabcoms.exe [2005-06-14 491520]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2005-11-24 53337]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2005-11-24 53337]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-06-15 300544]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion; C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2005-11-24 69718]
S3 WiselinkPro;SAMSUNG WiselinkPro Service; C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [2009-01-08 4136960]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#2 Příspěvek od **Rudy** » 05 zář 2011 18:16

Poprosím o log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

peter.peco · #3 Příspěvek od **peter.peco** » 06 zář 2011 07:13

ComboFix 11-09-05.05 - Andrea 06.09.2011 7:42.1.1 - x86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.1023.660 [GMT 2:00]
Running from: c:\documents and settings\Andrea\Desktop\zmija.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
c:\documents and settings\All Users\Application Data\SeekmoSA
c:\documents and settings\All Users\Application Data\SeekmoSA\SeekmoSA.dat
c:\documents and settings\All Users\Application Data\SeekmoSA\SeekmoSAAbout.mht
c:\documents and settings\All Users\Application Data\SeekmoSA\SeekmoSAEULA.mht
c:\documents and settings\All Users\Start Menu\Programs\Seekmo
c:\documents and settings\All Users\Start Menu\Programs\Seekmo\Reset Cursor.lnk
c:\documents and settings\All Users\Start Menu\Programs\Seekmo\Seekmo Customer Support Center.lnk
c:\documents and settings\All Users\Start Menu\Programs\Seekmo\Seekmo Uninstall Instructions.lnk
c:\documents and settings\Andrea\Application Data\inst.exe
c:\documents and settings\Andrea\Application Data\Seekmo
c:\documents and settings\Andrea\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Andrea\Local Settings\Application Data\ApplicationHistory\CLI.exe.c88dbd71.ini
c:\documents and settings\Andrea\Local Settings\Application Data\ApplicationHistory\cli.exe.c88dbd71.ini.inuse
c:\documents and settings\Andrea\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\Andrea\Local Settings\Application Data\ApplicationHistory\SL2.tmp.b6ba6d45.ini
c:\documents and settings\Andrea\WINDOWS
c:\program files\seekmo
c:\program files\seekmo\bin\10.0.406.0\arrow.ico
c:\program files\seekmo\bin\10.0.406.0\copyright.txt
c:\program files\seekmo\bin\10.0.406.0\firefox\extensions\components\npclntax.xpt
c:\program files\seekmo\bin\10.0.406.0\firefox\extensions\install.rdf
c:\program files\seekmo\bin\10.0.406.0\firefox\extensions\plugins\npclntax_SeekmoSA.dll
c:\program files\seekmo\bin\10.0.406.0\InstIE.dll
c:\program files\seekmo\bin\10.0.406.0\link.ico
c:\program files\seekmo\bin\10.0.406.0\SeekmoSADF.exe
c:\program files\seekmo\bin\10.0.406.0\Srv.exe
c:\program files\seekmo\bin\10.0.406.0\Wallpaper.dll
c:\windows\dasetup.log
c:\windows\IsUn0405.exe
c:\windows\system32\comct332.ocx
c:\windows\system32\lsprst7.dll
c:\windows\system32\ssprs.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-08-06 to 2011-09-06 )))))))))))))))))))))))))))))))
.
.
2011-09-05 11:08 . 2011-09-05 11:08 -------- d-----w- C:\rsit
2011-09-05 11:08 . 2011-09-05 11:08 -------- d-----w- c:\program files\trend micro
2011-09-05 10:50 . 2008-04-13 18:39 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2011-09-05 10:50 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2011-08-15 00:13 . 2011-08-15 00:13 1025 ----a-w- c:\windows\system32\sysprs7.dll
2011-08-15 00:13 . 2011-08-15 00:13 1025 ----a-w- c:\windows\system32\clauth2.dll
2011-08-15 00:13 . 2011-08-15 00:13 1025 ----a-w- c:\windows\system32\clauth1.dll
2011-08-15 00:06 . 2008-12-28 16:01 73728 ----a-w- c:\windows\system32\drivers\SENTINEL.SYS
2011-08-15 00:06 . 2008-12-28 16:01 18432 ----a-w- c:\windows\system32\RNBOVDD.DLL
2011-08-15 00:06 . 2008-12-28 16:00 49664 ----a-w- c:\windows\system32\SNTI386.DLL
2011-08-15 00:06 . 2011-08-15 00:06 -------- d-----w- c:\windows\system32\RNBOSENT
2011-08-14 23:08 . 2011-08-14 23:08 -------- d-----w- c:\documents and settings\All Users\Application Data\DTS
2011-08-14 22:56 . 2011-08-14 22:56 -------- d-----w- c:\documents and settings\Andrea\.DTS
2011-08-14 22:53 . 2011-08-14 22:53 98304 ----a-r- c:\documents and settings\Andrea\Application Data\Microsoft\Installer\{DB16AC17-3AF9-4ADB-B8E2-596FDA2FCBA6}\NewShortcut22_8A25347572C4416AA4BA1AA45688324B.exe
2011-08-14 22:53 . 2011-08-14 22:53 98304 ----a-r- c:\documents and settings\Andrea\Application Data\Microsoft\Installer\{DB16AC17-3AF9-4ADB-B8E2-596FDA2FCBA6}\NewShortcut2_8A25347572C4416AA4BA1AA45688324B.exe
2011-08-14 22:53 . 2011-08-14 22:53 98304 ----a-r- c:\documents and settings\Andrea\Application Data\Microsoft\Installer\{DB16AC17-3AF9-4ADB-B8E2-596FDA2FCBA6}\NewShortcut12_8A25347572C4416AA4BA1AA45688324B.exe
2011-08-14 22:53 . 2011-08-14 22:53 98304 ----a-r- c:\documents and settings\Andrea\Application Data\Microsoft\Installer\{DB16AC17-3AF9-4ADB-B8E2-596FDA2FCBA6}\NewShortcut1_8A25347572C4416AA4BA1AA45688324B.exe
2011-08-14 22:53 . 2011-08-14 22:53 45056 ----a-r- c:\documents and settings\Andrea\Application Data\Microsoft\Installer\{DB16AC17-3AF9-4ADB-B8E2-596FDA2FCBA6}\ARPPRODUCTICON.exe
2011-08-14 22:53 . 2011-08-14 22:53 -------- d-----w- c:\program files\DTS
2011-08-10 05:05 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-10 05:04 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-15 13:29 . 2006-02-28 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2006-02-28 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-04 11:43 . 2010-08-14 06:09 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:43 . 2007-01-05 14:46 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-04 11:36 . 2011-06-06 21:00 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:36 . 2008-04-13 19:20 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:35 . 2007-01-05 14:46 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:35 . 2007-01-05 14:46 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-07-04 11:35 . 2007-01-05 14:46 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-07-04 11:32 . 2007-01-05 14:46 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2007-01-05 14:46 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-07-04 11:32 . 2008-04-13 19:20 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-06-24 14:10 . 2006-12-06 14:45 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2006-02-28 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pdfSaver3"="c:\program files\PDF\pdfSaver\pdfSaver3.exe" [2004-05-19 385024]
"Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2011-07-25 433360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-06 61440]
"WinFast Schedule"="c:\program files\WinFast\WFTVFM\WFWIZ.exe" [2006-07-07 348160]
"LWBMOUSE"="c:\program files\Tech\Wheel Mouse\5.0\MOUSE32A.EXE" [2002-05-24 357376]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-05 177472]
"MP10_EnsureFileVer"="c:\windows\inf\unregmp2.exe" [2008-04-14 208896]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Philips Device Listener"="c:\program files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe" [2010-10-15 380416]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Andrea\Start Menu\Programs\Startup\
Outlook Express.lnk - c:\program files\Outlook Express\msimn.exe [2006-12-6 60416]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
ATI CATALYST System Tray.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-8-6 61440]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\LMabcoms.exe"=
"c:\\Program Files\\Lexmark\\PSSU\\pssu.exe"=
"d:\\Inštalačné programy\\strongdc++\\StrongDC.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Samsung\\SAMSUNG PC Share Manager\\WiselinkPro.exe"=
"c:\\Program Files\\Samsung\\SAMSUNG PC Share Manager\\http_ss_win_pro.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Documents and Settings\\Andrea\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\DTS\\MAS-SAS\\DtsJobQueue.exe"=
"c:\\Program Files\\DTS\\MAS-SAS\\DTSToolFramewrk.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19308:TCP"= 19308:TCP:BitComet 19308 TCP
"19308:UDP"= 19308:UDP:BitComet 19308 UDP
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [6.6.2011 23:00 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [13.4.2008 21:20 309848]
R2 Angelnt;Angelnt;c:\windows\system32\drivers\ANGELNT.SYS [12.12.2006 22:50 51072]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13.4.2008 21:20 19544]
R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:\windows\system32\drivers\thdudf.sys [17.4.2011 0:46 66944]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [18.1.2010 18:58 27632]
R3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.sys [6.12.2006 17:41 9446]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [14.8.2010 8:09 136176]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [14.8.2010 8:09 136176]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [18.1.2010 18:57 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [18.1.2010 18:57 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [18.1.2010 18:57 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [18.1.2010 18:57 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [18.1.2010 18:57 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [18.1.2010 18:57 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [18.1.2010 18:57 109864]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [6.4.2011 6:28 155344]
S3 USBVSP;USBVSP;c:\windows\system32\drivers\Usbvsp.sys --> c:\windows\system32\drivers\Usbvsp.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [7.1.2010 17:15 11520]
S3 WiselinkPro;SAMSUNG WiselinkPro Service;c:\program files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [8.1.2009 10:38 4136960]
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-14 06:09]
.
2011-09-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-14 06:09]
.
2011-09-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606747145-1336601894-682003330-1004Core.job
- c:\documents and settings\Andrea\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-01 07:33]
.
2011-09-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606747145-1336601894-682003330-1004UA.job
- c:\documents and settings\Andrea\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-01 07:33]
.
2011-09-06 c:\windows\Tasks\User_Feed_Synchronization-{4BCBEE3E-2BAE-4AB8-9E83-8B3B5C57E0BB}.job
- c:\windows\system32\msfeedssync.exe [2009-10-17 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.atcomet.com/b/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Stiahnuť &všetky odkazy pomocou BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Stiahnuť odkaz &pomocou BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Ulead Quick-Drop - c:\program files\Ulead Systems\Ulead DVD MovieFactory 4.0 Suite\Ulead Quick-Drop 1.0\Quick-Drop.exe
HKLM-Run-pdfSaver3 - (no file)
AddRemove-BitComet - f:\nový priečinok\BitComet\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-06 08:03
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(696)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2816)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-09-06 08:09:43 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-06 06:09
.
Pre-Run: 6 916 743 168 bytes free
Post-Run: 18 adresárov, 10 723 520 512 voľných bajtov
.
- - End Of File - - DCB40D3C553F9393BDC1103F262DA0D0

#4 Příspěvek od **Rudy** » 06 zář 2011 16:53

Řadu položek CF smazal. Ještě prosím otestovat online na www.virustotal.com tyto soubory:

c:\windows\system32\sysprs7.dll
c:\windows\system32\clauth2.dll
c:\windows\system32\clauth1.dll

Výsledek oznamte.

peter.peco · #5 Příspěvek od **peter.peco** » 07 zář 2011 06:06

Ani jeden zo suborov nie je infikovany:

Kód: Vybrat vše

http://www.virustotal.com/file-scan/report.html?id=6604d058f3982a30396c44ba756ca5a3e55f01eeaacf03bf3227de8fcf8218c0-1315370787
http://www.virustotal.com/file-scan/report.html?id=6604d058f3982a30396c44ba756ca5a3e55f01eeaacf03bf3227de8fcf8218c0-1315370934
http://www.virustotal.com/file-scan/report.html?id=f53dbbbada1b484e94027bd4e4746c2eea4193ed234f661b0d975df13757616c-1315370655
http://www.virustotal.com/file-scan/report.html?id=f53dbbbada1b484e94027bd4e4746c2eea4193ed234f661b0d975df13757616c-1315371009

#6 Příspěvek od **Rudy** » 07 zář 2011 17:15

OK. V tom případě je log čistý. Nastala nějaká změna?

peter.peco · #7 Příspěvek od **peter.peco** » 08 zář 2011 06:19

Je to omnoho lepsie. Po pripojeni na siet sa PC nespomali.

Nastal ale jeden problem, ked spontanne dochadza k restartom PC. Vyskusam nejaku diagnostiku, ci nie je poskodeny hw. Zatial dik.

#8 Příspěvek od **Rudy** » 08 zář 2011 17:03

Zkontrolujte teploty pomocí Speedfanu: http://www.stahuj.centrum.cz/utility_a_ ... /speedfan/ , příp. na zkoušku vyměňte napájecí zdroj.

peter.peco · #9 Příspěvek od **peter.peco** » 12 zář 2011 10:47

To PC nie je moje ale kamaratove. Vcera ma zavolal, ze sa to opat prejavilo. Specifikoval, ze po spusteni torrent klienta a zahajeni stahovania nejakeho video suboru sa to cele zahryzlo opat.

Momentalne mam PC u seba, nie je pripojene na siet a javi sa OK. Po pripojeni na siet sa rapidne spomali. Speedfan ukazuje hodnoty: System 34C, CPU 29C, AUX 48C, HD0 30C. Pri AUX je zvycajne zelena fajka, ale obcas to skoci do cervenej sipky hore.

Ako pokracovat?

#10 Příspěvek od **Rudy** » 12 zář 2011 17:09

Teploty jsou OK. P2P sítěmi se tu nezabýváme, jelikož jsou semeništěm virů. Od toho jsou jiná fóra. Po mazání CF byl PC zcela bez virů.

peter.peco · #11 Příspěvek od **peter.peco** » 12 zář 2011 17:24

To ano, ale teraz tam je smejd, ako ho odstranit? Samozrejme torrent klienta odinstaloval kamos sam este vcera. Mam urobit este raz cistenie pomocou CF? Alebo odporucis nieco ine? Vdaka.

#12 Příspěvek od **Rudy** » 12 zář 2011 17:29

Podle CF by měl být log čistý. Pokud jste si stáhl tím, že jste použil P2P síť, docela nemám chuť to řešit. Používání P2P sítí je jen a pouze na vaše vlastní riziko.

K věci: Dejte nový log z ComboFix. Upozorňuji, že je to naposledy v případě, že se budete na internetu riskantně chovat.

peter.peco · #13 Příspěvek od **peter.peco** » 12 zář 2011 18:29

Mrzi ma, ze vas to hneva, no nemozem za to.
Tu je log z CF, dufam, ze aktualizacia CF prebehla OK, pretoze to po restarte opat vytuhne len co to pripojim na internet.

ComboFix 11-09-05.05 - Andrea 12.09.2011 19:04:34.2.1 - x86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.1023.663 [GMT 2:00]
Running from: c:\documents and settings\Andrea\Desktop\iexplorer8.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
- REDUCED FUNCTIONALITY MODE -
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Andrea\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Andrea\Local Settings\Application Data\ApplicationHistory\cli.exe.c88dbd71.ini.inuse
c:\documents and settings\Andrea\Local Settings\Application Data\ApplicationHistory\uccc.exe.8ab524e5.ini
.
.
((((((((((((((((((((((((( Files Created from 2011-08-12 to 2011-09-12 )))))))))))))))))))))))))))))))
.
.
2011-09-12 16:33 . 2008-04-14 00:11 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2011-09-12 16:33 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-09-12 09:39 . 2011-09-12 09:42 -------- d-----w- c:\program files\SpeedFan
2011-09-08 10:09 . 2011-09-12 16:37 -------- d-----w- c:\program files\CCleaner
2011-09-08 09:59 . 2011-09-08 09:59 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2011-09-08 08:41 . 2010-02-10 19:20 593920 ------w- c:\windows\system32\ati2sgag.exe
2011-09-08 07:03 . 2011-09-08 07:03 0 ----a-w- c:\windows\ativpsrm.bin
2011-09-08 06:35 . 2011-09-08 06:35 -------- d-----w- C:\ATI
2011-09-08 06:10 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-08 06:10 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-08 06:10 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-08 06:10 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-08 06:10 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-08 06:10 . 2011-07-04 11:35 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-09-08 06:10 . 2011-07-04 11:35 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-09-08 06:10 . 2011-07-04 11:32 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-09-08 06:10 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-09-08 06:10 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-08 06:10 . 2011-09-08 06:10 -------- d-----w- c:\program files\AVAST Software
2011-09-08 06:10 . 2011-09-08 06:10 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-09-08 05:54 . 2011-09-08 05:55 -------- d-----w- C:\zmija
2011-09-07 04:17 . 2011-09-12 16:36 -------- d-----w- c:\program files\Mobile Partner
2011-09-07 04:15 . 2008-04-13 18:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2011-09-07 04:15 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-09-05 11:08 . 2011-09-05 11:08 -------- d-----w- C:\rsit
2011-09-05 11:08 . 2011-09-05 11:08 -------- d-----w- c:\program files\trend micro
2011-09-05 10:50 . 2008-04-13 18:39 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2011-09-05 10:50 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2011-09-03 10:17 . 2011-09-03 10:17 599040 -c----w- c:\windows\system32\dllcache\crypt32.dll
2011-08-15 00:13 . 2011-08-15 00:13 1025 ----a-w- c:\windows\system32\sysprs7.dll
2011-08-15 00:13 . 2011-08-15 00:13 1025 ----a-w- c:\windows\system32\clauth2.dll
2011-08-15 00:13 . 2011-08-15 00:13 1025 ----a-w- c:\windows\system32\clauth1.dll
2011-08-15 00:06 . 2008-12-28 16:01 73728 ----a-w- c:\windows\system32\drivers\SENTINEL.SYS
2011-08-15 00:06 . 2008-12-28 16:01 18432 ----a-w- c:\windows\system32\RNBOVDD.DLL
2011-08-15 00:06 . 2008-12-28 16:00 49664 ----a-w- c:\windows\system32\SNTI386.DLL
2011-08-15 00:06 . 2011-08-15 00:06 -------- d-----w- c:\windows\system32\RNBOSENT
2011-08-14 23:08 . 2011-08-14 23:08 -------- d-----w- c:\documents and settings\All Users\Application Data\DTS
2011-08-14 22:56 . 2011-08-14 22:56 -------- d-----w- c:\documents and settings\Andrea\.DTS
2011-08-14 22:53 . 2011-08-14 22:53 98304 ----a-r- c:\documents and settings\Andrea\Application Data\Microsoft\Installer\{DB16AC17-3AF9-4ADB-B8E2-596FDA2FCBA6}\NewShortcut22_8A25347572C4416AA4BA1AA45688324B.exe
2011-08-14 22:53 . 2011-08-14 22:53 98304 ----a-r- c:\documents and settings\Andrea\Application Data\Microsoft\Installer\{DB16AC17-3AF9-4ADB-B8E2-596FDA2FCBA6}\NewShortcut2_8A25347572C4416AA4BA1AA45688324B.exe
2011-08-14 22:53 . 2011-08-14 22:53 98304 ----a-r- c:\documents and settings\Andrea\Application Data\Microsoft\Installer\{DB16AC17-3AF9-4ADB-B8E2-596FDA2FCBA6}\NewShortcut12_8A25347572C4416AA4BA1AA45688324B.exe
2011-08-14 22:53 . 2011-08-14 22:53 98304 ----a-r- c:\documents and settings\Andrea\Application Data\Microsoft\Installer\{DB16AC17-3AF9-4ADB-B8E2-596FDA2FCBA6}\NewShortcut1_8A25347572C4416AA4BA1AA45688324B.exe
2011-08-14 22:53 . 2011-08-14 22:53 45056 ----a-r- c:\documents and settings\Andrea\Application Data\Microsoft\Installer\{DB16AC17-3AF9-4ADB-B8E2-596FDA2FCBA6}\ARPPRODUCTICON.exe
2011-08-14 22:53 . 2011-08-14 22:53 -------- d-----w- c:\program files\DTS
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-03 10:17 . 2006-02-28 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-07-15 13:29 . 2006-02-28 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2006-02-28 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2006-12-06 14:45 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2006-02-28 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pdfSaver3"="c:\program files\PDF\pdfSaver\pdfSaver3.exe" [2004-05-19 385024]
"Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2011-07-25 433360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"WinFast Schedule"="c:\program files\WinFast\WFTVFM\WFWIZ.exe" [2006-07-07 348160]
"LWBMOUSE"="c:\program files\Tech\Wheel Mouse\5.0\MOUSE32A.EXE" [2002-05-24 357376]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-05 177472]
"MP10_EnsureFileVer"="c:\windows\inf\unregmp2.exe" [2008-04-14 208896]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Philips Device Listener"="c:\program files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe" [2010-10-15 380416]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\LMabcoms.exe"=
"c:\\Program Files\\Lexmark\\PSSU\\pssu.exe"=
"d:\\Inštalačné programy\\strongdc++\\StrongDC.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Samsung\\SAMSUNG PC Share Manager\\WiselinkPro.exe"=
"c:\\Program Files\\Samsung\\SAMSUNG PC Share Manager\\http_ss_win_pro.exe"=
"c:\\Documents and Settings\\Andrea\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\DTS\\MAS-SAS\\DtsJobQueue.exe"=
"c:\\Program Files\\DTS\\MAS-SAS\\DTSToolFramewrk.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19308:TCP"= 19308:TCP:BitComet 19308 TCP
"19308:UDP"= 19308:UDP:BitComet 19308 UDP
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [8.9.2011 8:10 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8.9.2011 8:10 309848]
R2 Angelnt;Angelnt;c:\windows\system32\drivers\ANGELNT.SYS [12.12.2006 22:50 51072]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8.9.2011 8:10 19544]
R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:\windows\system32\drivers\thdudf.sys [17.4.2011 0:46 66944]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [18.1.2010 18:58 27632]
R3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.sys [6.12.2006 17:41 9446]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [14.8.2010 8:09 136176]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [14.8.2010 8:09 136176]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys --> c:\windows\system32\DRIVERS\ewusbdev.sys [?]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [18.1.2010 18:57 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [18.1.2010 18:57 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [18.1.2010 18:57 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [18.1.2010 18:57 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [18.1.2010 18:57 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [18.1.2010 18:57 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [18.1.2010 18:57 109864]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [6.4.2011 6:28 155344]
S3 USBVSP;USBVSP;c:\windows\system32\drivers\Usbvsp.sys --> c:\windows\system32\drivers\Usbvsp.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [7.1.2010 17:15 11520]
S3 WiselinkPro;SAMSUNG WiselinkPro Service;c:\program files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [8.1.2009 10:38 4136960]
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-14 06:09]
.
2011-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-14 06:09]
.
2011-09-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606747145-1336601894-682003330-1004Core.job
- c:\documents and settings\Andrea\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-01 07:33]
.
2011-09-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606747145-1336601894-682003330-1004UA.job
- c:\documents and settings\Andrea\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-01 07:33]
.
2011-09-12 c:\windows\Tasks\User_Feed_Synchronization-{4BCBEE3E-2BAE-4AB8-9E83-8B3B5C57E0BB}.job
- c:\windows\system32\msfeedssync.exe [2009-10-17 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.atcomet.com/b/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-12 19:06
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(680)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2011-09-12 19:09:52
ComboFix-quarantined-files.txt 2011-09-12 17:09
ComboFix2.txt 2011-09-06 06:09
.
Pre-Run: 29 295 017 984 bytes free
Post-Run: 29 284 945 920 bytes free
.
- - End Of File - - 11779B83DF9B1F9EA07B9046729E01BF

#14 Příspěvek od **Rudy** » 12 zář 2011 18:32

3 položky smazány. Poprosím o ještě jeden sken a log nově staženým CF. Tento je již po expiraci.

peter.peco · #15 Příspěvek od **peter.peco** » 12 zář 2011 18:49

OK, nedarilo sa mi pri pripojenej sieti spustit CF aj s aktualizaciou a potom to vytuhlo. Podarilo sa mi to az po spusteni v safe mode with net. PC po restarte a po pripojeni na siet vytuhne zasa. Tu je novy log:

ComboFix 11-09-12.02 - Administrator . 09. 2011 19:38:03.3.1 - x86 NETWORK
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.1023.701 [GMT 2:00]
Running from: c:\documents and settings\Andrea\Desktop\iexplorer8.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Files Created from 2011-08-12 to 2011-09-12 )))))))))))))))))))))))))))))))
.
.
2011-09-12 17:26 . 2011-09-12 17:26 -------- d-----w- c:\documents and settings\Administrator
2011-09-12 16:33 . 2008-04-14 00:11 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2011-09-12 16:33 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-09-12 09:39 . 2011-09-12 09:42 -------- d-----w- c:\program files\SpeedFan
2011-09-08 10:09 . 2011-09-12 16:37 -------- d-----w- c:\program files\CCleaner
2011-09-08 09:59 . 2011-09-08 09:59 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2011-09-08 08:41 . 2010-02-10 19:20 593920 ------w- c:\windows\system32\ati2sgag.exe
2011-09-08 07:03 . 2011-09-08 07:03 0 ----a-w- c:\windows\ativpsrm.bin
2011-09-08 06:35 . 2011-09-08 06:35 -------- d-----w- C:\ATI
2011-09-08 06:10 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-08 06:10 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-08 06:10 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-08 06:10 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-08 06:10 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-08 06:10 . 2011-07-04 11:35 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-09-08 06:10 . 2011-07-04 11:35 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-09-08 06:10 . 2011-07-04 11:32 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-09-08 06:10 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-09-08 06:10 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-08 06:10 . 2011-09-08 06:10 -------- d-----w- c:\program files\AVAST Software
2011-09-08 06:10 . 2011-09-08 06:10 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-09-08 05:54 . 2011-09-08 05:55 -------- d-----w- C:\zmija
2011-09-07 04:17 . 2011-09-12 16:36 -------- d-----w- c:\program files\Mobile Partner
2011-09-07 04:15 . 2008-04-13 18:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2011-09-07 04:15 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-09-05 11:08 . 2011-09-05 11:08 -------- d-----w- C:\rsit
2011-09-05 11:08 . 2011-09-05 11:08 -------- d-----w- c:\program files\trend micro
2011-09-05 10:50 . 2008-04-13 18:39 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2011-09-05 10:50 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2011-09-03 10:17 . 2011-09-03 10:17 599040 -c----w- c:\windows\system32\dllcache\crypt32.dll
2011-08-15 00:13 . 2011-08-15 00:13 1025 ----a-w- c:\windows\system32\sysprs7.dll
2011-08-15 00:13 . 2011-08-15 00:13 1025 ----a-w- c:\windows\system32\clauth2.dll
2011-08-15 00:13 . 2011-08-15 00:13 1025 ----a-w- c:\windows\system32\clauth1.dll
2011-08-15 00:06 . 2008-12-28 16:01 73728 ----a-w- c:\windows\system32\drivers\SENTINEL.SYS
2011-08-15 00:06 . 2008-12-28 16:01 18432 ----a-w- c:\windows\system32\RNBOVDD.DLL
2011-08-15 00:06 . 2008-12-28 16:00 49664 ----a-w- c:\windows\system32\SNTI386.DLL
2011-08-15 00:06 . 2011-08-15 00:06 -------- d-----w- c:\windows\system32\RNBOSENT
2011-08-14 23:08 . 2011-08-14 23:08 -------- d-----w- c:\documents and settings\All Users\Application Data\DTS
2011-08-14 22:56 . 2011-08-14 22:56 -------- d-----w- c:\documents and settings\Andrea\.DTS
2011-08-14 22:53 . 2011-08-14 22:53 -------- d-----w- c:\program files\DTS
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-03 10:17 . 2006-02-28 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-07-15 13:29 . 2006-02-28 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2006-02-28 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2006-12-06 14:45 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2006-02-28 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"WinFast Schedule"="c:\program files\WinFast\WFTVFM\WFWIZ.exe" [2006-07-07 348160]
"LWBMOUSE"="c:\program files\Tech\Wheel Mouse\5.0\MOUSE32A.EXE" [2002-05-24 357376]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-05 177472]
"MP10_EnsureFileVer"="c:\windows\inf\unregmp2.exe" [2008-04-14 208896]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Philips Device Listener"="c:\program files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe" [2010-10-15 380416]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\LMabcoms.exe"=
"c:\\Program Files\\Lexmark\\PSSU\\pssu.exe"=
"d:\\Inštalačné programy\\strongdc++\\StrongDC.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Samsung\\SAMSUNG PC Share Manager\\WiselinkPro.exe"=
"c:\\Program Files\\Samsung\\SAMSUNG PC Share Manager\\http_ss_win_pro.exe"=
"c:\\Documents and Settings\\Andrea\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\DTS\\MAS-SAS\\DtsJobQueue.exe"=
"c:\\Program Files\\DTS\\MAS-SAS\\DTSToolFramewrk.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19308:TCP"= 19308:TCP:BitComet 19308 TCP
"19308:UDP"= 19308:UDP:BitComet 19308 UDP
.
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [18. 1. 2010 18:58 27632]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [8. 9. 2011 8:10 441176]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8. 9. 2011 8:10 309848]
S2 Angelnt;Angelnt;c:\windows\system32\drivers\ANGELNT.SYS [12. 12. 2006 22:50 51072]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8. 9. 2011 8:10 19544]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [14. 8. 2010 8:09 136176]
S2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:\windows\system32\drivers\thdudf.sys [17. 4. 2011 0:46 66944]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [14. 8. 2010 8:09 136176]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys --> c:\windows\system32\DRIVERS\ewusbdev.sys [?]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [18. 1. 2010 18:57 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [18. 1. 2010 18:57 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [18. 1. 2010 18:57 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [18. 1. 2010 18:57 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [18. 1. 2010 18:57 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [18. 1. 2010 18:57 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [18. 1. 2010 18:57 109864]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [6. 4. 2011 6:28 155344]
S3 USBVSP;USBVSP;c:\windows\system32\drivers\Usbvsp.sys --> c:\windows\system32\drivers\Usbvsp.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [7. 1. 2010 17:15 11520]
S3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.sys [6. 12. 2006 17:41 9446]
S3 WiselinkPro;SAMSUNG WiselinkPro Service;c:\program files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [8. 1. 2009 10:38 4136960]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - CXTUNE
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-14 06:09]
.
2011-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-14 06:09]
.
2011-09-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606747145-1336601894-682003330-1004Core.job
- c:\documents and settings\Andrea\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-01 07:33]
.
2011-09-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606747145-1336601894-682003330-1004UA.job
- c:\documents and settings\Andrea\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-01 07:33]
.
2011-09-12 c:\windows\Tasks\User_Feed_Synchronization-{4BCBEE3E-2BAE-4AB8-9E83-8B3B5C57E0BB}.job
- c:\windows\system32\msfeedssync.exe [2009-10-17 02:31]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 192.168.2.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-12 19:42
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(572)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(176)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2011-09-12 19:44:02
ComboFix-quarantined-files.txt 2011-09-12 17:43
ComboFix2.txt 2011-09-12 17:09
ComboFix3.txt 2011-09-06 06:09
.
Pre-Run: 29 281 431 552 bytes free
Post-Run: 20 adresárov, 29 266 202 624 voľných bajtov
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - AACFE2FA7B00532BCB36309C5A6A3C26

VIRY.CZ

Prosim o kontrolu logu RSIT - spomaleny PC

Prosim o kontrolu logu RSIT - spomaleny PC

Re: Prosim o kontrolu logu RSIT - spomaleny PC

Re: Prosim o kontrolu logu RSIT - spomaleny PC

Re: Prosim o kontrolu logu RSIT - spomaleny PC

Re: Prosim o kontrolu logu RSIT - spomaleny PC

Re: Prosim o kontrolu logu RSIT - spomaleny PC

Re: Prosim o kontrolu logu RSIT - spomaleny PC

Re: Prosim o kontrolu logu RSIT - spomaleny PC

Re: Prosim o kontrolu logu RSIT - spomaleny PC

Re: Prosim o kontrolu logu RSIT - spomaleny PC

Re: Prosim o kontrolu logu RSIT - spomaleny PC

Re: Prosim o kontrolu logu RSIT - spomaleny PC

Re: Prosim o kontrolu logu RSIT - spomaleny PC

Re: Prosim o kontrolu logu RSIT - spomaleny PC

Re: Prosim o kontrolu logu RSIT - spomaleny PC