VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

zamrzani PC a samovolne restarty

https://forum.viry.cz:443/viewtopic.php?t=108376

Stránka 1 z 1

zamrzani PC a samovolne restarty

Napsal: 10 led 2011 18:10
od tom6878
Prosím o pomoc, při sledování videa v prohlížeči Mozilla Firefox vždy po 1 minutě nebo i po pár sekundách PC zamrzne (doprovázeno i zaseknutím zvuku) a samovolně se restartuje. Ještě před 2 dny to šlo normálně ale od včera se opakuje přesně tohle...přikládám log z RSIT:

Logfile of random's system information tool 1.08 (written by random/random)
Run by TIBET at 2011-01-10 17:56:03
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 20 GB (15%) free of 130 GB
Total RAM: 3327 MB (84% free)


======Scheduled tasks folder======

C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-THC-TIBET.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-09-23 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-09-23 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-07-03 16876032]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2009-02-15 981384]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-29 61440]
"AdobeAAMUpdater-1.0"=C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-12-22 500208]
"SwitchBoard"=C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS5ServiceManager"=C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"AdobeBridge"= []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-11-25 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Steam\SteamApps\common\mafia ii\pc\Mafia2.exe"="C:\Program Files\Steam\SteamApps\common\mafia ii\pc\Mafia2.exe:*:Enabled:Mafia II"
"C:\Hry\Age Of Empires 3\Age Of Empires 3\age3x.exe"="C:\Hry\Age Of Empires 3\Age Of Empires 3\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs"
"C:\Hry\Age Of Empires 3\Age Of Empires 3\age3y.exe"="C:\Hry\Age Of Empires 3\Age Of Empires 3\age3y.exe:*:Enabled:Age of Empires III - The Asian Dynasties"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"C:\Downloads\Facemoods.exe"="C:\Downloads\Facemoods.exe:*:Enabled:Facemoods Installer"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe"="C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
"C:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe"="C:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV"
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"
"C:\Program Files\Grand Theft Auto IV - Episodes From Liberty City\EFLC.exe"="C:\Program Files\Grand Theft Auto IV - Episodes From Liberty City\EFLC.exe:*:Enabled:Grand Theft Auto IV - Episodes From Liberty City"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"

======List of files/folders created in the last 1 months======

2011-01-10 17:56:04 ----D---- C:\Program Files\trend micro
2011-01-10 17:56:03 ----D---- C:\rsit
2010-12-27 22:37:58 ----D---- C:\Program Files\PoolShark2Saves
2010-12-27 22:29:15 ----D---- C:\Program Files\PoolShark2
2010-12-22 12:32:09 ----D---- C:\Documents and Settings\TIBET\Data aplikací\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-12-22 12:25:22 ----D---- C:\Documents and Settings\All Users\Data aplikací\regid.1986-12.com.adobe
2010-12-22 12:21:49 ----D---- C:\Program Files\Adobe Media Player
2010-12-22 12:20:11 ----D---- C:\Program Files\Common Files\Adobe AIR
2010-12-15 22:38:05 ----D---- C:\Program Files\softendo.com

======List of files/folders modified in the last 1 months======

2011-01-10 17:56:13 ----D---- C:\WINDOWS\Prefetch
2011-01-10 17:56:04 ----RD---- C:\Program Files
2011-01-10 17:55:24 ----SHD---- C:\System Volume Information
2011-01-10 17:55:23 ----RD---- C:\Downloads
2011-01-10 17:44:19 ----D---- C:\WINDOWS\system32
2011-01-10 17:44:19 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-01-10 17:41:24 ----D---- C:\WINDOWS\Internet Logs
2011-01-10 17:40:47 ----D---- C:\WINDOWS\Temp
2011-01-10 16:35:09 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-01-10 14:12:25 ----D---- C:\WINDOWS
2011-01-09 22:02:38 ----D---- C:\Documents and Settings\TIBET\Data aplikací\uTorrent
2011-01-09 21:47:32 ----D---- C:\WINDOWS\system32\config
2011-01-09 15:58:59 ----D---- C:\Documents and Settings\TIBET\Data aplikací\ICQ
2011-01-09 14:23:59 ----D---- C:\Program Files\ICQ7.2
2011-01-05 22:35:27 ----RD---- C:\VYPALIT
2011-01-03 18:00:21 ----D---- C:\Documents and Settings\TIBET\Data aplikací\esmska
2010-12-29 16:14:30 ----D---- C:\Program Files\Mozilla Firefox
2010-12-28 21:22:10 ----D---- C:\WINDOWS\system32\CatRoot2
2010-12-28 21:21:48 ----SHD---- C:\WINDOWS\Installer
2010-12-28 21:21:47 ----HD---- C:\Config.Msi
2010-12-23 02:00:00 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2010-12-23 01:26:53 ----D---- C:\Documents and Settings\TIBET\Data aplikací\Adobe
2010-12-22 12:28:06 ----SD---- C:\WINDOWS\Tasks
2010-12-22 12:23:22 ----D---- C:\Program Files\Adobe
2010-12-22 12:22:55 ----D---- C:\Program Files\Common Files\Adobe
2010-12-22 12:22:33 ----RSD---- C:\WINDOWS\Fonts
2010-12-22 12:20:11 ----D---- C:\Program Files\Common Files
2010-12-22 12:18:44 ----D---- C:\WINDOWS\WinSxS
2010-12-22 11:14:17 ----SD---- C:\Documents and Settings\TIBET\Data aplikací\Microsoft
2010-12-22 11:14:16 ----D---- C:\WINDOWS\system32\wbem
2010-12-18 11:43:40 ----D---- C:\Program Files\Ford Racing 3

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-10-02 717296]
R0 srescan;srescan; C:\WINDOWS\system32\ZoneLabs\srescan.sys [2008-11-17 51688]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2009-02-15 353672]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2010-10-20 278984]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2010-10-20 25416]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-11-25 4463104]
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2010-01-28 95232]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-07-03 4745216]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2007-10-29 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-01-03 105856]
S2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.; C:\WINDOWS\system32\drivers\wf88vcap.sys []
S2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.; C:\WINDOWS\system32\drivers\WF88XBAR.sys []
S2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.; C:\WINDOWS\system32\drivers\WF88TUNE.sys []
S3 arpy9gbz;arpy9gbz; C:\WINDOWS\system32\drivers\arpy9gbz.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-07-09 16384]
S3 FLASHSYS;FLASHSYS; \??\C:\Program Files\MSI\Live Update 4\LU4\FLASHSYS.sys []
S3 FreshIO;FreshIO; \??\C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys []
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-06-21 51088]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-06-21 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-06-21 21744]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2002-12-12 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-07-09 83968]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-07-09 10112]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-07-09 10880]
S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-11-12 7168]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-07-09 14976]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WFIOCTL;WFIOCTL; \??\C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-07-09 18688]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-11-25 602112]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-09-23 153376]
R2 NMSAccess;NMSAccess; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2010-03-04 71096]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2009-02-15 2402184]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-19 348344]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-10-28 593920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-03-18 65536]
S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Re: zamrzani PC a samovolne restarty

Napsal: 10 led 2011 18:50
od Rudy
Log vypadá čistý. Udělejte sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

Re: zamrzani PC a samovolne restarty

Napsal: 10 led 2011 19:49
od tom6878
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verze databáze: 5497

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

10.1.2011 19:48:19
mbam-log-2011-01-10 (19-48-10).txt

Typ kontroly: Rychlý test
Testované objekty: 135599
Uplynulý čas: 2 minut, 17 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 3
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

Re: zamrzani PC a samovolne restarty

Napsal: 10 led 2011 20:56
od Rudy
Nalezené položky smažte.

Re: zamrzani PC a samovolne restarty

Napsal: 10 led 2011 22:20
od tom6878
Smazáno ale zase se to opakovalo.

Re: zamrzani PC a samovolne restarty

Napsal: 10 led 2011 22:22
od Rudy
Nainstalujte Speedfan: http://www.stahuj.centrum.cz/utility_a_ ... /speedfan/ a za chodu PC kontrolujte teploity komponent. Hlaste hodnoty, které zjistíte.

Re: zamrzani PC a samovolne restarty

Napsal: 11 led 2011 19:29
od tom6878
Speedfan tam mam a sleduju to : je tam napsáno Temp1 / Temp2 / Temp3 / HDD / Core ......teploty bez větší zátěže (prohlížení webovek-facebook-youtube): Temp1 - 44-47 C / Temp2 - 40-43 C / Temp3 - 33 C / HDD - 37 C / Core - 33 C a při přehrávání videa na jiných stránkách nebo při hraní Mafia 2: Temp1 - 48-60 C / Temp2 - 39-43 C / Temp3 - 33 C / HDD - 37 C / Core -37-48 C

Re: zamrzani PC a samovolne restarty

Napsal: 11 led 2011 19:36
od Rudy
Teploty jsou OK. Zkuste obnovu systému k datu, kdy korektně fungoval.

Re: zamrzani PC a samovolne restarty

Napsal: 12 led 2011 00:14
od tom6878
Obnova systému nejde ! (???) Vždycky se objeví hláška že se operace nezdařila.

Re: zamrzani PC a samovolne restarty

Napsal: 12 led 2011 19:05
od Rudy
Dejte log z ComboFix, bude-li to možné.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

Re: zamrzani PC a samovolne restarty

Napsal: 12 led 2011 20:43
od tom6878
ComboFix 11-01-11.03 - TIBET 12.01.2011 20:34:48.1.3 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3327.2852 [GMT 1:00]
Spuštěný z: c:\documents and settings\TIBET\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1227 [VPS 110112-1] *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\TIBET\Data aplikací\facemoods.com

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-12-12 do 2011-01-12 )))))))))))))))))))))))))))))))
.

2011-01-10 21:26 . 2011-01-12 17:30 -------- d-----w- c:\program files\SpeedFan
2011-01-10 17:57 . 2011-01-10 17:57 -------- d-----w- c:\documents and settings\TIBET\Data aplikací\Malwarebytes
2011-01-10 17:57 . 2011-01-10 17:57 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-01-10 17:57 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-10 17:57 . 2011-01-10 17:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-10 17:57 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-10 16:56 . 2011-01-10 16:56 -------- d-----w- c:\program files\trend micro
2011-01-10 16:56 . 2011-01-10 16:56 -------- d-----w- C:\rsit
2010-12-27 21:29 . 2010-12-27 21:31 -------- d-----w- c:\program files\PoolShark2
2010-12-22 11:32 . 2010-12-22 11:32 -------- d-----w- c:\documents and settings\TIBET\Data aplikací\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-12-22 11:25 . 2010-12-22 11:25 -------- d-----w- c:\documents and settings\All Users\Data aplikací\regid.1986-12.com.adobe
2010-12-22 11:21 . 2010-12-22 11:21 -------- d-----w- c:\program files\Adobe Media Player
2010-12-22 11:20 . 2010-12-22 11:20 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-12-15 21:38 . 2010-12-15 21:38 -------- d-----w- c:\program files\softendo.com

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-11 15:49 . 2010-11-09 12:09 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-11-09 16:53 . 2010-11-09 16:53 49152 ----a-r- c:\documents and settings\TIBET\Data aplikací\Microsoft\Installer\{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0}\ARPPRODUCTICON.exe
2010-10-20 15:36 . 2010-10-20 15:36 278984 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-10-20 15:36 . 2010-10-20 15:36 25416 ----a-w- c:\windows\system32\drivers\lirsgt.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-03 16876032]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-12-22 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\mafia ii\\pc\\Mafia2.exe"=
"c:\\Hry\\Age Of Empires 3\\Age Of Empires 3\\age3x.exe"=
"c:\\Hry\\Age Of Empires 3\\Age Of Empires 3\\age3y.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Grand Theft Auto IV - Episodes From Liberty City\\EFLC.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2.10.2010 20:19 717296]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [23.9.2010 19:10 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [23.9.2010 19:10 20560]
S2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.;c:\windows\system32\drivers\wf88vcap.sys --> c:\windows\system32\drivers\wf88vcap.sys [?]
S2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.;c:\windows\system32\drivers\WF88XBAR.sys --> c:\windows\system32\drivers\WF88XBAR.sys [?]
S2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.;c:\windows\system32\drivers\WF88TUNE.sys --> c:\windows\system32\drivers\WF88TUNE.sys [?]
S3 FLASHSYS;FLASHSYS;c:\program files\MSI\Live Update 4\LU4\FlashSys.sys [28.9.2010 23:59 9216]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 13:37 517096]
S3 WFIOCTL;WFIOCTL;\??\c:\program files\WinFast\WFTVFM\WFIOCTL.SYS --> c:\program files\WinFast\WFTVFM\WFIOCTL.SYS [?]
.
Obsah adresáře 'Naplánované úlohy'

2011-01-06 c:\windows\Tasks\AdobeAAMUpdater-1.0-THC-TIBET.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-12-22 11:15]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\TIBET\Data aplikací\Mozilla\Firefox\Profiles\i4iy5mft.default\
FF - prefs.js: browser.search.selectedEngine - Seznam
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.seznam.cz/?sourceid=FF_5&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Seznam lištička: {ea614400-e918-4741-9a97-7a972ff7c30b} - c:\program files\Mozilla Firefox\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
FF - Ext: Easy Youtube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-AdobeBridge - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-12 20:36
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1177238915-1454471165-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:7a,de,c6,66,cd,28,51,65,1e,82,1f,a5,09,c5,d1,b4,b0,98,19,9b,36,40,97,
f5,b7,07,fb,65,6c,a8,13,01,9f,b4,75,c2,6c,4c,f3,d6,68,45,3e,ec,89,67,03,b5,\
"??"=hex:59,e5,97,70,47,08,a5,1e,f6,13,83,cc,52,0d,a6,6c

[HKEY_USERS\S-1-5-21-1177238915-1454471165-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:15,7f,ed,ab,e8,5d,28,eb,d9,a6,72,73,55,0f,8d,6a,20,76,72,05,db,
fd,a0,27,71,17,46,ba,eb,2f,14,d5,d0,93,e9,3b,01,6c,a5,16,1a,1c,fb,1b,a1,f7,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(792)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3212)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2011-01-12 20:37:49
ComboFix-quarantined-files.txt 2011-01-12 19:37

Před spuštěním: Volných bajtů: 20 876 525 568
Po spuštění: Volných bajtů: 20 838 694 912

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - BD4592E32982302AEF306B33DE94097A

Re: zamrzani PC a samovolne restarty

Napsal: 12 led 2011 20:52
od Rudy
1 infikovaná položka byla smazána, zbytek logu vypadá čistý. Nastala nějaká změna?

Re: zamrzani PC a samovolne restarty

Napsal: 13 led 2011 18:47
od tom6878
Zatim to vypadá dobře tak děkuju za pomoc.

Re: zamrzani PC a samovolne restarty

Napsal: 13 led 2011 20:08
od Rudy
Nemáte zač!
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz