Zamrzanie PC aj pri necinnosti

[panter2005]

Dobry den
Mam taky problem , ze mi zamrzne PC aj ked na nom nevykonavam ziadnu cinnost .
Chcel som sem poslat log z RSIT ale nechce mi to spustit .
Toto mi vypise : Variable Used : Without being declared .

Poprosil by som o pomoc - Dakujem

[Rudy]

Zkuste RSIT spustit v nouz. režimu.

[panter2005]

Tak neda sa to .
To iste mi vypise :
Variable Used : Without being declared

[Rudy]

ÖK. Zkuste nejdřív rsit.exe přejmenovat třeba na cokoli.com a zkuste spustit. Pokud to nepůjde ani pak, udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

[panter2005]

Tak nejde to spustit ani premenovanim rsit.exe
Tu je log zo MBAM :
=================================

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verzia databázy: 6585

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

18.5.2011 22:16:34
mbam-log-2011-05-18 (22-16-33).txt

Typ kontroly: Úplná kontrola (C:\|D:\|E:\|F:\|)
Objektov kontrolovaných: 240153
Uplynutý čas: 2 hod, 52 min, 38 sek

Infikované služby pamäte: 0
Infikované moduly pamäte: 0
Infikované registračné kľúče: 0
Infikované registračné hodnoty: 0
Infikované položky registračných dát: 0
Infikované priečinky: 0
Infikované súbory: 0

Infikované služby pamäte:
(Škodlivé položky neboli zistené)

Infikované moduly pamäte:
(Škodlivé položky neboli zistené)

Infikované registračné kľúče:
(Škodlivé položky neboli zistené)

Infikované registračné hodnoty:
(Škodlivé položky neboli zistené)

Infikované položky registračných dát:
(Škodlivé položky neboli zistené)

Infikované priečinky:
(Škodlivé položky neboli zistené)

Infikované súbory:
(Škodlivé položky neboli zistené)

[Rudy]

Zkuste ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

Dejte log.

[panter2005]

ComboFix 11-05-18.01 - Admin 19.05.2011 7:00.10.1 - x86
Running from: d:\documents and settings\Admin\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
d:\documents and settings\Admin\Application Data\Admin3SQLite3.dll
d:\documents and settings\Admin\Application Data\facemoods.com
d:\documents and settings\Admin\Application Data\Microsoft\~DFKbcdc27.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-04-19 to 2011-05-19 )))))))))))))))))))))))))))))))
.
.
2011-05-18 20:27 . 2011-05-18 20:27 -------- d-----w- d:\program files\hp deskjet 3820 series
2011-05-18 20:24 . 2011-05-19 04:45 -------- d-----w- d:\windows\LastGood.Tmp
2011-05-18 20:24 . 2011-05-18 20:25 -------- d-----w- d:\program files\Hewlett-Packard
2011-05-18 16:53 . 2011-05-18 16:53 -------- d-----w- d:\windows\system32\wbem\Repository
2011-05-17 14:19 . 2011-05-17 18:10 -------- d-----w- d:\documents and settings\Admin\Application Data\Power Sound Editor Free
2011-05-17 13:20 . 2011-05-18 16:52 -------- d-----w- d:\documents and settings\Admin\Application Data\Focus Mp3 Recorder
2011-05-16 10:39 . 2011-05-16 11:32 -------- d-----w- d:\program files\All Audio Recorder
2011-05-13 18:28 . 2011-05-13 18:28 404640 ----a-w- d:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-13 18:20 . 2011-05-13 18:20 -------- d-----w- d:\program files\Avant Browser
2011-05-12 16:07 . 2011-05-16 18:52 -------- d-----w- d:\program files\SeaMonkey
2011-05-12 15:29 . 2011-05-12 15:30 -------- d-----w- d:\documents and settings\Admin\Application Data\Maxthon3
2011-05-12 15:15 . 2011-05-12 15:19 -------- d-----w- d:\documents and settings\Admin\Application Data\SlimBrowser
2011-05-10 18:27 . 2011-05-10 18:37 -------- d-----w- d:\documents and settings\Admin\Application Data\Desktop Sidebar
2011-05-05 06:15 . 2008-04-14 03:42 176640 ------w- d:\windows\system32\napstat.exe
2011-05-05 06:11 . 2008-04-14 03:41 4255 ------w- d:\windows\system32\drivers\adv01nt5.dll
2011-05-04 21:31 . 2011-05-04 21:31 -------- d-----w- d:\documents and settings\Admin\Application Data\Avira
2011-05-04 21:28 . 2011-04-01 15:07 61960 ----a-w- d:\windows\system32\drivers\avgntflt.sys
2011-05-04 21:28 . 2011-04-01 15:07 137656 ----a-w- d:\windows\system32\drivers\avipbb.sys
2011-05-04 21:28 . 2010-06-17 13:27 45416 ----a-w- d:\windows\system32\drivers\avgntdd.sys
2011-05-04 21:28 . 2010-06-17 13:27 22360 ----a-w- d:\windows\system32\drivers\avgntmgr.sys
2011-05-04 21:28 . 2011-05-04 21:28 -------- d-----w- d:\program files\Avira
2011-05-04 21:28 . 2011-05-04 21:28 -------- d-----w- d:\documents and settings\All Users\Application Data\Avira
2011-05-04 16:27 . 2011-05-04 16:27 -------- d-----w- D:\!KillBox
2011-05-04 16:21 . 2011-05-04 16:21 -------- d-----w- d:\program files\StrongDC++
2011-05-04 07:11 . 2011-05-04 07:11 -------- d-sh--w- d:\windows\system32\config\systemprofile\IETldCache
2011-05-04 07:01 . 2011-05-04 07:01 -------- d-----w- d:\windows\system32\scripting
2011-05-04 07:01 . 2011-05-04 07:01 -------- d-----w- d:\windows\l2schemas
2011-05-04 06:58 . 2011-05-04 07:01 -------- d-----w- d:\windows\ServicePackFiles
2011-05-03 19:44 . 2011-05-04 13:15 -------- d-----w- d:\program files\Microsoft Silverlight
2011-04-28 13:50 . 2011-04-28 13:52 -------- d-----w- d:\program files\DTaskManager - Systemove info o PC
2011-04-28 10:57 . 2011-04-28 10:55 388608 ----a-w- d:\windows\system32\CF9460.exe
2011-04-28 08:43 . 2011-04-28 08:43 2 --shatr- d:\windows\winstart.bat
2011-04-27 17:53 . 2011-04-27 17:53 -------- dc-h--w- d:\documents and settings\All Users\Application Data\{6DAA3B20-D487-4FA2-81D5-50404CCB868D}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-11 18:36 . 2011-02-12 16:03 2560 ----a-w- d:\windows\_MSRSTRT.EXE
2011-04-11 09:01 . 2011-04-11 09:01 796672 ----a-w- d:\windows\GPInstall.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USB Firewall Protection"="2" [X]
"POP Peeper"="d:\program files\POP Peeper\POPPeeper.exe" [2010-09-09 1511424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"tsnp325"="d:\windows\tsnp325.exe" [2006-10-10 270336]
"snp325"="d:\windows\vsnp325.exe" [2006-10-10 827392]
"Malwarebytes' Anti-Malware"="d:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]
"avgnt"="d:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"TkBellExe"="d:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-09-15 198160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="d:\program files\Windows Sidebar\sidebar.exe" [2006-12-08 1253376]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2009-03-08 128512]
.
d:\documents and settings\Admin\Start Menu\Programs\Startup\
SJphone 1.65.lnk - d:\windows\Installer\{E1A45BFD-FD3E-45D7-AD5C-A29A506C2EB3}\SoftphoneIcon.exe [2010-10-13 20480]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"StartMenuLogoff"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- d:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 14:13 49152 ----a-w- d:\progra~1\COMMON~1\stardock\MCPStub.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"=xgusb.cpl
"midi2"=xgusb.cpl
"midi3"=xgusb.cpl
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 23:47 31016 ----a-w- d:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 18:50 155648 -c--a-w- d:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2011-01-29 14:50 46592 ----a-w- d:\windows\SOUNDMAN.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"d:\\WINDOWS\\system32\\mmc.exe"=
"d:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"d:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"d:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\WINDOWS\\system32\\sessmgr.exe"=
"d:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\Program Files\\uTorrent\\utorrent.exe"=
"d:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"d:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\Program Files\\SJphone 1.65\\SJphone.exe"=
"d:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"=
"d:\\Program Files\\Opera\\opera.exe"=
"d:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Program Files\\POP Peeper\\POPPeeper.exe"=
"d:\\Program Files\\StrongDC++\\StrongDC.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Avant Browser\\avant.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8000:UDP"= 8000:UDP:Express Talk RTP Incoming Audio (UDP)
"8001:UDP"= 8001:UDP:Express Talk RTP Incoming Audio (UDP)
"8002:UDP"= 8002:UDP:Express Talk RTP Incoming Audio (UDP)
"8003:UDP"= 8003:UDP:Express Talk RTP Incoming Audio (UDP)
"8004:UDP"= 8004:UDP:Express Talk RTP Incoming Audio (UDP)
"8005:UDP"= 8005:UDP:Express Talk RTP Incoming Audio (UDP)
"8006:UDP"= 8006:UDP:Express Talk RTP Incoming Audio (UDP)
"8007:UDP"= 8007:UDP:Express Talk RTP Incoming Audio (UDP)
"8008:UDP"= 8008:UDP:Express Talk RTP Incoming Audio (UDP)
"8009:UDP"= 8009:UDP:Express Talk RTP Incoming Audio (UDP)
"5070:UDP"= 5070:UDP:Express Talk Sip Incoming Calls (UDP)
"94:TCP"= 94:TCP:VRS Recording System Web Control Panel
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R2 gupdate1ca24c7f0166fb0;Služba Google Update (gupdate1ca24c7f0166fb0); [x]
R3 SNP325;USB PC Camera (SNPSTD325);d:\windows\system32\DRIVERS\snp325.sys [2007-04-03 10251904]
R4 DUMeterSvc;DU Meter Service; [x]
S1 SASDIFSV;SASDIFSV;d:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;d:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\program files\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360]
S2 MBAMService;MBAMService;d:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-20 363344]
S3 MBAMProtector;MBAMProtector;d:\windows\system32\drivers\mbam.sys [2010-12-20 20952]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{34A19196-274E-4D75-9D30-D7A45A0A4178}]
2004-08-04 04:00 11776 -c--a-w- d:\program files\Windows Sidebar\regsvr32.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6B9228DA-9C15-419e-856C-19E768A13BDC}]
2004-08-04 04:00 11776 -c--a-w- d:\program files\Windows Sidebar\regsvr32.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{BADA65A0-86B7-462B-B720-CE66655C73F5}]
2006-11-09 05:57 38912 -c--a-w- d:\vaio\vshellext.dll
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-18 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-1202660629-1957994488-1003Core.job
- d:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-03 14:51]
.
2011-05-18 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-1202660629-1957994488-1003UA.job
- d:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-03 14:51]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.szm.sk/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Excel - d:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{230D1201-7607-4CF6-A11F-9E4BF0A333E0} - {0DB13731-CEFD-43CF-A8FD-B61DCBC4D5B8} - d:\program files\Verdict Free\etnxp.dll
IE: {{2C73F784-D2DE-4422-B070-2E3332FE5744} - {0320AC26-52C8-4316-B2C4-24BB6FA73C9A} - d:\program files\Verdict Free\etnxp.dll
Trusted Zone: stv.sk\www
FF - ProfilePath - d:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\xliuc52f.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - www.szm.sk
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=panda&type=PCAFSI1190&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - %profile%\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}
FF - Ext: MediaBar: {E84D42CA-64EB-11DE-A65F-8C3656D89593} - %profile%\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - d:\program files\Real\RealPlayer\browserrecord
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-CTFMON - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-19 07:22
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1715567821-1202660629-1957994488-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@d:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="d:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(928)
d:\program files\SUPERAntiSpyware\SASWINLO.DLL
d:\progra~1\COMMON~1\Stardock\mcpstub.dll
.
Completion time: 2011-05-19 07:29:54
ComboFix-quarantined-files.txt 2011-05-19 05:29
.
Pre-Run: 21 768 503 296 bytes free
Post-Run: 8 adresárov, 21 795 033 088 voľných bajtov
.
- - End Of File - - 6F34055056692C7FF519615F6BF4471A

[Rudy]

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

Collect::
d:\windows\winstart.bat

Uložte na plochu jako CFScript.txt. pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkaz ze skriptu.

[panter2005]

Neviem , ale este pre istotu posielam vytvoreny log .