Pomalé odhlasovanie systému

Zpráva

Kovas · #1 Příspěvek od **Kovas** » 16 led 2012 17:24

Prosím o pomoc. Na počítači známeho sa systém pomaly odhlasoval - nechcel vypnúť. Spustil scan cez AV (ESET). ten našiel 8 trójských koňov. dal ich do karantény. Ja som potom spustil znova scan a boli nájdené znova. Vypol som obnovu systému. Spustil som znova scan cez AV.
Premazal som CCleaner. Na záver som spustil F-Secure RESCUE CD (CHIP 01/2012). ten nič nenašiel. Spustil som RSIT. Tu prikladám log :

Logfile of random's system information tool 1.09 (written by random/random)
Run by Uzivatel at 2012-01-16 17:15:04
Microsoft Windows XP Professional Service Pack 3, v.3311
System drive C: has 76 GB (75%) free of 101 GB
Total RAM: 2046 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:15:11, on 16. 1. 2012
Platform: Windows XP SP3, v.3311 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\oodtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\cmd.exe
C:\ExpertPlus\jre6\bin\java.exe
D:\Programy\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Uzivatel\Desktop\RSIT.exe
C:\Program Files\trend micro\Uzivatel.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "D:\Programy\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Startovanie procesu.lnk = ?
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: DiRT Drivers Auto Removal (pr2ah4nc) (pr2ah4nc) - CODEMASTERS - C:\WINDOWS\system32\pr2ah4nc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Programy\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 5108 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{25FE4560-66F7-4B7D-ABD3-D188F11C4F03}.job
C:\WINDOWS\tasks\Úklid 1 kliknutím.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Uzivatel\Application Data\Mozilla\Firefox\Profiles\8wvkw7ba.default

prefs.js - "browser.search.suggest.enabled" - false
prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.google.sk"
prefs.js - "extensions.enabledItems" - "YoutubeDownloader@PeterOlayev.com:1.5, {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21, jqs@sun.com:1.0, {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"
prefs.js - "keyword.URL" - "http://slirsredirect.search.aol.com/sli ... pab&query="

"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
AskSearch.js
binary.manifest
browsercomps.dll
npwachk.xpt

C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
npFoxitReaderPlugin.dll
npwachk.dll

C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml

C:\Documents and Settings\Uzivatel\Application Data\Mozilla\Firefox\Profiles\8wvkw7ba.default\extensions\
YoutubeDownloader@PeterOlayev.com
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

C:\Documents and Settings\Uzivatel\Application Data\Mozilla\Firefox\Profiles\8wvkw7ba.default\searchplugins\
winamp-search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-08-13 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-08-13 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-08-24 18702336]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-03-08 13680640]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-03-08 86016]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-11-16 2054360]
"OODefragTray"=C:\WINDOWS\system32\oodtray.exe [2009-02-25 2553088]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-02-12 15360]
"NBJ"=D:\Programy\Ahead\Nero BackItUp\NBJ.exe [2004-11-30 1945600]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-02-12 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-02-12 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Startovanie procesu.lnk - C:\ExpertPlus\service\serverStarter.bat

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
igfxdev.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Documents and Settings\Uzivatel\My Documents\Preberanie\facebook-pic000934519.exe"="c:\windows\nvsvc32.exe:*:Enabled:NVIDIA driver monitor"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=lvcodec2.dll
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo"=vfwwdm32.dll
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"vidc.divx"=divx.dll
"vidc.yv12"=divx.dll
"vidc.xvid"=xvidvfw.dll
"vidc.ffds"=ff_vfw.dll
"vidc.vp60"=vp6vfw.dll
"vidc.vp61"=vp6vfw.dll
"vidc.vp62"=vp6vfw.dll
"msacm.ac3filter"=ac3filter.acm
"msacm.divxa32"=DivXa32.acm
"msacm.lameacm"=LameACM.acm
"msacm.vorbis"=vorbis.acm

======File associations======

.reg - open - "regedit.exe" "%1"

======List of files/folders created in the last 1 month======

2012-01-16 17:15:04 ----D---- C:\rsit
2012-01-16 17:15:04 ----D---- C:\Program Files\trend micro
2012-01-16 10:12:45 ----D---- C:\Documents and Settings\All Users\Application Data\nView_Profiles

======List of files/folders modified in the last 1 month======

2012-01-16 17:15:04 ----D---- C:\Program Files
2012-01-16 17:11:49 ----D---- C:\WINDOWS\Temp
2012-01-16 17:11:04 ----D---- C:\Program Files\Mozilla Firefox
2012-01-16 17:11:02 ----D---- C:\WINDOWS
2012-01-16 15:38:42 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-01-16 15:33:00 ----D---- C:\Documents and Settings\Uzivatel\Application Data\Winamp
2012-01-16 15:31:23 ----SHD---- C:\WINDOWS\Installer
2012-01-16 15:31:23 ----RD---- C:\Program Files\Skype
2012-01-16 15:31:23 ----D---- C:\WINDOWS\Prefetch
2012-01-16 14:43:55 ----SHD---- C:\System Volume Information
2012-01-16 14:43:55 ----D---- C:\WINDOWS\system32\Restore
2012-01-16 12:26:35 ----D---- C:\Documents and Settings\Uzivatel\Application Data\Skype
2012-01-08 14:52:44 ----A---- C:\WINDOWS\NeroDigital.ini
2012-01-08 14:52:43 ----D---- C:\WINDOWS\system32\CatRoot2
2011-12-30 22:54:47 ----D---- C:\WINDOWS\system32
2011-12-29 13:08:31 ----D---- C:\Program Files\CCleaner

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc); C:\WINDOWS\system32\drivers\pe3ah4nc.sys [2007-10-11 64616]
R0 ps7ah4nc;DiRT Synchronization Driver (ps7ah4nc); C:\WINDOWS\system32\drivers\ps7ah4nc.sys [2007-10-11 68208]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-04-28 44944]
R0 Vax347b;Vax347b; C:\WINDOWS\system32\DRIVERS\Vax347b.sys [2005-04-25 159616]
R0 Vax347s;Vax347s; C:\WINDOWS\System32\Drivers\Vax347s.sys [2004-04-30 5248]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2009-11-16 55768]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-02-12 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-02-12 14592]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-11-16 116520]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2009-12-18 135048]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2010-01-08 33096]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-02-12 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-08-25 5888512]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-02-28 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-03-08 6288672]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2009-10-30 176768]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-02-12 32128]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-02-12 20608]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-02-12 17024]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys []
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys [2005-05-27 22016]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-02-12 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-02-12 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-02-12 10880]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\WINDOWS\system32\drivers\nvhda32.sys []
S3 QCMerced;Logitech QuickCam Communicate; C:\WINDOWS\system32\DRIVERS\LVCM.sys [2005-05-27 1317152]
S3 s1039bus;Sony Ericsson Device 1039 driver (WDM); C:\WINDOWS\system32\DRIVERS\s1039bus.sys [2009-11-19 98672]
S3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s1039mdfl.sys [2009-11-19 14960]
S3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s1039mdm.sys [2009-11-19 124016]
S3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s1039mgmt.sys [2009-11-19 117872]
S3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS); C:\WINDOWS\system32\DRIVERS\s1039nd5.sys [2009-11-19 25456]
S3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s1039obex.sys [2009-11-19 113904]
S3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM); C:\WINDOWS\system32\DRIVERS\s1039unic.sys [2009-11-19 123504]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-02-12 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-02-12 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-02-12 60032]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-02-12 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-02-12 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-02-12 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-11-16 735960]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-08-13 153376]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-03-08 163908]
R2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2009-02-25 1352960]
R2 StarWindService;StarWind iSCSI Service; D:\Programy\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe [2005-04-02 217600]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-02-12 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-02-12 14336]
S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc); C:\WINDOWS\system32\pr2ah4nc.exe [2007-10-11 410984]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-11-16 20680]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]

-----------------EOF-----------------

Kovas · #2 Příspěvek od **Kovas** » 16 led 2012 20:48

Screen z karantény AV

#3 Příspěvek od **vyosek** » 16 led 2012 20:52

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Kovas · #4 Příspěvek od **Kovas** » 16 led 2012 21:02

Dobrý večer prajem

Urobím to podľa Vášho návodu. Budem to musieť spustiť ať zajtram, keď sa dostanem k PC.

Tu je ešte link na screen z karantény

http://imageshack.us/photo/my-images/692/karantena.jpg/

#5 Příspěvek od **vyosek** » 16 led 2012 21:08

Pekny vecer...

Screen jsem si vytahl jeste nez jste stihl post editnout

Proto jsem dal hned ComboFix pac tam tusim ze jeste neco bude...

Zitra tu budu nekdy kolem poledne, dopoledne mam nejake povinnosti na fakulte...

Kovas · #6 Příspěvek od **Kovas** » 17 led 2012 14:03

Dobrý deň,

spustil som combofix. Nešlo mi však nainštalovať konzolu pre zotavenie, ale combofix zbehol a vytvoril log. Akurát prehodilo Windows z jazyka CZ do EN pri štarte (čo môjho známeho nepoteší). Stiahol som aj inštalačku konzoly pre zotavenie podľa návodu. Mám ju potom podľa návodu nainštalovať, alebo až potom?

Log z Combofix

ComboFix 12-01-16.05 - Uzivatel . 01. 2012 13:42:57.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.2046.1342 [GMT 1:00]
Running from: c:\documents and settings\Uzivatel\Desktop\ComboFix.exe
AV: ESET Smart Security 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\iun6002.exe
c:\windows\ntdll.dl
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
.
((((((((((((((((((((((((( Files Created from 2011-12-17 to 2012-01-17 )))))))))))))))))))))))))))))))
.
.
2012-01-16 19:50 . 2012-01-16 19:50 -------- d-----w- c:\program files\Common Files\Adobe
2012-01-16 16:15 . 2012-01-16 16:15 -------- d-----w- C:\rsit
2012-01-16 16:15 . 2012-01-16 16:15 -------- d-----w- c:\program files\trend micro
2012-01-16 09:12 . 2012-01-16 09:12 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2012-01-01 01:16 . 2012-01-01 01:16 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2012-01-01 01:16 . 2012-01-01 01:16 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-12-30 21:54 . 2011-12-30 21:54 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-26 14:28 . 2011-05-22 20:28 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="d:\programy\Ahead\Nero BackItUp\NBJ.exe" [2004-11-30 1945600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-08-24 18702336]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-08 13680640]
"nwiz"="nwiz.exe" [2009-03-08 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-08 86016]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-11-16 2054360]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2009-02-25 2553088]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-02-12 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Startovanie procesu.lnk - c:\expertplus\service\serverStarter.bat [2011-4-5 276]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-02-12 13:59 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"RemoteControl"=d:\programy\CyberLink\PowerDVD\PDVDServ.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);c:\windows\system32\drivers\pe3ah4nc.sys [11. 10. 2007 12:19 64616]
R0 ps7ah4nc;DiRT Synchronization Driver (ps7ah4nc);c:\windows\system32\drivers\ps7ah4nc.sys [11. 10. 2007 12:18 68208]
R0 Vax347b;Vax347b;c:\windows\system32\drivers\Vax347b.sys [22. 2. 2010 17:49 159616]
R0 Vax347s;Vax347s;c:\windows\system32\drivers\Vax347s.sys [22. 2. 2010 17:49 5248]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [16. 11. 2009 9:03 108792]
R2 ekrn;ESET Service;c:\program files\eset\ESET Smart Security\ekrn.exe [16. 11. 2009 9:04 735960]
S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);c:\windows\system32\pr2ah4nc.exe svc --> c:\windows\system32\pr2ah4nc.exe svc [?]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys --> c:\windows\system32\drivers\nvhda32.sys [?]
S3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\drivers\s1039bus.sys [5. 8. 2011 19:39 98672]
S3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;c:\windows\system32\drivers\s1039mdfl.sys [5. 8. 2011 19:39 14960]
S3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;c:\windows\system32\drivers\s1039mdm.sys [5. 8. 2011 19:39 124016]
S3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1039mgmt.sys [5. 8. 2011 19:39 117872]
S3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1039nd5.sys [5. 8. 2011 19:39 25456]
S3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\drivers\s1039obex.sys [5. 8. 2011 19:39 113904]
S3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1039unic.sys [5. 8. 2011 19:39 123504]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-16 c:\windows\Tasks\1-Click Maintenance.job
- d:\programy\TuneUp Utilities 2007\SystemOptimizer.exe [2007-08-02 12:39]
.
2012-01-17 c:\windows\Tasks\User_Feed_Synchronization-{25FE4560-66F7-4B7D-ABD3-D188F11C4F03}.job
- c:\windows\system32\msfeedssync.exe [2009-12-20 03:31]
.
2011-12-16 c:\windows\Tasks\Úklid 1 kliknutím.job
- d:\programy\TuneUp Utilities 2007\SystemOptimizer.exe [2007-08-02 12:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
FF - ProfilePath - c:\documents and settings\Uzivatel\Application Data\Mozilla\Firefox\Profiles\8wvkw7ba.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-17 13:45
Windows 5.1.2600 Service Pack 3, v.3311 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="810A578F4609ACC07EC8D0699C94A5B6E67C9CC7D05469AE6CF39BAD567F19D844C9CAA21EA272E4B4B2F78B9526ACDC7EC94A0EF3E6AC198C721A0B5364833B7BCC1D2122783FBCEEB9DBC558260B11B46877EA8BED21CEB880C936C83B88F1C7CA4744BEE2AA28AB7CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3DA9C6AECB7A5D14075D575E7D6A3B980818F38092228B173B54A03E369921F8E0635D8D7DE77A81CD2B55CF07EE3DEEBAC9522387E05F252B080092BDDC6E4B3788BF1205C5722BD6D393C66677DB67CB3290A9CA4701010DD0696E34532BA9CDBD82C78224BBE98D2E16685618CE923E19F16AF4AD8686701B3476478CD14C1E35AABF6065CCF17352B5D39BA7AF403B9CBA334380CB44CA2BB5C14FA69D9E05F8C001AC00662C6FABC79B1B915D76D4ADB844923F70FAF296C85F42580E40C463D08599FE86B54C7CADC7E155796F7B943850E87D5623274A4FD03FE967040224ECBAFB0073DEB759C5D19C866A1889680C006EE425678682AC0885BA327146BEA783CD35B6ACC32A78A9204A5B9139980CEE6DB148A31653C6F07B3A3B447F0D1BB5AEE41E55672D2E32E2DDB83129E6922ED7B3EE6DBCA38B67A9ED11EC7FB8631A5E6AB848FD7154C27F90B4825D687D40BE4F0C09C8AE683D3CEF898DF942A17044B2DD2544DCDC27B4C446C13D08309E5D7DD6736A0152B684ECBCFD0A7D7AE96A40A43F5EA83E9B65F2A85F140190B38DC8C9D83580408C77A505CAAB12952C7DA96C2050E0F05698A4D78291670AE1CED2A49C22612FEC2EEF83B2C17C20D2CE19D305076673FB79F91704C8A08AFA474F6B558EAF9D77E4B69C29110BCBE9564D42DCCFEC46A856276CF0316606C8BC87E3CD384A8F42FC73F85641634C742D18604DDBFE70EB2372220C2646F1061CD51A0445E28CD67B3B0494E27BDAE7115F9A2EC378FB4875B7C6C968A14963F42D5CAABE0220B089B1ED74651F322FE39EA10D018A74B40AE42B5598AE0B04FA8FBE290F805AC1F28FAAB89EEF16282BE26D29713AEB1B3D7FE5094178390187169898870ECD6EAAA2F2D9C7E049A492CE33F758DE7A5C949CD179CAD9DAE594EC83485E2E9311C2CC4282FEB894E9E51873215BA6B6CBB4E88D6A07077AB34254603BA9B5477576035A9344944433970B6D028512C0ADEA227957A78527DB55A1D0A6E5D187DC214EBC1F7E6329AEBE83262BC5F5B73F231EBD6B45AD7349363BBDF5F47F77FCC44BB3ECF6691A7D13756861ECFA4430F2C143895BAEF4D6EE1E50489A12C1FC86AD4B78D9BDECB4F466401B321E8D21908938C7480A47D331DBF8EEFE310EFC2DB752F1394D7EE0E3F0FE07B02FC1AAD5848EEDCF9509854F176A"
.
Completion time: 2012-01-17 13:45:51
ComboFix-quarantined-files.txt 2012-01-17 12:45
.
Pre-Run: 80 101 888 000 bytes free
Post-Run: 80 092 262 400 bytes free
.
- - End Of File - - 1F660A9E4BDD86870B684D7D00F1EC74

#7 Příspěvek od **vyosek** » 17 led 2012 14:13

Presunte instalacku Konzoly primo na disk c:\ a pojmenujte ji rc (i s priponou se jmenuje rc.exe) - tohle je nutne, pac na ni bude odkazovat skript

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

RecoveryConsole::
c:\rc.exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"=-
"SunJavaUpdateSched"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

Firefox::
FF - ProfilePath - c:\documents and settings\Uzivatel\Application Data\Mozilla\Firefox\Profiles\8wvkw7ba.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/sli ... ie7&query=
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/sli ... pab&query=

RegNull::
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]

ClearJavaCache::

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Kovas · #8 Příspěvek od **Kovas** » 17 led 2012 18:44

tu je log z Combofixu :

ComboFix 12-01-16.05 - Uzivatel . 01. 2012 18:35:41.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.2046.1522 [GMT 1:00]
Running from: c:\documents and settings\Uzivatel\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Uzivatel\Desktop\CFScript.txt
AV: ESET Smart Security 4.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Resident AV is active
.
.
.
((((((((((((((((((((((((( Files Created from 2011-12-17 to 2012-01-17 )))))))))))))))))))))))))))))))
.
.
2012-01-17 12:38 . 2012-01-17 12:38 4628200 ----a-w- C:\rc.exe
2012-01-16 19:50 . 2012-01-16 19:50 -------- d-----w- c:\program files\Common Files\Adobe
2012-01-16 16:15 . 2012-01-16 16:15 -------- d-----w- C:\rsit
2012-01-16 16:15 . 2012-01-16 16:15 -------- d-----w- c:\program files\trend micro
2012-01-16 09:12 . 2012-01-16 09:12 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2012-01-01 01:16 . 2012-01-01 01:16 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2012-01-01 01:16 . 2012-01-01 01:16 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-12-30 21:54 . 2011-12-30 21:54 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-26 14:28 . 2011-05-22 20:28 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-17_12.45.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-17 17:39 . 2012-01-17 17:39 16384 c:\windows\temp\Perflib_Perfdata_590.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-08-24 18702336]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-08 13680640]
"nwiz"="nwiz.exe" [2009-03-08 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-08 86016]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-11-16 2054360]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2009-02-25 2553088]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-02-12 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Startovanie procesu.lnk - c:\expertplus\service\serverStarter.bat [2011-4-5 276]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);c:\windows\system32\drivers\pe3ah4nc.sys [11. 10. 2007 12:19 64616]
R0 ps7ah4nc;DiRT Synchronization Driver (ps7ah4nc);c:\windows\system32\drivers\ps7ah4nc.sys [11. 10. 2007 12:18 68208]
R0 Vax347b;Vax347b;c:\windows\system32\drivers\Vax347b.sys [22. 2. 2010 17:49 159616]
R0 Vax347s;Vax347s;c:\windows\system32\drivers\Vax347s.sys [22. 2. 2010 17:49 5248]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [16. 11. 2009 9:03 108792]
R2 ekrn;ESET Service;c:\program files\eset\ESET Smart Security\ekrn.exe [16. 11. 2009 9:04 735960]
S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);c:\windows\system32\pr2ah4nc.exe svc --> c:\windows\system32\pr2ah4nc.exe svc [?]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys --> c:\windows\system32\drivers\nvhda32.sys [?]
S3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\drivers\s1039bus.sys [5. 8. 2011 19:39 98672]
S3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;c:\windows\system32\drivers\s1039mdfl.sys [5. 8. 2011 19:39 14960]
S3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;c:\windows\system32\drivers\s1039mdm.sys [5. 8. 2011 19:39 124016]
S3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1039mgmt.sys [5. 8. 2011 19:39 117872]
S3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1039nd5.sys [5. 8. 2011 19:39 25456]
S3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\drivers\s1039obex.sys [5. 8. 2011 19:39 113904]
S3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1039unic.sys [5. 8. 2011 19:39 123504]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-16 c:\windows\Tasks\1-Click Maintenance.job
- d:\programy\TuneUp Utilities 2007\SystemOptimizer.exe [2007-08-02 12:39]
.
2012-01-17 c:\windows\Tasks\User_Feed_Synchronization-{25FE4560-66F7-4B7D-ABD3-D188F11C4F03}.job
- c:\windows\system32\msfeedssync.exe [2009-12-20 03:31]
.
2011-12-16 c:\windows\Tasks\Úklid 1 kliknutím.job
- d:\programy\TuneUp Utilities 2007\SystemOptimizer.exe [2007-08-02 12:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
TCP: DhcpNameServer = 10.5.18.5 10.5.18.2 195.80.171.4
FF - ProfilePath - c:\documents and settings\Uzivatel\Application Data\Mozilla\Firefox\Profiles\8wvkw7ba.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-17 18:39
Windows 5.1.2600 Service Pack 3, v.3311 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2424)
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\dot3dlg.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\oodag.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\expertplus\jre6\bin\java.exe
d:\programy\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\totalcmd\TOTALCMD.EXE
.
**************************************************************************
.
Completion time: 2012-01-17 18:41:10 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-17 17:41
ComboFix2.txt 2012-01-17 12:45
.
Pre-Run: 80 082 575 360 bytes free
Post-Run: 12 adresárov, 80 065 527 808 voľných bajtov
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - E76D7BA68BA6AD188FDF85967ECE7E3C

#9 Příspěvek od **vyosek** » 17 led 2012 18:48

Jak se chova PC

Kovas · #10 Příspěvek od **Kovas** » 17 led 2012 19:04

Teraz je štart systému a odhlasovanie super. Je to výrazná zmena. Nábeh systému ani nie do minúty. To isté aj s odhlasovaním.

#11 Příspěvek od **vyosek** » 17 led 2012 19:08

Tak jeste uklidime

Odinstalujte Combofix

Prejmenujte ComboFix na Uninstall
Spustte jej
Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner (viz muj podpis)
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

Doporucuji provest defragmentaci disku

Nejjednodussi (ale nejmene ucinny) zpusob je pomoci utility ve windowsech
- Kliknete na Tento pocitac, dale na disk kliknete pravym tlacitkem, vyberte Vlastnosti
- prepnete se do zalozky Nastroje
- Nyni vidite pomucky Defragmentace - spustte ji kliknutim na Defragmentovat
- Toto provedte se vsemi disky
Dalsi moznosti (a mnou doporucenou) je pres programek Defraggler http://www.stahuj.centrum.cz/utility_a_ ... efraggler/
- Program stahnete, nainstalujte (dejte fajfku pryc u yahoo toolbaru) a spustte
- Kliknete na Analyzovat
- Pokud je ve sloupci Fragmentováno vice jak 5%, doporucuji provest defragmentaci (klik na Defragmentovat)
- Postup provedte se vsemi disky
Posledni moznost je pres jednoduchy programek JKDefrag http://www.stahuj.centrum.cz/utility_a_ ... /jkdefrag/
- Vyhodou programku je, ze se neinstaluje
- Staci tedy jen stahnout dle verze vaseho OS a rozbalit
- Nasledne spustit pomoci souboru JKDefrag pripadne JKDefrag64
- Probehne analyza disku a nasledne i defragmentace

A pokud nejsou problemy ci dotazy, je to z me strany vse

Kovas · #12 Příspěvek od **Kovas** » 17 led 2012 19:34

Vďaka, beží to

#13 Příspěvek od **vyosek** » 17 led 2012 19:37

Nemate zac, rad jsem pomohl

Zase nekdy Obrázek

VIRY.CZ

Pomalé odhlasovanie systému

Pomalé odhlasovanie systému

Re: Pomalé odhlasovanie systému

Re: Pomalé odhlasovanie systému

Re: Pomalé odhlasovanie systému

Re: Pomalé odhlasovanie systému

Re: Pomalé odhlasovanie systému

Re: Pomalé odhlasovanie systému

Re: Pomalé odhlasovanie systému

Re: Pomalé odhlasovanie systému

Re: Pomalé odhlasovanie systému

Re: Pomalé odhlasovanie systému

Re: Pomalé odhlasovanie systému

Re: Pomalé odhlasovanie systému