Postupne odchadzanie PC

[poldo77]

Zdravim,
v normalnom rezime zatial ok, avast aj zone alarm som odinstaloval aby isiel combofix
firefox stale nejde

tu posielam log:

ComboFix 10-08-15.04 - Peter 16/08/2010 20:47:47.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1252.44.1029.18.479.134 [GMT 2:00]
Running from: c:\documents and settings\Peter\Plocha\ComboFix.exe
Command switches used :: c:\documents and settings\Peter\Plocha\CFScript.txt
.

((((((((((((((((((((((((( Files Created from 2010-07-16 to 2010-08-16 )))))))))))))))))))))))))))))))
.

2010-08-13 22:02 . 2010-08-13 22:02 -------- d-----w- c:\program files\VirusTotalUploader2
2010-08-13 21:25 . 2010-08-13 21:26 -------- d-----w- C:\rsit

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-15 11:30 . 2007-01-24 19:01 -------- d-----w- c:\program files\TrojanHunter 4.2
2010-08-14 20:29 . 2009-12-08 17:39 -------- d-----w- c:\program files\trend micro
2010-08-08 16:31 . 2009-03-26 16:58 -------- d-----w- c:\program files\Opera
2010-08-06 17:07 . 2010-02-07 14:12 -------- d-----w- c:\program files\IKEA HomePlanner
2010-07-30 11:59 . 2007-01-24 19:24 -------- d-----w- c:\program files\Alwil Software
2010-07-19 20:08 . 2007-07-16 09:26 -------- d-----w- c:\program files\rajce
2007-03-04 19:35 . 2007-03-04 19:31 21822168 -c--a-w- c:\program files\AdbeRdr80_en_US.exe
2007-03-04 19:30 . 2007-03-04 19:28 7050552 ----a-w- c:\program files\psa30se_en_us.exe
2007-02-25 17:32 . 2007-02-25 17:32 8704 ------w- c:\program files\OfficeXPUniversalActivator.exe
2007-01-27 18:39 . 2007-01-27 18:39 1695184 ------w- c:\program files\tcmdr656.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSRaid"="c:\program files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe" [2005-05-18 905216]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-05-14 35328]
"SSC Service Utility"="c:\program files\SSC Service Utility\ssc_serv.exe" [2007-10-09 665600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-24 202256]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ lsdelete

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\PROGRA~1\\COMMON~1\\MICROW~1\\Agent\\MWAGENT.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 Angelnt;Angelnt;c:\windows\system32\drivers\ANGELNT.SYS [4.3.2007 20:54 51072]
R2 MSSQL$INVENTORCONTENT;MSSQL$INVENTORCONTENT;c:\program files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe -sINVENTORCONTENT --> c:\program files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe -sINVENTORCONTENT [?]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\drivers\k510bus.sys [25.1.2007 19:44 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\drivers\k510mdfl.sys [25.1.2007 19:44 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\drivers\k510mdm.sys [25.1.2007 19:44 94064]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\k510mgmt.sys [25.1.2007 19:45 85408]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\drivers\k510obex.sys [25.1.2007 19:45 83344]
S3 SQLAgent$AUTODESKVAULT;SQLAgent$AUTODESKVAULT;c:\program files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlagent.EXE [3.5.2005 22:42 323584]
S3 SQLAgent$INVENTORCONTENT;SQLAgent$INVENTORCONTENT;c:\program files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlagent.EXE -i INVENTORCONTENT --> c:\program files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlagent.EXE -i INVENTORCONTENT [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [19.2.2007 20:31 664064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-08-16 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-790525478-162531612-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

2010-07-26 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-790525478-162531612-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hotmail.com/
uInternet Connection Wizard,ShellNext = hxxp://update.zonelabs.com/downloadrequest?updtConfId=4&updtReqId=124879760
IE: E&xportovat do programu Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: ukf.sk
Trusted Zone: ukf.sk\e-prihlaska
Trusted Zone: ukf.sk\www.fotonavratka
Trusted Zone: ukf.sk
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\Peter\Data aplikací\Mozilla\Firefox\Profiles\6evnj8t0.default\
FF - prefs.js: browser.startup.homepage - www.hotmail.com

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-16 20:53
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(344)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-08-16 20:56:07
ComboFix-quarantined-files.txt 2010-08-16 18:56
ComboFix2.txt 2010-08-16 18:43
ComboFix3.txt 2010-08-14 21:21

Pre-Run: 9,643,978,752
Post-Run: 9,633,357,824

Current=1 Default=1 Failed=0 LastKnownGood=2 Sets=,1,2,3
- - End Of File - - FD1E2F223C5390A8FFB0767C031FD1CC

[motji]

Firefox přeinstalujte.

[poldo77]

1)skusil som, aj odinstalovat a nainstalovat znovu nepomohlo, pise ze aplikacia je spustena a neodpoveda a ak chcem otvorit nove okno musim ukoncit povodny proces alebo reset pc

2) co ten trojsky kon je to uz v poho?

[motji]

Zkuste odinstalovat v nouzovém režimu.

Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.

[poldo77]

rychly scan nasiel nieco!!

log:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verzia databázy: 4437

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

16/08/2010 22:01:21
mbam-log-2010-08-16 (22-01-21).txt

Typ kontroly: Rýchla kontrola
Objektov kontrolovaných: 149965
Uplynulý èas: 5 min, 52 sek

Infikované služby pamäte: 0
Infikované moduly pamäte: 0
Infikované registraèné k¾úèe: 0
Infikované registraèné hodnoty: 0
Infikované položky registraèných dát: 0
Infikované prieèinky: 0
Infikované súbory: 1

Infikované služby pamäte:
(Škodlivé položky neboli zistené)

Infikované moduly pamäte:
(Škodlivé položky neboli zistené)

Infikované registraèné k¾úèe:
(Škodlivé položky neboli zistené)

Infikované registraèné hodnoty:
(Škodlivé položky neboli zistené)

Infikované položky registraèných dát:
(Škodlivé položky neboli zistené)

Infikované prieèinky:
(Škodlivé položky neboli zistené)

Infikované súbory:
C:\Documents and Settings\Peter\Data aplikací\addon.dat (Malware.Trace) -> No action taken.


teraz som spustil uplny scan

[motji]

Pak dejte log z uplného skenu.

[poldo77]

A mame ich tu

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verzia databázy: 4437

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

16/08/2010 22:31:21
mbam-log-2010-08-16 (22-31-21).txt

Typ kontroly: Úplná kontrola (C:\|)
Objektov kontrolovaných: 197038
Uplynulý èas: 26 min, 10 sek

Infikované služby pamäte: 0
Infikované moduly pamäte: 0
Infikované registraèné k¾úèe: 0
Infikované registraèné hodnoty: 0
Infikované položky registraèných dát: 0
Infikované prieèinky: 0
Infikované súbory: 6

Infikované služby pamäte:
(Škodlivé položky neboli zistené)

Infikované moduly pamäte:
(Škodlivé položky neboli zistené)

Infikované registraèné k¾úèe:
(Škodlivé položky neboli zistené)

Infikované registraèné hodnoty:
(Škodlivé položky neboli zistené)

Infikované položky registraèných dát:
(Škodlivé položky neboli zistené)

Infikované prieèinky:
(Škodlivé položky neboli zistené)

Infikované súbory:
C:\System Volume Information\_restore{D68E5F82-5206-4004-812C-0531A35083B8}\RP112\A0037998.sys (Trojan.Agent.Gen) -> No action taken.
C:\System Volume Information\_restore{D68E5F82-5206-4004-812C-0531A35083B8}\RP112\A0038258.sys (Trojan.Agent.Gen) -> No action taken.
C:\System Volume Information\_restore{D68E5F82-5206-4004-812C-0531A35083B8}\RP112\A0038395.sys (Trojan.Agent.Gen) -> No action taken.
C:\System Volume Information\_restore{D68E5F82-5206-4004-812C-0531A35083B8}\RP114\A0038592.sys (Trojan.Agent.Gen) -> No action taken.
C:\System Volume Information\_restore{D68E5F82-5206-4004-812C-0531A35083B8}\RP114\A0038664.sys (Trojan.Agent.Gen) -> No action taken.
C:\Documents and Settings\Peter\Data aplikací\addon.dat (Malware.Trace) -> No action taken.

[motji]

Vše smažte.
Co ten firefox?

[poldo77]

az teraz som si vsimol ze az ked prejdem do nudzoveho rezimu tak mi da volbu prihlasit sa ako admin alebo ako uzivatel ale pri normalnom spusteni sa ma nic nepyta..je to OK?

V nudzovom rezime ako admin firefox ide...v com to moze byt?

[motji]

To je ok.
Přihlaste se v nouzovémm režimu pod svůj učet, odinstalujte firefox, pročištěte CCleanerem registry a nainstalujte ho znovu.

[poldo77]

nepomohlo, aj ked som sa potom prihlasil ako admin znovu odinstaloval nainstalova ccleaner a nic, v nudzovom ako admin to ide ale inak nie,
na helpdesk firefox maju navod ako presne tuto chybu odstranit mam vyhladat jeden sobor a ten zmazat ale mne ten subor nenajde
co by som mal skusit dalej?

[poldo77]

Toto by mal byt navod ale xpicleanup.dat mi nenajde

Windows XP
Click on the Start button and select Search to open the Search Results window.
On the left side of the Search Results window, click on the All files and folders link.
Click to expand the More advanced options list.
Put a check mark next to Search system folders, Search hidden files and folders, and Search subfolders.
In the All or part of the file name field, type xpicleanup.dat.
Click Search to begin the search.
If any results are returned, delete them.
Restart Firefox.

[poldo77]

http://support.mozilla.com/en-US/kb/Fir ... _not_close

toto by mal byt link na moj problem ale nepisu ako ho vyriesit.....

[poldo77]

tak som to skusil s chkdsk/f a pozrime...ono uz ide ...no parada

[motji]

Ted to vypadá s počítačem jak?