VIRY.CZ

Dobry den,

z nicoho nic mi od dnesneho rana zacal blbnut na mojom PC internet. Asi 10 minut po zapnuti internetu internet ide, potom proste prestane ist a musim restartovat cely router, aby znova na ~10 minut isiel. Zaujimavy je aj fakt, ze v dobe, ked mi ten internet nejde, sa uplne normalne dostanem do konfiguracie routra (192.168.1.1), kde nie su nahlasene ziadne problemy a WAN je connected. Kontrolka na routri pre moj PC takisto svieti, akokeby ziadne problemy neboli. Mam ADSL internet a router Vigor2700 Series. Do routra mam pripojene dalsie 2 PC, na ktorych internet normalne funguje, aj v tu dobu, ked na tomto PC nie. LAN funguje bez problemov, pocitace sa navzajom pingaju. Problem teda asi bude v tomto PC ..

Ako som hovoril, zacalo to robit az od dnesneho rana. Nic dolezite za poslednu dobu som v systeme (Windows XP, 32 bit, SP3) nemenil, nic nestahoval. Kable som skusat zmenit, nepomohlo.


Zbezne som ho preletel sam kusok toho RSIT logu a nepacia sa mi tieto riadky :
C:\Program Files\Bonjour\mDNSResponder.exe - neviem, co to je zac, mam to v PC uz ale dlho.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/?pc=AVBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=AVBR - ako start page som urcite nikdy umyselne nenastavoval ziadny bing.com

RSIT log :
Logfile of random's system information tool 1.08 (written by random/random)
Run by heRoo at 2011-01-07 11:48:18
Microsoft Windows XP Professional Service Pack 3
System drive C: has 759 MB (8%) free of 10 GB
Total RAM: 2047 MB (72% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:48:25, on 7.1.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\ping.exe
D:\Hry\cs\steamapps\heroo16\counter-strike\cstrike\RSIT.exe
C:\Program Files\trend micro\heRoo.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/?pc=AVBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=AVBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_2.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_2.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_2.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [StartCCC] "E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwar ... /CTPID.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 4641 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\shutdown.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files\ConduitEngine\ConduitEngine.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - D:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-09 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-05-09 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
BS Player Toolbar - C:\Program Files\BS_Player\tbBS_2.dll [2010-10-18 3908192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - BS Player Toolbar - C:\Program Files\BS_Player\tbBS_2.dll [2010-10-18 3908192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"=D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2010-09-02 1043968]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"StartCCC"=E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-08-03 98304]
"ATICustomerCare"=C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe [2010-03-04 311296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2010-08-04 159744]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"G:\Programy\xampp\xampp\apache\bin\httpd.exe"="G:\Programy\xampp\xampp\apache\bin\httpd.exe:*:Enabled:Apache HTTP Server"
"G:\Programy\xampp\xampp\mysql\bin\mysqld.exe"="G:\Programy\xampp\xampp\mysql\bin\mysqld.exe:*:Enabled:The MySQL Server"
"D:\Program Files\HLSW\hlsw.exe"="D:\Program Files\HLSW\hlsw.exe:*:Enabled:HLSW Application"
"E:\Warcraft III\Warcraft III\war3.exe"="E:\Warcraft III\Warcraft III\war3.exe:*:Enabled:Warcraft III"
"G:\QUarantine\CSdef\hl.exe"="G:\QUarantine\CSdef\hl.exe:*:Enabled:Half-Life Launcher"
"C:\WINDOWS\system32\java.exe"="C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary"
"G:\Games\dsadas\hltv.exe"="G:\Games\dsadas\hltv.exe:*:Enabled:HLTV Launcher"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"D:\Program Files\Java\jre6\bin\javaw.exe"="D:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"G:\Programy\bitlord\BitLord.exe"="G:\Programy\bitlord\BitLord.exe:*:Enabled:BitLord"
"G:\Programy\Update Service\Update Service.exe"="G:\Programy\Update Service\Update Service.exe:*:Enabled:Update Service"
"D:\Hry\cs\Steam.exe"="D:\Hry\cs\Steam.exe:*:Enabled:Steam"
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe"="C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon"
"D:\Hry\cs\steamapps\heroo16\dedicated server\hlds.exe"="D:\Hry\cs\steamapps\heroo16\dedicated server\hlds.exe:*:Enabled:Dedicated Server"
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe"="C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth"
"G:\Games\dsadas\hl.exe"="G:\Games\dsadas\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Documents and Settings\heRoo\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe"="C:\Documents and Settings\heRoo\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player"
"C:\Program Files\Mineserver Project\Mineserver\mineserver.exe"="C:\Program Files\Mineserver Project\Mineserver\mineserver.exe:*:Enabled:mineserver"
"G:\Games\AoE2\age2_x1\age2_x1.exe"="G:\Games\AoE2\age2_x1\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"G:\Games\Age Of Empires II Conquerors\age2_x1\age2_x1.exe"="G:\Games\Age Of Empires II Conquerors\age2_x1\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"D:\Hry\cs\steamapps\heroo16\counter-strike source\hl2.exe"="D:\Hry\cs\steamapps\heroo16\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source"
"D:\Hry\cs\steamapps\heroo16\counter-strike\hl.exe"="D:\Hry\cs\steamapps\heroo16\counter-strike\hl.exe:*:Enabled:Counter-Strike"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.scr - open - "C:\WINDOWS\system32\NOTEPAD.EXE" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2011-01-07 11:48:18 ----D---- C:\rsit
2011-01-07 11:48:18 ----D---- C:\Program Files\trend micro
2011-01-01 02:51:56 ----D---- C:\Program Files\Tournament Bracket Builder
2010-12-26 19:34:00 ----D---- C:\Documents and Settings\All Users\Application Data\ATI
2010-12-26 15:41:38 ----D---- C:\Program Files\ATI
2010-12-25 03:25:28 ----D---- C:\Program Files\HWiNFO32
2010-12-25 02:30:47 ----D---- C:\Documents and Settings\heRoo\Application Data\teamspeak2
2010-12-22 14:28:02 ----D---- C:\Program Files\ColorPic 4.1
2010-12-22 14:28:02 ----A---- C:\WINDOWS\ColorPic Uninstaller.exe
2010-12-20 17:22:42 ----D---- C:\Program Files\asd
2010-12-20 14:40:47 ----SHD---- C:\WINDOWS\CSC
2010-12-20 14:40:41 ----A---- C:\WINDOWS\ntbtlog.txt
2010-12-12 01:23:10 ----D---- C:\Program Files\Tunatic
2010-12-09 23:22:58 ----D---- C:\Documents and Settings\heRoo\Application Data\PandoraRecovery
2010-12-09 23:22:56 ----D---- C:\Program Files\Pandora Recovery

======List of files/folders modified in the last 1 months======

2011-01-07 11:48:25 ----D---- C:\WINDOWS\Prefetch
2011-01-07 11:48:18 ----RD---- C:\Program Files
2011-01-07 11:47:31 ----D---- C:\WINDOWS\Internet Logs
2011-01-07 11:39:28 ----D---- C:\WINDOWS\system32
2011-01-07 11:39:28 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-01-07 11:36:51 ----D---- C:\WINDOWS\Temp
2011-01-07 11:34:58 ----D---- C:\WINDOWS\system32\CatRoot2
2011-01-07 03:16:35 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-01-07 02:38:18 ----D---- C:\Documents and Settings\heRoo\Application Data\HLSW
2011-01-07 02:00:28 ----RASH---- C:\boot.ini
2011-01-06 14:24:11 ----D---- C:\WINDOWS\system32\config
2011-01-06 04:22:42 ----D---- C:\Documents and Settings\heRoo\Application Data\mIRC
2011-01-06 01:18:47 ----D---- C:\Program Files\mIRC
2010-12-30 23:40:20 ----A---- C:\WINDOWS\win.ini
2010-12-26 19:33:55 ----D---- C:\WINDOWS
2010-12-26 15:43:33 ----SHD---- C:\WINDOWS\Installer
2010-12-26 15:42:25 ----D---- C:\WINDOWS\system32\drivers
2010-12-26 15:42:11 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-12-26 15:42:01 ----HD---- C:\WINDOWS\inf
2010-12-26 15:41:56 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-12-25 18:18:58 ----D---- C:\WINDOWS\Minidump
2010-12-22 01:24:19 ----RSD---- C:\WINDOWS\assembly
2010-12-22 01:24:18 ----D---- C:\WINDOWS\WinSxS
2010-12-20 17:24:47 ----D---- C:\WINDOWS\network diagnostic
2010-12-20 15:42:24 ----RSD---- C:\WINDOWS\Fonts
2010-12-17 16:36:47 ----D---- C:\Documents and Settings\heRoo\Application Data\.minecraft
2010-12-11 18:06:19 ----D---- C:\Program Files\CronForWindows
2010-12-11 11:40:41 ----D---- C:\Program Files\Mozilla Firefox

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-06-17 691696]
R1 HWiNFO32;HWiNFO32 Kernel Driver; \??\C:\Program Files\HWiNFO32\HWiNFO32.SYS []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 ISODrive;ISO CD-ROM Device Driver; \??\C:\Program Files\UltraISO\drivers\ISODrive.sys []
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2010-05-13 532224]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\System32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2010-08-04 5243392]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\DRIVERS\ctsfm2k.sys [2005-01-10 138752]
R3 gbridge;Gbridge Virtual Miniport; C:\WINDOWS\system32\DRIVERS\gbridge.sys [2009-05-10 41216]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [2007-11-17 54016]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [2007-11-17 22016]
R3 nvsmu;nvsmu; C:\WINDOWS\System32\DRIVERS\nvsmu.sys [2007-10-12 13312]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\System32\DRIVERS\ctoss2k.sys [2005-01-10 106496]
R3 P17;Sound Blaster Audigy; C:\WINDOWS\system32\drivers\P17.sys [2005-07-07 1389056]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\System32\DRIVERS\point32.sys [2007-08-21 21760]
R3 seehcri;Sony Ericsson seehcri Device Driver; C:\WINDOWS\system32\DRIVERS\seehcri.sys [2010-08-22 27632]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 aemkgepx;aemkgepx; C:\WINDOWS\system32\drivers\aemkgepx.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DCamUSBSQTECH;Dual-Mode DSC(2770); C:\WINDOWS\System32\Drivers\SQcaptur.sys [2003-01-10 30921]
S3 GarenaPEngine;GarenaPEngine; \??\C:\DOCUME~1\heRoo\LOCALS~1\Temp\AZREC.tmp []
S3 ggflt;SEMC USB Flash Driver Filter; C:\WINDOWS\system32\DRIVERS\ggflt.sys [2010-08-22 13224]
S3 ggsemc;SEMC USB Flash Driver; C:\WINDOWS\system32\DRIVERS\ggsemc.sys [2010-08-22 25512]
S3 GMSIPCI;GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2010-02-03 26176]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM); C:\WINDOWS\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS); C:\WINDOWS\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM); C:\WINDOWS\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
S3 se32;EnTech softEngine; C:\WINDOWS\system32\drivers\se32.sys [2007-05-03 12112]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\WINDOWS\System32\DRIVERS\VBoxNetAdp.sys [2010-02-12 99152]
S3 VBoxNetFlt;VBoxNetFlt Service; C:\WINDOWS\System32\DRIVERS\VBoxNetFlt.sys []
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2010-08-04 606208]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 JavaQuickStarterService;Java Quick Starter; D:\Program Files\Java\jre6\bin\jqs.exe [2010-05-09 153376]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2004-10-11 38912]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2010-09-02 2435592]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-10-08 136176]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2010-05-21 77944]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-06-22 654848]

-----------------EOF-----------------




Predom dakujem za odpoved.

Nevidím nic nebezpečného. Udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

po restarte PC uz dane vypadky neregistrujem, nahradili ich totiz mensie "vypadky", ktore su castejsie (tak raz za 5 sec) a internet pri nich uplne nespadne, iba nastane taky pol sekundovy lag. ak by som nemal zapnuty graf pripojenia, ani si ich asi nevsimnem. takisto ako pri prvom priznaku, ani toto sa mi nestava stale. naposledy mi to robilo vcera, asi pol hodinu a nasledne sa to ukludnilo. z ostatnych PC samozrejme ziadne problemy.

inak napada ma este jeden problem, ktory mam uz dlhsiu dobu a neviem ci s tymto suvisi - nemozem si nastavit zobrazovanie skrytych suborov. otvorim MyComputer -> Tools -> Folder Options -> View -> Show hidden folders and files, zakliknem to, no po stlaceni Apply a OK sa mi to nastavenie nejak neulozi a ked to menu znova otvorim, je to odkliknute.

ako pozeram, vacsina toho najdeneho svinstva je uz niekde zapotrosena v zalohe po X reinstaloch, takze by mala byt neskodna

tu je teda ten MBAM, nemazal som zatial nic:

Malwarebytes' Anti-Malware 1.50.1.1100
http://www.malwarebytes.org

Database version: 5485

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

9.1.2011 10:41:56
mbam-log-2011-01-09 (10-41-53).txt

Scan type: Full scan (C:\|D:\|E:\|G:\|)
Objects scanned: 583006
Time elapsed: 2 hour(s), 16 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 20

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\MADOWN (Worm.Magania) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (PUM.Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\heRoo\Desktop\[cheat-project.com] super simple wall v5.1 2008-08-16\sswv5.1.exe (Spyware.OnlineGames) -> No action taken.
d:\ghostone1.6.251\GHostOne\wardenbnls\.svn\text-base\bnls.exe.svn-base (Spyware.Passwords) -> No action taken.
d:\ghostone1.6.251\GHostOne\wardenbnls\.svn\text-base\wardenupdater.exe.svn-base (Spyware.Passwords) -> No action taken.
d:\astlog\astlog.exe (HackTool.Asterisk) -> No action taken.
d:\Hry\cs\steamapps\heroo16\counter-strike\cstrike\remote_administrator_control_v3.3\Patch\rac.server.3.3.1-patch-icu.exe (Trojan.Agent) -> No action taken.
g:\Games\diablo ii\diablo ii\tojejedno\diablo ii.exe (Trojan.Meredrop) -> No action taken.
g:\system volume information\_restore{fed7b150-9f56-4f19-ab4b-3dbc9ae6b3fd}\RP9\A0004261.exe (Trojan.Armin) -> No action taken.
g:\system volume information\_restore{fed7b150-9f56-4f19-ab4b-3dbc9ae6b3fd}\RP9\A0004266.exe (Trojan.Agent) -> No action taken.
g:\system volume information\_restore{fed7b150-9f56-4f19-ab4b-3dbc9ae6b3fd}\RP9\A0004271.exe (Trojan.Armin) -> No action taken.
g:\HDD\format\Ostatne\Format\D\Cheaty\bez textu\W Cheat\w_cheat_(2,2,0)\wcheat-2.2.0-public\wCheat\wcheat public.exe (Trojan.Armin) -> No action taken.
g:\HDD\format\Ostatne\Format\D\Cheaty\S textom\super simple esp v3.4\super simple esp v3.4\sse v3.4.exe (Spyware.OnlineGames) -> No action taken.
g:\HDD\format\Ostatne\Format\D\Cheaty\S textom\super simple wall 4.01\super simple wall 4.01\ss wall v4.01.exe (Spyware.OnlineGames) -> No action taken.
g:\HDD\format\Ostatne\Format\D\Cheaty\S textom\super simple wall v4.6\super simple wall v4.6\s s wall v4.6.exe (Spyware.OnlineGames) -> No action taken.
g:\HDD\format\Ostatne\Format\D\Cheaty\S textom\super simple wall v4.8\super simple wall v4.8\ssw4.8.exe (Spyware.OnlineGames) -> No action taken.
g:\HDD\format\Ostatne\Format\D\Cheaty\S textom\super simple wall v5.0\super simple wall v5.0\sswv5.0.exe (Spyware.OnlineGames) -> No action taken.
g:\HDD\program files\pspad editor\QIP\Users\473311756\rcvdfiles\449607703\Emo Tear\Emo Tear.exe (Application.ScreenSpy) -> No action taken.
g:\HDD\zaloha\re.exe (Trojan.Dropper) -> No action taken.
g:\HDD\zaloha\tourney_master_3_ultimate_3.5.0\tourney master 3 ultimate 3.5.0\tm3u.exe (RiskWare.Tool.CK) -> No action taken.
g:\pspad editor\QIP\Users\473311756\rcvdfiles\449607703\Emo Tear\Emo Tear.exe (Application.ScreenSpy) -> No action taken.
c:\WINDOWS\system32\amvo0.dll (Trojan.Agent) -> No action taken.

Všechny nalezené položky smažte.

vymazane, dakujem. ak by sa nahodou znova objavil ten problem, dam vediet.

Nemáte zač!