Pc se vypíná po 30min
Napsal: 26 čer 2011 20:18
Zdravím,
bratrovi se vypíná Pc po 30min.
Snažil jsem se to řešit přes jeden starý topic právě zde, ale rád bych měl jistotu,že má PC čisté.
Spustil jsem Rkill, ... i přesto se to po čase restartovalo. Pak jsem nahral combofix a po skenu zatím dobré, bez restartu.
Zasílám oba logy:
Rkill:
Je vše ok? Díky za vaše rady.
bratrovi se vypíná Pc po 30min.
Snažil jsem se to řešit přes jeden starý topic právě zde, ale rád bych měl jistotu,že má PC čisté.
Spustil jsem Rkill, ... i přesto se to po čase restartovalo. Pak jsem nahral combofix a po skenu zatím dobré, bez restartu.
Zasílám oba logy:
Rkill:
Combofix:This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Rkill was run on 26.06.2011 at 20:10:03.
Operating System: Microsoft Windows XP
Processes terminated by Rkill or while it was running:
C:\PROGRA~1\MICROS~2\rapimgr.exe
D:\programy\DAEMON Tools Lite\DTLite.exe
D:\programy\ICQ7\ICQ7.4\ICQ.exe
C:\Documents and Settings\Lukas\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Lukas\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Lukas\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Lukas\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Lukas\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Lukas\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Lukas\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
D:\!_stazeno\rkill.com
D:\programy\Avast5\defs\11062600\Sf.bin
Rkill completed on 26.06.2011 at 20:10:08.
ComboFix 11-06-26.01 - Lukas 26.06.2011 20:46:17.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1332 [GMT 2:00]
Spuštěný z: d:\!_stazeno\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Lukas\WINDOWS
c:\windows\settings.reg
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-05-26 do 2011-06-26 )))))))))))))))))))))))))))))))
.
.
2011-06-26 12:45 . 2011-06-26 12:45 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Trymedia
2011-06-23 19:11 . 2011-06-23 19:12 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Solidshield
2011-06-14 23:03 . 1996-10-15 16:01 298496 ----a-w- c:\windows\uninst.exe
2011-06-12 22:21 . 2011-06-12 22:25 -------- d-----w- c:\documents and settings\Lukas\Data aplikací\My Battle for Middle-earth Files
2011-05-29 10:07 . 2011-05-29 10:07 -------- d-----w- c:\documents and settings\Lukas\Data aplikací\Dyyno
2011-05-29 02:11 . 2011-05-29 02:11 -------- d-----w- c:\program files\Common Files\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-15 21:11 . 2011-04-03 20:11 138264 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-06-15 21:11 . 2011-04-03 20:16 234768 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-06-15 21:11 . 2011-04-03 20:11 234768 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-05-25 19:24 . 2011-05-25 19:24 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-10 12:10 . 2010-07-28 23:28 40112 ----a-w- c:\windows\avastSS.scr
2011-05-10 12:10 . 2010-07-28 23:28 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-10 12:03 . 2011-05-05 13:05 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-10 12:03 . 2010-07-28 23:29 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-10 12:02 . 2010-07-28 23:29 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-10 12:02 . 2010-07-28 23:29 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-05-10 12:02 . 2010-07-28 23:29 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-05-10 11:59 . 2010-07-28 23:29 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-10 11:59 . 2010-07-28 23:29 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-05-10 11:59 . 2010-07-28 23:29 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-04-03 20:11 . 2011-04-03 20:11 138056 ----a-w- c:\documents and settings\Lukas\Data aplikací\PnkBstrK.sys
2011-04-03 20:11 . 2011-04-03 20:11 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-05-30 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- d:\programy\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="d:\programy\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Steam"="d:\programy\steam\Steam.exe" [2010-12-22 1242448]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"Dyyno Launcher"="d:\programy\Dyyno Broadcaster\dyyno_launcher.exe" [2011-01-15 2151776]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2010-07-28 868352]
"P17Helper"="P17.dll" [2005-05-03 64512]
"StartCCC"="d:\programy\ATI\drivers\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-26 98304]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 570664]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Documents and Settings\\Lukas\\Plocha\\Miranda IM\\Mir4nda-IM-0.7.1-Pack-v2.0\\Mir4nda-IM-0.7.1-Pack-v2.0\\miranda32.exe"=
"d:\\games\\StarCraft II\\StarCraft II.exe"=
"d:\\games\\Anno 1404\\Anno4.exe"=
"d:\\games\\Anno 1404\\tools\\Anno4Web.exe"=
"d:\\games\\Anno 1404\\tools\\Benchmark.exe"=
"d:\\games\\Battlefield Bad Company 2\\BFBC2Updater.exe"=
"d:\\games\\Battlefield 2\\BF2.exe"=
"d:\\games\\Counter-Strike\\hlds.exe"=
"d:\\games\\Counter-Strike\\hl.exe"=
"d:\\games\\Landwirtschafts Simulator 2011\\FarmingSimulator2011.exe"=
"d:\\games\\Landwirtschafts Simulator 2011\\game.exe"=
"d:\\!_stazeno\\kknd_extreme\\kknd\\KKND.EXE"=
"d:\\programy\\steam\\Steam.exe"=
"d:\\programy\\steam\\steamapps\\common\\alien swarm\\srcds.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\games\\League of Legends\\air\\LolClient.exe"=
"d:\\games\\League of Legends\\game\\League of Legends.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"d:\\games\\StarCraft II\\Versions\\Base16939\\SC2.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\programy\\ICQ7\\ICQ7.4\\ICQ.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\games\\Battlefield Play4Free\\BFP4f.exe"=
"d:\\programy\\steam\\steamapps\\common\\alien swarm\\swarm.exe"=
"d:\\games\\StarCraft II\\Versions\\Base18092\\SC2.exe"=
"d:\\games\\Call of Duty - Black Ops\\BlackOps.exe"=
"d:\\games\\The Settlers II - 10th Anniversary\\bin\\s2dng_addon.exe"=
"d:\\games\\StarCraft II\\Versions\\Base18574\\SC2.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"d:\\games\\Stonghold Crusader\\Stronghold Crusader.exe"=
"d:\\programy\\Dyyno Broadcaster\\dgcsrv.exe"=
"d:\\programy\\Dyyno Broadcaster\\dppm_source.exe"=
"d:\\up\\_image_hry\\Crysis(R) 2\\bin32\\Crysis2.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"8396:TCP"= 8396:TCP:League of Legends Launcher
"8396:UDP"= 8396:UDP:League of Legends Launcher
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28.8.2010 13:27 691696]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5.5.2011 15:05 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [29.7.2010 1:29 307928]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [29.7.2010 1:29 19544]
R2 Dyyno Launcher;Dyyno Service;d:\programy\Dyyno Broadcaster\launcherd.exe [15.1.2011 4:20 415072]
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/sm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - d:\programy\ICQ7\ICQ7.4\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Lukas\Data aplikací\Mozilla\Firefox\Profiles\xuzbdc00.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=
FF - prefs.js: keyword.enabled - false
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-ICQ - d:\programy\ICQ7\ICQ7.2\ICQ.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-26 20:54
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(708)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Celkový čas: 2011-06-26 20:57:34
ComboFix-quarantined-files.txt 2011-06-26 18:57
.
Před spuštěním: 6 520 786 944
Po spuštění: 6 548 557 824
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 4E065264882E4F934747CFDC30C543B1
Je vše ok? Díky za vaše rady.
Nebezpeči Combofixu
