POprosim,spomaleny pc,zasekava sa,videa trhaju na internete

[martinerik]

Process:

System Idle Process
System
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Documents and Settings\Martin\Plocha\IceSword122en\IceSword122en\IceSword.exe

[Rudy]

To je všechno, co tam bylo?

[martinerik]

Pisem ze neviem ako vytvorim log z ostatneho...?

[martinerik]

Port:

Protocol Local Address Foreign Address State PID PathName
TCP 192.168.0.118 : 1136 173.194.35.131 : 80 ESTABLISHED 2012 C:\Program Files\Mozilla Firefox\firefox.exe
TCP 192.168.0.118 : 1137 74.125.132.102 : 80 ESTABLISHED 2012 C:\Program Files\Mozilla Firefox\firefox.exe
TCP 192.168.0.118 : 1031 74.125.132.101 : 80 ESTABLISHED 2012 C:\Program Files\Mozilla Firefox\firefox.exe
TCP 127.0.0.1 : 1025 127.0.0.1 : 1026 ESTABLISHED 2012 C:\Program Files\Mozilla Firefox\firefox.exe
TCP 127.0.0.1 : 1026 127.0.0.1 : 1025 ESTABLISHED 2012 C:\Program Files\Mozilla Firefox\firefox.exe
TCP 192.168.0.118 : 1054 173.194.70.157 : 80 ESTABLISHED 2012 C:\Program Files\Mozilla Firefox\firefox.exe
TCP 192.168.0.118 : 1066 31.13.81.7 : 443 ESTABLISHED 2012 C:\Program Files\Mozilla Firefox\firefox.exe
TCP 192.168.0.118 : 1133 74.125.132.101 : 80 ESTABLISHED 2012 C:\Program Files\Mozilla Firefox\firefox.exe
TCP 192.168.0.118 : 1097 31.13.81.7 : 80 TIME_WAIT 0 ----
TCP 192.168.0.118 : 1065 31.13.81.7 : 80 TIME_WAIT 0 ----
TCP 192.168.0.118 : 1103 195.27.183.166 : 80 TIME_WAIT 0 ----
TCP 192.168.0.118 : 1098 31.13.81.7 : 80 TIME_WAIT 0 ----
TCP 192.168.0.118 : 1104 195.27.183.166 : 80 TIME_WAIT 0 ----
TCP 192.168.0.118 : 1099 31.13.81.7 : 80 TIME_WAIT 0 ----
TCP 192.168.0.118 : 1053 173.194.70.156 : 80 TIME_WAIT 0 ----
TCP 192.168.0.118 : 1093 2.20.180.33 : 80 TIME_WAIT 0 ----
TCP 192.168.0.118 : 1134 173.194.70.156 : 80 TIME_WAIT 0 ----
TCP 192.168.0.118 : 1135 173.194.70.120 : 80 TIME_WAIT 0 ----
TCP 192.168.0.118 : 1110 92.122.212.82 : 80 TIME_WAIT 0 ----
TCP 192.168.0.118 : 1072 195.27.183.151 : 80 TIME_WAIT 0 ----
TCP 192.168.0.118 : 1117 23.14.92.195 : 80 TIME_WAIT 0 ----
TCP 192.168.0.118 : 1074 31.13.81.7 : 80 TIME_WAIT 0 ----
TCP 192.168.0.118 : 1120 23.14.92.195 : 80 TIME_WAIT 0 ----
TCP 192.168.0.118 : 1115 2.20.180.33 : 80 TIME_WAIT 0 ----
TCP 192.168.0.118 : 1075 31.13.81.7 : 80 TIME_WAIT 0 ----
TCP 192.168.0.118 : 1121 23.14.92.195 : 80 TIME_WAIT 0 ----
TCP 192.168.0.118 : 1112 2.20.180.74 : 80 TIME_WAIT 0 ----
TCP 192.168.0.118 : 1081 195.27.183.182 : 80 TIME_WAIT 0 ----
TCP 192.168.0.118 : 1067 199.7.57.72 : 80 TIME_WAIT 0 ----
TCP 192.168.0.118 : 1114 23.61.254.233 : 80 TIME_WAIT 0 ----
TCP 192.168.0.118 : 1111 195.27.183.151 : 80 TIME_WAIT 0 ----
TCP 192.168.0.118 : 1100 195.27.183.166 : 80 TIME_WAIT 0 ----
TCP 192.168.0.118 : 1095 31.13.81.7 : 80 TIME_WAIT 0 ----
TCP 192.168.0.118 : 1101 195.27.183.166 : 80 TIME_WAIT 0 ----
TCP 192.168.0.118 : 1096 31.13.81.7 : 80 TIME_WAIT 0 ----
TCP 0.0.0.0 : 445 0.0.0.0 : 0 LISTENING 4 NT OS Kernel
TCP 0.0.0.0 : 135 0.0.0.0 : 0 LISTENING 1124 C:\WINDOWS\system32\svchost.exe
TCP 192.168.0.118 : 139 0.0.0.0 : 0 LISTENING 4 NT OS Kernel
UDP 192.168.0.118 : 138 * : * 4 NT OS Kernel
UDP 192.168.0.118 : 137 * : * 4 NT OS Kernel
UDP 0.0.0.0 : 445 * : * 4 NT OS Kernel

[martinerik]

Startup:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
RTHDCPL
RTHDCPL.EXE

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NvMediaCenter
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NvCplDaemon
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Adobe ARM
"C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
GrooveMonitor
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
avast
"C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
desktop.ini


C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Windows Search.lnk
C:\Program Files\Windows Desktop Search\WindowsSearch.exe (RemarkŁşHledat na ploše)

C:\Documents and Settings\Martin\Nabídka Start\Programy\Po spuštění
desktop.ini

[martinerik]

Started Service:

Service Name:BITS Display Name:BITS
Service Name:CryptSvc Display Name:CryptSvc
Service Name:DcomLaunch Display Name:Spouštěč procesů serveru DCOM
Service Name:Dhcp Display Name:Klient DHCP
Service Name:Dnscache Display Name:Klient DNS
Service Name:ERSvc Display Name:Zasílání zpráv o chybách
Service Name:Eventlog Display Name:Protokol událostí
Service Name:EventSystem Display Name:Systém událostí modelu COM+
Service Name:helpsvc Display Name:Nápověda a odborná pomoc
Service Name:RpcSs Display Name:Vzdálené volání procedur (RPC)
Service Name:seclogon Display Name:Secondary Logon
Service Name:Spooler Display Name:Zařazování tisku
Service Name:srservice Display Name:Služba obnovení systému
Service Name:winmgmt Display Name:Služba WMI
Service Name:wscsvc Display Name:Centrum zabezpečení
Service Name:wuauserv Display Name:Automatic Updates

[Rudy]

Tady: http://forum.viry.cz/viewtopic.php?f=29&t=11394 je podrobný návod.

[martinerik]

Prosim skopirujte,pise ze niesom opravneny citat to forum

[Rudy]

On už je mezi starými návody, takže opravdu se na něj nedostanete. Ten první log, který jste dal, byl z process. Ještě potřebuji z kernelmodule.

[martinerik]

V SSDT je vela cerv.poloziek ale nejde dat log ani okopirovat.Dufam ze to zvladneme a bude to prec Asi je to virus,to co blokuje windows firewall.Vdaka



Kernel Module:

\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
ohci1394.sys
\WINDOWS\system32\DRIVERS\1394BUS.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltMgr.sys
sr.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
speedfan.sys
Mup.sys
giveio.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nv4_mini.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\nic1394.sys
\SystemRoot\system32\DRIVERS\Rtnicxp.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RtkHDAud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\Drivers\AswRdr.SYS
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\arp1394.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\System32\Drivers\Aavmker4.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\nv4_disp.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\System32\Drivers\aswMon2.SYS
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\System32\Drivers\StarOpen.SYS
\SystemRoot\System32\Drivers\IsDrv122.sys
\SystemRoot\system32\DRIVERS\ipfltdrv.sys
\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\giveio.sys
C:\WINDOWS\system32\speedfan.sys

[martinerik]

Pomoze aj toto?Je tam ze nebezia sietove pripojenia a Plug and Play



Rkill 2.4.6 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/27/2013 05:38:55 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* Síťová připojení (Netman) is not Running.
Startup Type set to: Disabled

* Plug and Play (PlugPlay) is not Running.
Startup Type set to: Disabled

* RpcSs => %SystemRoot%\system32\svchost.exe -k rpcss [Incorrect ImagePath]

Searching for Missing Digital Signatures:

* C:\WINDOWS\System32\sfcfiles.dll [NoSig]

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 01/27/2013 05:39:26 PM
Execution time: 0 hours(s), 0 minute(s), and 31 seconds(s)

[Rudy]

Můžete to zkusit. Zkazit se tím nedá nic a pokud to pomůže potom jen dobře.

[martinerik]

Ale ako? sam som to nevedel

[Rudy]

Já také ne. Neviděl jsem to dosud. Původně jsem vám chtěl navrhnout sken AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 a dát log.

[martinerik]

Moment dam.ten adw cleaner musel byt zavireny.Co ste mi radil na zacatku...Ja som potreboval len zrychlit pocitac