bratrovi se vypíná Pc po 30min.
Snažil jsem se to řešit přes jeden starý topic právě zde, ale rád bych měl jistotu,že má PC čisté.
Spustil jsem Rkill, ... i přesto se to po čase restartovalo. Pak jsem nahral combofix a po skenu zatím dobré, bez restartu.
Zasílám oba logy:
Rkill:
Combofix:This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Rkill was run on 26.06.2011 at 20:10:03.
Operating System: Microsoft Windows XP
Processes terminated by Rkill or while it was running:
C:\PROGRA~1\MICROS~2\rapimgr.exe
D:\programy\DAEMON Tools Lite\DTLite.exe
D:\programy\ICQ7\ICQ7.4\ICQ.exe
C:\Documents and Settings\Lukas\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Lukas\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Lukas\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Lukas\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Lukas\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Lukas\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Lukas\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
D:\!_stazeno\rkill.com
D:\programy\Avast5\defs\11062600\Sf.bin
Rkill completed on 26.06.2011 at 20:10:08.
ComboFix 11-06-26.01 - Lukas 26.06.2011 20:46:17.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1332 [GMT 2:00]
Spuštěný z: d:\!_stazeno\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Lukas\WINDOWS
c:\windows\settings.reg
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-05-26 do 2011-06-26 )))))))))))))))))))))))))))))))
.
.
2011-06-26 12:45 . 2011-06-26 12:45 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Trymedia
2011-06-23 19:11 . 2011-06-23 19:12 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Solidshield
2011-06-14 23:03 . 1996-10-15 16:01 298496 ----a-w- c:\windows\uninst.exe
2011-06-12 22:21 . 2011-06-12 22:25 -------- d-----w- c:\documents and settings\Lukas\Data aplikací\My Battle for Middle-earth Files
2011-05-29 10:07 . 2011-05-29 10:07 -------- d-----w- c:\documents and settings\Lukas\Data aplikací\Dyyno
2011-05-29 02:11 . 2011-05-29 02:11 -------- d-----w- c:\program files\Common Files\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-15 21:11 . 2011-04-03 20:11 138264 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-06-15 21:11 . 2011-04-03 20:16 234768 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-06-15 21:11 . 2011-04-03 20:11 234768 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-05-25 19:24 . 2011-05-25 19:24 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-10 12:10 . 2010-07-28 23:28 40112 ----a-w- c:\windows\avastSS.scr
2011-05-10 12:10 . 2010-07-28 23:28 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-10 12:03 . 2011-05-05 13:05 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-10 12:03 . 2010-07-28 23:29 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-10 12:02 . 2010-07-28 23:29 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-10 12:02 . 2010-07-28 23:29 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-05-10 12:02 . 2010-07-28 23:29 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-05-10 11:59 . 2010-07-28 23:29 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-10 11:59 . 2010-07-28 23:29 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-05-10 11:59 . 2010-07-28 23:29 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-04-03 20:11 . 2011-04-03 20:11 138056 ----a-w- c:\documents and settings\Lukas\Data aplikací\PnkBstrK.sys
2011-04-03 20:11 . 2011-04-03 20:11 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-05-30 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- d:\programy\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="d:\programy\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Steam"="d:\programy\steam\Steam.exe" [2010-12-22 1242448]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"Dyyno Launcher"="d:\programy\Dyyno Broadcaster\dyyno_launcher.exe" [2011-01-15 2151776]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2010-07-28 868352]
"P17Helper"="P17.dll" [2005-05-03 64512]
"StartCCC"="d:\programy\ATI\drivers\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-26 98304]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 570664]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Documents and Settings\\Lukas\\Plocha\\Miranda IM\\Mir4nda-IM-0.7.1-Pack-v2.0\\Mir4nda-IM-0.7.1-Pack-v2.0\\miranda32.exe"=
"d:\\games\\StarCraft II\\StarCraft II.exe"=
"d:\\games\\Anno 1404\\Anno4.exe"=
"d:\\games\\Anno 1404\\tools\\Anno4Web.exe"=
"d:\\games\\Anno 1404\\tools\\Benchmark.exe"=
"d:\\games\\Battlefield Bad Company 2\\BFBC2Updater.exe"=
"d:\\games\\Battlefield 2\\BF2.exe"=
"d:\\games\\Counter-Strike\\hlds.exe"=
"d:\\games\\Counter-Strike\\hl.exe"=
"d:\\games\\Landwirtschafts Simulator 2011\\FarmingSimulator2011.exe"=
"d:\\games\\Landwirtschafts Simulator 2011\\game.exe"=
"d:\\!_stazeno\\kknd_extreme\\kknd\\KKND.EXE"=
"d:\\programy\\steam\\Steam.exe"=
"d:\\programy\\steam\\steamapps\\common\\alien swarm\\srcds.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\games\\League of Legends\\air\\LolClient.exe"=
"d:\\games\\League of Legends\\game\\League of Legends.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"d:\\games\\StarCraft II\\Versions\\Base16939\\SC2.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\programy\\ICQ7\\ICQ7.4\\ICQ.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\games\\Battlefield Play4Free\\BFP4f.exe"=
"d:\\programy\\steam\\steamapps\\common\\alien swarm\\swarm.exe"=
"d:\\games\\StarCraft II\\Versions\\Base18092\\SC2.exe"=
"d:\\games\\Call of Duty - Black Ops\\BlackOps.exe"=
"d:\\games\\The Settlers II - 10th Anniversary\\bin\\s2dng_addon.exe"=
"d:\\games\\StarCraft II\\Versions\\Base18574\\SC2.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"d:\\games\\Stonghold Crusader\\Stronghold Crusader.exe"=
"d:\\programy\\Dyyno Broadcaster\\dgcsrv.exe"=
"d:\\programy\\Dyyno Broadcaster\\dppm_source.exe"=
"d:\\up\\_image_hry\\Crysis(R) 2\\bin32\\Crysis2.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"8396:TCP"= 8396:TCP:League of Legends Launcher
"8396:UDP"= 8396:UDP:League of Legends Launcher
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28.8.2010 13:27 691696]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5.5.2011 15:05 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [29.7.2010 1:29 307928]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [29.7.2010 1:29 19544]
R2 Dyyno Launcher;Dyyno Service;d:\programy\Dyyno Broadcaster\launcherd.exe [15.1.2011 4:20 415072]
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/sm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - d:\programy\ICQ7\ICQ7.4\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Lukas\Data aplikací\Mozilla\Firefox\Profiles\xuzbdc00.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=
FF - prefs.js: keyword.enabled - false
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-ICQ - d:\programy\ICQ7\ICQ7.2\ICQ.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-26 20:54
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(708)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Celkový čas: 2011-06-26 20:57:34
ComboFix-quarantined-files.txt 2011-06-26 18:57
.
Před spuštěním: 6 520 786 944
Po spuštění: 6 548 557 824
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 4E065264882E4F934747CFDC30C543B1
Je vše ok? Díky za vaše rady.
Nebezpeči Combofixu
Přispějete na provoz fóra?