Stránka 1 z 1

havěť v PC - kontrola logu

Napsal: 31 pro 2012 16:30
od PCmaniac99
Ahoj, prosím Vás o kontrolu logu. Nejspíš mám v PC něakou havět která mi blokuje správnou fci Nortona a celkově mi zpomaluje systém.

Logfile of random's system information tool 1.09 (written by random/random)
Run by Administrator at 2012-12-31 16:25:35
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 12 GB (31%) free of 40 GB
Total RAM: 2047 MB (85% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:25:43, on 31.12.2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Opera\opera.exe
C:\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\6.4.0.9\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\6.4.0.9\IPS\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\6.4.0.9\coIEPlg.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\Programy\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\6.4.0.9\ccSvcHst.exe
O23 - Service: PandoraService (PanService) - Pandora.TV - C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 4416 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-1580436667-854245398-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-1580436667-854245398-1003UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27 63944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Norton Identity Protection - C:\Program Files\Norton 360\Engine\6.4.0.9\coIEPlg.dll [2012-09-26 511968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Norton Vulnerability Protection - C:\Program Files\Norton 360\Engine\6.4.0.9\IPS\IPSBHO.DLL [2012-06-21 210400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2012-09-25 449512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-09-25 155384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton 360\Engine\6.4.0.9\coIEPlg.dll [2012-09-26 511968]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-07-27 919008]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-04-05 98304]
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []
"PWRISOVM.EXE"=D:\Programy\PowerISO\PWRISOVM.EXE [2010-04-12 180224]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\System32\CTFMON.EXE [2004-08-17 15360]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2012-04-06 192512]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"C:\Program Files\BitTorrent\BitTorrent.exe"="C:\Program Files\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent"
"D:\Programy\Utorrent\uTorrent.exe"="D:\Programy\Utorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Red Sky\DownTango\DownTango.exe"="C:\Program Files\Red Sky\DownTango\DownTango.exe:*:Enabled:DownTango application"
"C:\Program Files\Red Sky\DownTango\pyload-dist\pyLoadCore.exe"="C:\Program Files\Red Sky\DownTango\pyload-dist\pyLoadCore.exe:*:Enabled:pyLoadCore application"
"D:\Hry\Half Life 2\hl2\hl2.exe"="D:\Hry\Half Life 2\hl2\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe"="C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe:*:Disabled:Opera Internet Browser - Plugin wrapper"
"C:\Counter-Strike 2D\Counter-Strike 2D\CounterStrike2D.exe"="C:\Counter-Strike 2D\Counter-Strike 2D\CounterStrike2D.exe:*:Enabled:CounterStrike2D"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Documents and Settings\Filip\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe"="C:\Documents and Settings\Filip\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome"
"C:\Program Files\PANDORA.TV\PanService\PandoraService.exe"="C:\Program Files\PANDORA.TV\PanService\PandoraService.exe:*:Enabled:PandoraService"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.l3acm"=C:\WINDOWS\System32\l3codeca.acm
"VIDC.MKVC"=KMVIDC32.DLL
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv

======List of files/folders created in the last 1 month======

2012-12-31 16:25:36 ----D---- C:\Program Files\trend micro
2012-12-31 16:25:35 ----D---- C:\rsit
2012-12-31 16:24:45 ----A---- C:\RSIT.exe
2012-12-31 16:22:25 ----D---- C:\WINDOWS\CSC
2012-12-31 16:18:56 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Opera
2012-12-31 16:18:27 ----ASH---- C:\Documents and Settings\Administrator\Data aplikací\desktop.ini
2012-12-31 16:18:26 ----SD---- C:\Documents and Settings\Administrator\Data aplikací\Microsoft
2012-12-31 16:18:02 ----A---- C:\WINDOWS\ntbtlog.txt
2012-12-31 11:31:59 ----D---- C:\WINDOWS\system32\CatRoot_bak
2012-12-29 15:01:00 ----A---- C:\WINDOWS\EF2.INI
2012-12-29 13:51:57 ----D---- C:\Documents and Settings\All Users\Data aplikací\Apple Computer
2012-12-29 13:51:27 ----D---- C:\Program Files\Common Files\Apple
2012-12-29 13:51:05 ----D---- C:\Program Files\Apple Software Update
2012-12-29 13:51:05 ----D---- C:\Documents and Settings\All Users\Data aplikací\Apple
2012-12-29 10:16:51 ----RA---- C:\WINDOWS\system32\drivers\SymIM.sys
2012-12-29 09:18:04 ----D---- C:\Program Files\Opera
2012-12-13 20:51:49 ----A---- C:\WINDOWS\system32\systeminfo.dll
2012-12-13 20:45:28 ----A---- C:\WINDOWS\system32\psisdecd.dll
2012-12-13 20:45:28 ----A---- C:\WINDOWS\system32\gdiplus.dll
2012-12-13 20:45:20 ----D---- C:\Documents and Settings\All Users\Data aplikací\DVD X Studios
2012-12-08 11:58:21 ----D---- C:\Program Files\Mozilla Firefox
2012-12-05 20:47:23 ----HDC---- C:\WINDOWS\$NtUninstallXPSEPSCLP$
2012-12-05 20:47:03 ----D---- C:\WINDOWS\system32\cs-CZ
2012-12-05 20:44:24 ----D---- C:\Program Files\MSBuild
2012-12-05 20:44:17 ----D---- C:\WINDOWS\system32\XPSViewer
2012-12-05 20:44:11 ----D---- C:\WINDOWS\system32\en-us
2012-12-05 20:44:10 ----D---- C:\Program Files\Reference Assemblies
2012-12-05 20:43:18 ----N---- C:\WINDOWS\system32\spmsg2.dll
2012-12-05 20:39:24 ----HDC---- C:\WINDOWS\$NtUninstallWIC$
2012-12-05 20:39:15 ----D---- C:\Program Files\MSXML 6.0
2012-12-05 20:29:15 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2012-12-05 19:41:29 ----D---- C:\Program Files\Windows Installer Clean Up
2012-12-05 19:41:13 ----D---- C:\Program Files\MSECACHE
2012-12-05 19:25:15 ----D---- C:\Program Files\CCleaner
2012-12-05 19:22:48 ----D---- C:\WINDOWS\SxsCaPendDel
2012-12-04 16:31:59 ----D---- C:\Program Files\Microsoft XNA
2012-12-03 18:28:24 ----D---- C:\League of legends

======List of files/folders modified in the last 1 month======

2012-12-31 16:25:36 ----RD---- C:\Program Files
2012-12-31 16:22:25 ----D---- C:\WINDOWS
2012-12-31 16:18:25 ----D---- C:\Documents and Settings
2012-12-31 15:44:40 ----D---- C:\WINDOWS\Prefetch
2012-12-31 15:03:23 ----D---- C:\WINDOWS\Temp
2012-12-31 14:02:09 ----HD---- C:\WINDOWS\inf
2012-12-31 14:02:06 ----D---- C:\WINDOWS\system32\CatRoot2
2012-12-31 14:01:27 ----D---- C:\WINDOWS\system32\CatRoot
2012-12-31 12:40:26 ----D---- C:\Documents and Settings\All Users\Data aplikací\Norton
2012-12-31 12:13:02 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-12-31 11:31:59 ----D---- C:\WINDOWS\system32
2012-12-31 11:31:56 ----D---- C:\WINDOWS\Debug
2012-12-31 11:03:29 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-12-31 11:03:27 ----SD---- C:\WINDOWS\Downloaded Program Files
2012-12-31 11:03:27 ----D---- C:\WINDOWS\SoftwareDistribution
2012-12-31 10:53:42 ----SHD---- C:\System Volume Information
2012-12-30 17:18:49 ----D---- C:\Program Files\The KMPlayer
2012-12-30 17:18:21 ----D---- C:\WINDOWS\system32\config
2012-12-29 13:52:13 ----SHD---- C:\WINDOWS\Installer
2012-12-29 13:51:36 ----D---- C:\WINDOWS\WinSxS
2012-12-29 13:51:27 ----D---- C:\Program Files\Common Files
2012-12-29 13:51:09 ----SD---- C:\WINDOWS\Tasks
2012-12-29 10:49:56 ----HD---- C:\Program Files\InstallShield Installation Information
2012-12-29 10:49:45 ----D---- C:\Program Files\worms2
2012-12-29 10:47:44 ----D---- C:\Documents and Settings\All Users\Data aplikací\Tarma Installer
2012-12-29 10:43:56 ----RSD---- C:\WINDOWS\assembly
2012-12-29 10:42:06 ----D---- C:\Program Files\Cheat Engine
2012-12-29 10:16:51 ----D---- C:\WINDOWS\system32\drivers
2012-12-29 09:56:27 ----D---- C:\WINDOWS\Logs
2012-12-29 09:25:00 ----D---- C:\WINDOWS\Help
2012-12-24 20:01:59 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2012-12-24 20:00:27 ----D---- C:\WINDOWS\system32\ReinstallBackups
2012-12-22 09:22:09 ----D---- C:\Documents and Settings\All Users\Data aplikací\Blizzard Entertainment
2012-12-20 13:07:18 ----D---- C:\WINDOWS\system32\DirectX
2012-12-20 10:14:37 ----D---- C:\Documents and Settings\All Users\Data aplikací\PMB Files
2012-12-19 20:13:39 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-12-13 08:24:10 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2012-12-08 15:48:26 ----D---- C:\Program Files\Mozilla Maintenance Service
2012-12-05 21:44:00 ----D---- C:\WINDOWS\Microsoft.NET
2012-12-05 20:46:41 ----D---- C:\WINDOWS\system32\mui
2012-12-05 20:44:21 ----RSD---- C:\WINDOWS\Fonts
2012-12-05 20:43:35 ----D---- C:\WINDOWS\system32\spool
2012-12-05 20:41:26 ----D---- C:\Program Files\Internet Explorer
2012-12-05 20:41:19 ----D---- C:\Program Files\Common Files\Microsoft Shared
2012-12-05 20:41:14 ----D---- C:\WINDOWS\PCHealth
2012-12-01 11:20:53 ----N---- C:\WINDOWS\Setup1.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 sisagp;Filtr SIS sběrnice AGP ; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2004-08-03 41088]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2012-07-04 477240]
R0 SymDS;Symantec Data Store; C:\WINDOWS\system32\drivers\N360\0604000.009\SYMDS.SYS [2012-03-29 340088]
R0 SymEFA;Symantec Extended File Attributes; C:\WINDOWS\system32\drivers\N360\0604000.009\SYMEFA.SYS [2012-05-22 924320]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2012-08-21 242240]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2004-08-17 14848]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\System32\DRIVERS\sisnic.sys [2004-08-03 32768]
R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2012-03-29 44024]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2004-08-17 41216]
S1 BHDrvx86;BHDrvx86; \??\C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20121130.005\BHDrvx86.sys []
S1 ccSet_N360;Norton 360 Settings Manager; C:\WINDOWS\system32\drivers\N360\0604000.009\ccSetx86.sys [2012-06-07 132768]
S1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
S1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2010-04-12 59388]
S1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\WINDOWS\system32\drivers\N360\0604000.009\SRTSPX.SYS [2012-07-06 32928]
S1 SymIRON;Symantec Iron Driver; C:\WINDOWS\system32\drivers\N360\0604000.009\Ironx86.SYS [2012-03-29 149624]
S1 SYMTDI;Symantec Network Dispatch Driver; C:\WINDOWS\System32\Drivers\N360\0604000.009\SYMTDI.SYS [2012-03-29 388216]
S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2012-04-06 7746048]
S3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2003-12-12 784832]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
S3 IDSxpx86;IDSxpx86; \??\C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20121230.001\IDSxpx86.sys []
S3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20121230.018\NAVENG.SYS []
S3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20121230.018\NAVEX15.SYS []
S3 SRTSP;Symantec Real Time Storage Protection; C:\WINDOWS\System32\Drivers\N360\0604000.009\SRTSP.SYS [2012-07-06 574112]
S3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2012-03-29 44024]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2012-04-06 647168]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-06-26 116648]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2012-09-24 161768]
S2 N360;Norton 360; C:\Program Files\Norton 360\Engine\6.4.0.9\ccSvcHst.exe [2012-06-16 138272]
S2 PanService;PandoraService; C:\Program Files\PANDORA.TV\PanService\PandoraService.exe [2012-06-22 625816]
S2 UserAccess7;SecuROM User Access Service (V7); C:\WINDOWS\system32\UAService7.exe [2012-06-30 126976]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-13 250808]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-06-26 116648]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-12-08 115168]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

Re: havěť v PC - kontrola logu

Napsal: 31 pro 2012 16:40
od Rudy
Zdravím!
Nejprve proveďte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

Re: havěť v PC - kontrola logu

Napsal: 31 pro 2012 17:00
od PCmaniac99
MBAM nic nenašel, použil jsem rychlou kontrolu.
EDIT: MBAM hlasí že je 17dni bez aktualizace ale ta nefunguje. On obecně mi internet jde jen na mozile, na jiných prohlížečích ne.
Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.70.0.1100
http://www.malwarebytes.org

Verze: v2012.12.14.11

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 6.0.2900.2180
Filip :: FILIPUV [administrátor]

Ochrana: Povolena

31.12.2012 16:50:51
mbam-log-2012-12-31 (16-50-51).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 209018
Uplynulý čas: 6 minut, 37 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

Re: havěť v PC - kontrola logu

Napsal: 31 pro 2012 17:26
od Rudy
Dejte log ComboFix:
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

Re: havěť v PC - kontrola logu

Napsal: 31 pro 2012 17:59
od PCmaniac99
ComboFix 12-12-31.01 - Filip 31.12.2012 17:35:19.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2047.1255 [GMT 1:00]
Spuštěný z: c:\documents and settings\Filip\Dokumenty\Sta×enÚ soubory\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Filip\WINDOWS
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\system32\systeminfo.dll
c:\windows\wininit.ini
.
c:\windows\system32\drivers\i8042prt.sys chyběl.
Obnovena kopie z - c:\windows\ServicePackFiles\i386\i8042prt.sys
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-11-28 do 2012-12-31 )))))))))))))))))))))))))))))))
.
.
2012-12-31 16:46 . 2004-08-17 13:44 52352 -c--a-w- c:\windows\system32\dllcache\i8042prt.sys
2012-12-31 16:46 . 2004-08-17 13:44 52352 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2012-12-31 15:44 . 2012-12-31 15:44 -------- d-----w- c:\documents and settings\Filip\Data aplikací\Malwarebytes
2012-12-31 15:43 . 2012-12-31 15:43 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2012-12-31 15:43 . 2012-12-31 15:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-12-31 15:43 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-31 15:25 . 2012-12-31 15:25 -------- d-----w- c:\program files\trend micro
2012-12-31 15:25 . 2012-12-31 15:25 -------- d-----w- C:\rsit
2012-12-31 15:24 . 2012-12-31 15:24 781383 ----a-w- C:\RSIT.exe
2012-12-31 15:18 . 2012-12-31 15:18 -------- d-----w- c:\documents and settings\Administrator
2012-12-31 10:31 . 2012-12-31 10:31 -------- d-----w- c:\windows\system32\CatRoot_bak
2012-12-29 12:52 . 2012-12-29 12:52 -------- d-----w- c:\documents and settings\Filip\Local Settings\Data aplikací\Apple Computer
2012-12-29 12:52 . 2012-12-29 12:52 -------- d-----w- c:\documents and settings\Filip\Data aplikací\Apple Computer
2012-12-29 12:51 . 2012-12-29 12:51 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Apple Computer
2012-12-29 12:51 . 2012-12-29 12:51 -------- d-----w- c:\program files\Common Files\Apple
2012-12-29 12:51 . 2012-12-29 12:51 -------- d-----w- c:\documents and settings\Filip\Local Settings\Data aplikací\Apple
2012-12-29 12:51 . 2012-12-29 12:51 -------- d-----w- c:\program files\Apple Software Update
2012-12-29 12:51 . 2012-12-29 12:51 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Apple
2012-12-29 09:41 . 2012-12-29 09:41 1110 ----a-w- C:\cc_20121229_104140.reg
2012-12-29 09:16 . 2012-03-29 06:28 44024 ----a-r- c:\windows\system32\drivers\SymIM.sys
2012-12-29 08:18 . 2012-12-29 08:18 -------- d-----w- c:\program files\Opera
2012-12-13 19:45 . 2012-08-29 08:39 1645320 ----a-w- c:\windows\system32\gdiplus.dll
2012-12-13 19:45 . 2004-08-17 14:49 56832 ----a-w- c:\windows\system32\msdvbnp.ax
2012-12-13 19:45 . 2004-08-17 14:49 33280 ----a-w- c:\windows\system32\psisrndr.ax
2012-12-13 19:45 . 2004-08-17 14:49 363520 -c--a-w- c:\windows\system32\dllcache\psisdecd.dll
2012-12-13 19:45 . 2004-08-17 14:49 363520 ----a-w- c:\windows\system32\psisdecd.dll
2012-12-13 19:45 . 2012-12-13 19:51 -------- d-----w- c:\documents and settings\All Users\Data aplikací\DVD X Studios
2012-12-11 16:34 . 2000-01-04 05:39 212992 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ILog.dll
2012-12-06 15:09 . 2012-12-06 15:09 -------- d-----w- c:\documents and settings\Filip\Data aplikací\LolClient
2012-12-05 19:47 . 2012-12-05 19:47 -------- d-----w- c:\windows\system32\cs-CZ
2012-12-05 19:44 . 2012-12-05 19:44 -------- d-----w- c:\program files\MSBuild
2012-12-05 19:44 . 2012-12-05 19:47 -------- d-----w- c:\windows\system32\XPSViewer
2012-12-05 19:44 . 2012-12-05 19:44 -------- d-----w- c:\program files\Reference Assemblies
2012-12-05 19:43 . 2007-03-22 19:24 28160 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2012-12-05 19:43 . 2006-06-29 12:07 14048 ------w- c:\windows\system32\spmsg2.dll
2012-12-05 19:39 . 2012-12-05 19:39 -------- d-----w- c:\program files\MSXML 6.0
2012-12-05 18:41 . 2012-12-05 18:41 3584 ----a-r- c:\documents and settings\Filip\Data aplikací\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2012-12-05 18:41 . 2012-12-05 18:41 -------- d-----w- c:\program files\Windows Installer Clean Up
2012-12-05 18:41 . 2012-12-05 18:41 -------- d-----w- c:\program files\MSECACHE
2012-12-05 18:25 . 2012-12-05 18:25 -------- d-----w- c:\program files\CCleaner
2012-12-05 18:22 . 2012-12-05 18:30 -------- d-----w- c:\windows\SxsCaPendDel
2012-12-04 15:31 . 2012-12-04 15:31 -------- d-----w- c:\program files\Microsoft XNA
2012-12-03 17:28 . 2012-12-03 17:28 -------- d-----w- C:\League of legends
2012-12-03 17:24 . 2012-12-03 17:24 -------- d-----w- c:\documents and settings\Filip\.swt
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-13 07:24 . 2012-06-25 20:02 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-13 07:24 . 2012-06-25 20:02 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-01 10:20 . 2012-07-04 15:51 286720 ------w- c:\windows\Setup1.exe
2012-10-13 18:04 . 2012-10-03 16:10 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2010-06-02 03:22 . 2010-06-02 03:22 89944 ----a-w- c:\program files\DSETUP.dll
2010-06-02 03:22 . 2010-06-02 03:22 537432 ----a-w- c:\program files\DXSETUP.exe
2010-06-02 03:22 . 2010-06-02 03:22 1801048 ----a-w- c:\program files\dsetup32.dll
2008-09-25 19:39 . 2012-10-26 13:01 3708988 ----a-w- c:\program files\CheatEngine54.exe
2012-12-08 10:59 . 2012-12-08 10:58 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2012-06-27 3093624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-05 98304]
"PWRISOVM.EXE"="d:\programy\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"d:\\Programy\\Utorrent\\uTorrent.exe"=
"c:\\Program Files\\Red Sky\\DownTango\\DownTango.exe"=
"c:\\Program Files\\Red Sky\\DownTango\\pyload-dist\\pyLoadCore.exe"=
"d:\\Hry\\Half Life 2\\hl2\\hl2.exe"=
"c:\\Counter-Strike 2D\\Counter-Strike 2D\\CounterStrike2D.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Documents and Settings\\Filip\\Local Settings\\Data aplikací\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\PANDORA.TV\\PanService\\PandoraService.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56154:TCP"= 56154:TCP:Pando Media Booster
"56154:UDP"= 56154:UDP:Pando Media Booster
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowRedirect"= 1 (0x1)
.
R?2 PanService;PandoraService;c:\program files\PANDORA.TV\PanService\PandoraService.exe [21.7.2012 19:30 625816]
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0604000.009\symds.sys [3.10.2012 14:13 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0604000.009\symefa.sys [3.10.2012 14:13 924320]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20121130.005\BHDrvx86.sys [3.12.2012 17:48 995488]
R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360\0604000.009\ccsetx86.sys [3.10.2012 14:13 132768]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [21.8.2012 11:26 242240]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0604000.009\ironx86.sys [3.10.2012 14:13 149624]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [31.12.2012 16:43 682344]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\6.4.0.9\ccsvchst.exe [3.10.2012 14:11 138272]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [16.12.2012 8:25 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20121230.001\IDSXpx86.sys [30.12.2012 23:48 373728]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [31.12.2012 16:43 21104]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
Obsah adresáře 'Naplánované úlohy'
.
2012-12-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-25 07:32]
.
2012-12-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2012-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-26 19:58]
.
2012-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-26 19:58]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://humlak.cz/
TCP: DhcpNameServer = 192.168.1.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Filip\Data aplikací\Mozilla\Firefox\Profiles\8rv54erd.default\
FF - prefs.js: browser.search.selectedEngine - Seznam
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: network.proxy.type - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-Cmaudio - cmicnfg.cpl
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-31 17:51
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\6.4.0.9\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\6.4.0.9\diMaster.dll\" /prefetch:1"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(920)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(1248)
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\UAService7.exe
c:\windows\system32\RunDll32.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Celkový čas: 2012-12-31 17:56:08 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-12-31 16:56
.
Před spuštěním: Volných bajtů: 12 930 654 208
Po spuštění: Volných bajtů: 12 905 717 760
.
- - End Of File - - AD2230C20DD1ECC76CB94C1A82E6B049

Re: havěť v PC - kontrola logu

Napsal: 31 pro 2012 18:14
od Rudy
Ještě dočistíme. Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:
KillAll::

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56154:TCP"=-
"56154:UDP"=-

Reboot::
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

Re: havěť v PC - kontrola logu

Napsal: 31 pro 2012 18:53
od PCmaniac99
ComboFix 12-12-31.01 - Administrator 31.12.2012 18:35:02.2.1 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2047.1681 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\cfscript.txt
AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-11-28 do 2012-12-31 )))))))))))))))))))))))))))))))
.
.
2012-12-31 16:46 . 2004-08-17 13:44 52352 -c--a-w- c:\windows\system32\dllcache\i8042prt.sys
2012-12-31 16:46 . 2004-08-17 13:44 52352 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2012-12-31 15:44 . 2012-12-31 15:44 -------- d-----w- c:\documents and settings\Filip\Data aplikací\Malwarebytes
2012-12-31 15:43 . 2012-12-31 15:43 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2012-12-31 15:43 . 2012-12-31 15:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-12-31 15:43 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-31 15:25 . 2012-12-31 15:25 -------- d-----w- c:\program files\trend micro
2012-12-31 15:25 . 2012-12-31 15:25 -------- d-----w- C:\rsit
2012-12-31 15:24 . 2012-12-31 15:24 781383 ----a-w- C:\RSIT.exe
2012-12-31 15:18 . 2012-12-31 15:18 -------- d-----w- c:\documents and settings\Administrator
2012-12-31 10:31 . 2012-12-31 10:31 -------- d-----w- c:\windows\system32\CatRoot_bak
2012-12-29 12:52 . 2012-12-29 12:52 -------- d-----w- c:\documents and settings\Filip\Local Settings\Data aplikací\Apple Computer
2012-12-29 12:52 . 2012-12-29 12:52 -------- d-----w- c:\documents and settings\Filip\Data aplikací\Apple Computer
2012-12-29 12:51 . 2012-12-29 12:51 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Apple Computer
2012-12-29 12:51 . 2012-12-29 12:51 -------- d-----w- c:\program files\Common Files\Apple
2012-12-29 12:51 . 2012-12-29 12:51 -------- d-----w- c:\documents and settings\Filip\Local Settings\Data aplikací\Apple
2012-12-29 12:51 . 2012-12-29 12:51 -------- d-----w- c:\program files\Apple Software Update
2012-12-29 12:51 . 2012-12-29 12:51 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Apple
2012-12-29 09:41 . 2012-12-29 09:41 1110 ----a-w- C:\cc_20121229_104140.reg
2012-12-29 09:16 . 2012-03-29 06:28 44024 ----a-r- c:\windows\system32\drivers\SymIM.sys
2012-12-29 08:18 . 2012-12-29 08:18 -------- d-----w- c:\program files\Opera
2012-12-13 19:45 . 2012-08-29 08:39 1645320 ----a-w- c:\windows\system32\gdiplus.dll
2012-12-13 19:45 . 2004-08-17 14:49 56832 ----a-w- c:\windows\system32\msdvbnp.ax
2012-12-13 19:45 . 2004-08-17 14:49 33280 ----a-w- c:\windows\system32\psisrndr.ax
2012-12-13 19:45 . 2004-08-17 14:49 363520 -c--a-w- c:\windows\system32\dllcache\psisdecd.dll
2012-12-13 19:45 . 2004-08-17 14:49 363520 ----a-w- c:\windows\system32\psisdecd.dll
2012-12-13 19:45 . 2012-12-13 19:51 -------- d-----w- c:\documents and settings\All Users\Data aplikací\DVD X Studios
2012-12-11 16:34 . 2000-01-04 05:39 212992 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ILog.dll
2012-12-06 15:09 . 2012-12-06 15:09 -------- d-----w- c:\documents and settings\Filip\Data aplikací\LolClient
2012-12-05 19:47 . 2012-12-05 19:47 -------- d-----w- c:\windows\system32\cs-CZ
2012-12-05 19:44 . 2012-12-05 19:44 -------- d-----w- c:\program files\MSBuild
2012-12-05 19:44 . 2012-12-05 19:47 -------- d-----w- c:\windows\system32\XPSViewer
2012-12-05 19:44 . 2012-12-05 19:44 -------- d-----w- c:\program files\Reference Assemblies
2012-12-05 19:43 . 2007-03-22 19:24 28160 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2012-12-05 19:43 . 2006-06-29 12:07 14048 ------w- c:\windows\system32\spmsg2.dll
2012-12-05 19:39 . 2012-12-05 19:39 -------- d-----w- c:\program files\MSXML 6.0
2012-12-05 18:41 . 2012-12-05 18:41 3584 ----a-r- c:\documents and settings\Filip\Data aplikací\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2012-12-05 18:41 . 2012-12-05 18:41 -------- d-----w- c:\program files\Windows Installer Clean Up
2012-12-05 18:41 . 2012-12-05 18:41 -------- d-----w- c:\program files\MSECACHE
2012-12-05 18:25 . 2012-12-05 18:25 -------- d-----w- c:\program files\CCleaner
2012-12-05 18:22 . 2012-12-05 18:30 -------- d-----w- c:\windows\SxsCaPendDel
2012-12-04 15:31 . 2012-12-04 15:31 -------- d-----w- c:\program files\Microsoft XNA
2012-12-03 17:28 . 2012-12-03 17:28 -------- d-----w- C:\League of legends
2012-12-03 17:24 . 2012-12-03 17:24 -------- d-----w- c:\documents and settings\Filip\.swt
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-13 07:24 . 2012-06-25 20:02 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-13 07:24 . 2012-06-25 20:02 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-01 10:20 . 2012-07-04 15:51 286720 ------w- c:\windows\Setup1.exe
2012-10-13 18:04 . 2012-10-03 16:10 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2010-06-02 03:22 . 2010-06-02 03:22 89944 ----a-w- c:\program files\DSETUP.dll
2010-06-02 03:22 . 2010-06-02 03:22 537432 ----a-w- c:\program files\DXSETUP.exe
2010-06-02 03:22 . 2010-06-02 03:22 1801048 ----a-w- c:\program files\dsetup32.dll
2008-09-25 19:39 . 2012-10-26 13:01 3708988 ----a-w- c:\program files\CheatEngine54.exe
2012-12-08 10:59 . 2012-12-08 10:58 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2012-06-27 3093624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-05 98304]
"PWRISOVM.EXE"="d:\programy\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"d:\\Programy\\Utorrent\\uTorrent.exe"=
"c:\\Program Files\\Red Sky\\DownTango\\DownTango.exe"=
"c:\\Program Files\\Red Sky\\DownTango\\pyload-dist\\pyLoadCore.exe"=
"d:\\Hry\\Half Life 2\\hl2\\hl2.exe"=
"c:\\Counter-Strike 2D\\Counter-Strike 2D\\CounterStrike2D.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Documents and Settings\\Filip\\Local Settings\\Data aplikací\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\PANDORA.TV\\PanService\\PandoraService.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowRedirect"= 1 (0x1)
.
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0604000.009\symds.sys [3.10.2012 14:13 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0604000.009\symefa.sys [3.10.2012 14:13 924320]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20121130.005\BHDrvx86.sys [3.12.2012 17:48 995488]
R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360\0604000.009\ccsetx86.sys [3.10.2012 14:13 132768]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [21.8.2012 11:26 242240]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0604000.009\ironx86.sys [3.10.2012 14:13 149624]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [31.12.2012 16:43 682344]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\6.4.0.9\ccsvchst.exe [3.10.2012 14:11 138272]
R2 PanService;PandoraService;c:\program files\PANDORA.TV\PanService\PandoraService.exe [21.7.2012 19:30 625816]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [16.12.2012 8:25 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20121230.001\IDSXpx86.sys [30.12.2012 23:48 373728]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [31.12.2012 16:43 21104]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-12-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-25 07:32]
.
2012-12-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2012-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-26 19:58]
.
2012-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-26 19:58]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://humlak.cz/
TCP: DhcpNameServer = 192.168.1.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\xnf9i46n.default\
FF - ExtSQL: 2012-12-30 23:52; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\IPSFFPlgn
FF - ExtSQL: 2012-12-31 17:49; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\coFFPlgn
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-31 18:43
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\6.4.0.9\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\6.4.0.9\diMaster.dll\" /prefetch:1"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(912)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(2408)
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\UAService7.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2012-12-31 18:48:16 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-12-31 17:48
ComboFix2.txt 2012-12-31 16:56
.
Před spuštěním: Volných bajtů: 12 868 050 944
Po spuštění: Volných bajtů: 12 860 006 400
.
- - End Of File - - 5DCA2EEFA549FA8FADD2F37BCDC66FD6

Re: havěť v PC - kontrola logu

Napsal: 31 pro 2012 19:34
od Rudy
Log již vypadá čistý. Nastala nějaká změna?

Re: havěť v PC - kontrola logu

Napsal: 01 led 2013 08:03
od PCmaniac99
Změna tam stále nebyla, odinstaloval jsem Nortona, který se nedařilo zaktualizovat ani zapnout v něm Firewall, nově nainstalovat se také nedal, pomohl jsem si stažením nového Nortona na jiném PC, tak ten se podařilo zprovoznit. Potom se zadařilo i zaktualizovat Malwarebytes a ten vyhodil toto a zpomalení PC zmizelo:

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.70.0.1100
www.malwarebytes.org

Verze: v2012.12.31.10

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 6.0.2900.2180
Filip :: FILIPUV [administrátor]

Ochrana: Povolena

1.1.2013 0:45:12
mbam-log-2013-01-01 (00-45-12).txt

Typ: Kompletní kontrola (C:\|D:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 366812
Uplynulý čas: 2 hodin, 16 minut,

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 2
C:\System Volume Information\_restore{B23E2CCC-4C0D-42B9-9E6B-0155D313CAC1}\RP67\A0104497.exe (RiskWare.Tool.CK) -> Přesun do karantény a smazání se zdařilo.
D:\Hry\Project Snowblind\mint-pst.exe (Malware.Gen) -> Přesun do karantény a smazání se zdařilo.

(konec)

Re: havěť v PC - kontrola logu

Napsal: 01 led 2013 11:55
od Rudy
MBAM vše nalezené smazal. Už je tedy všechno v pořádku?

Re: havěť v PC - kontrola logu

Napsal: 01 led 2013 13:08
od PCmaniac99
Věřím, že je to v pořádku. Díky.

Re: havěť v PC - kontrola logu

Napsal: 01 led 2013 13:14
od Rudy
Nemáte zač!

PF 2013 :)