NTB samovoľný reštart Vyřešeno

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

paulus33
nováček
Příspěvky: 8
Registrován: listopad 12
Pohlaví: Muž
Stav:
Offline

NTB samovoľný reštart

Příspěvekod paulus33 » 29 zář 2015 22:08

poprosím o kontrolu logu. Neštandardné chovanie sa prejavuje samovoľným reštartom pri pokuse spustiť program, otvoriť word súbor a podobne. Vymenil som ram, otestoval HDD, otestoval stabilitu a stále to isté. Napr. súbory s príponou exe z HDD nespustím, ak chcem niečo inštalovať, musím to mať napr. na USB kľúči...

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:04:26, on 29.9.2015
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

FIREFOX: 40.0.3 (x86 sk)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
c:\PROGRA~1\AVG\AVG2015\avgrsx.exe
C:\Program Files\AVG\AVG2015\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\acs.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\AVG\AVG2015\avgui.exe
C:\Program Files\AVG Web TuneUp\vprot.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe
C:\Program Files\AVG\AVG2015\avgidsagent.exe
C:\Program Files\AVG\AVG2015\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\40.1.6\ToolbarUpdater.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\40.1.6\loggingserver.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG2015\avgnsx.exe
C:\Program Files\AVG\AVG2015\avgemcx.exe
C:\Program Files\AVG Web TuneUp\avgcefrend.exe
C:\Documents and Settings\CPPaP KŠU\Desktop\HijackThis.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2015\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Web TuneUp\vprot.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2015\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2015\avgwdsvc.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: vToolbarUpdater40.1.6 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\40.1.6\ToolbarUpdater.exe
O23 - Service: WtuSystemSupport - Unknown owner - C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe

--
End of file - 4382 bytes

Reklama
Uživatelský avatar
Orcus
člen Security týmu
Elite Level 10.5
Elite Level 10.5
Příspěvky: 10645
Registrován: duben 10
Bydliště: Okolo rostou 3 růže =o)
Pohlaví: Muž
Stav:
Offline

Re: NTB samovoľný reštart

Příspěvekod Orcus » 30 zář 2015 09:00

Nainstaluj si service pack 3 pro Windows XP.

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.

===================================================

Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

===================================================

Stáhni AdwCleaner (by Xplode)

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.
Láska hřeje, ale uhlí je uhlí. :fire:



Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.

Pár rad k bezpečnosti PC.

Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix

Pokud budete spokojeni , můžete podpořit naše fórum.

paulus33
nováček
Příspěvky: 8
Registrován: listopad 12
Pohlaví: Muž
Stav:
Offline

Re: NTB samovoľný reštart

Příspěvekod paulus33 » 02 říj 2015 21:54

zdravím, sorry za pasivitu, ale trošku ma zložila chrípka...

log, nech sa páči:
# AdwCleaner v5.009 - Logfile created 02/10/2015 at 21:48:24
# Updated 27/09/2015 by Xplode
# Database : 2015-09-30.1 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : CPPaP KŠU - CPPPAP-14809368
# Running from : C:\Documents and Settings\CPPaP KŠU\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : vToolbarUpdater40.1.6

***** [ Folders ] *****

[-] Folder Deleted : C:\Avg_Update_0915tb
[-] Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG Secure Search
[-] Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Application Data\Avg_Update_0915tb
[-] Folder Deleted : C:\Program Files\Ask.com
[-] Folder Deleted : C:\Program Files\BS_Player
[-] Folder Deleted : C:\Program Files\Conduit
[-] Folder Deleted : C:\Program Files\Uniblue
[-] Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
[-] Folder Deleted : C:\WINDOWS\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}

***** [ Files ] *****

[-] File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml

***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
[-] Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update
[-] Key Deleted : HKCU\Software\Avg Secure Update
[-] Key Deleted : HKLM\SOFTWARE\Avg Secure Update

***** [ Web browsers ] *****


*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1827 bytes] ##########

Uživatelský avatar
Orcus
člen Security týmu
Elite Level 10.5
Elite Level 10.5
Příspěvky: 10645
Registrován: duben 10
Bydliště: Okolo rostou 3 růže =o)
Pohlaví: Muž
Stav:
Offline

Re: NTB samovoľný reštart

Příspěvekod Orcus » 03 říj 2015 17:40

Stáhni si Junkware Removal Tool by Thisisu

na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

====================================================

Stáhni si RogueKiller
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit

-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.
Láska hřeje, ale uhlí je uhlí. :fire:



Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.

Pár rad k bezpečnosti PC.

Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix

Pokud budete spokojeni , můžete podpořit naše fórum.

paulus33
nováček
Příspěvky: 8
Registrován: listopad 12
Pohlaví: Muž
Stav:
Offline

Re: NTB samovoľný reštart

Příspěvekod paulus33 » 04 říj 2015 14:58

nech sa páči, pri RogueKiller som nemal vpravo tie tri možnosti MBR, FAKED, Anti... aby som ich mohol zaškrtnúť...

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Microsoft Windows XP x86
Ran by CPPaP KćU on ne 04.10.2015 at 14:18:00,68
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Informational

C:\WINDOWS\system32\tasklist.exe doesn't exist [Process check skipped . Windows XP Home Edition?]



~~~ Folders



~~~ FireFox

Emptied folder: C:\Documents and Settings\CPPaP KćU\Application Data\mozilla\firefox\profiles\w5l1bhrw.default\minidumps [2 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ne 04.10.2015 at 14:23:16,96
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


RogueKiller V10.10.7.0 [Sep 28 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno : Normální režim
Uživatel : CPPaP K?U [Práva správce]
Started from : C:\Documents and Settings\CPPaP K?U\Desktop\RogueKiller.exe
Mód : Prohledat -- Datum : 10/04/2015 14:53:15

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 2 ¤¤¤
[PUM.SecurityCenter] HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center | AntiVirusDisableNotify : 1 -> Nalezeno
[PUM.SecurityCenter] HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center | UpdatesDisableNotify : 1 -> Nalezeno

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 1 ¤¤¤
[C:\WINDOWS\system32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS541680J9SA00 +++++
--- User ---
[MBR] d48986a2c1a1b5ddf6a83c3fb336fc6c
[BSP] 2ec58e205a0cd8f37bc0c5ef95d346cf : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 24999 MB [Windows XP Bootstrap | Windows XP Bootloader]
1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 51199155 | Size: 51309 MB
User = LL1 ... OK
User = LL2 ... OK

Uživatelský avatar
jerabina
člen Security týmu
Level 6
Level 6
Příspěvky: 3647
Registrován: březen 13
Bydliště: Litoměřice
Pohlaví: Muž
Stav:
Offline

Re: NTB samovoľný reštart

Příspěvekod jerabina » 04 říj 2015 20:56

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:
- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
(musíš dát myší zatržítko do toho čtverečku vlevo od registru ap.)
- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

Vypni antivir
Stáhni
Zoek.exe

a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.

Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;


klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Když nevíš jak dál, přichází na řadu prostudovat manuál!
HJT návod

Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.

paulus33
nováček
Příspěvky: 8
Registrován: listopad 12
Pohlaví: Muž
Stav:
Offline

Re: NTB samovoľný reštart

Příspěvekod paulus33 » 04 říj 2015 22:49

takze logy v poradi...
akuurat pri zoek mi to vyhodilo chybovu hlasku tak som ho prerusil, pripojil NTB k netu a znovu spustil.

RogueKiller V10.10.7.0 [Sep 28 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno : Normální režim
Uživatel : CPPaP K?U [Práva správce]
Started from : C:\Documents and Settings\CPPaP K?U\Desktop\RogueKiller.exe
Mód : Smazat -- Datum : 10/04/2015 21:29:46

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 2 ¤¤¤
[PUM.SecurityCenter] HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center | AntiVirusDisableNotify : 1 -> Smazáno
[PUM.SecurityCenter] HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center | UpdatesDisableNotify : 1 -> Smazáno

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 1 ¤¤¤
[C:\WINDOWS\system32\drivers\etc\hosts] 127.0.0.1 localhostSmazáno

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS541680J9SA00 +++++
--- User ---
[MBR] d48986a2c1a1b5ddf6a83c3fb336fc6c
[BSP] 2ec58e205a0cd8f37bc0c5ef95d346cf : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 24999 MB [Windows XP Bootstrap | Windows XP Bootloader]
1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 51199155 | Size: 51309 MB
User = LL1 ... OK
User = LL2 ... OK




Zoek.exe v5.0.0.1 Updated 30-09-2015
Tool run by CPPaP KćU on ne 04.10.2015 at 21:30:42,70.
Systém Microsoft Windows XP Home Edition 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\CPPAPK~1\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

4.10.2015 21:31:58 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\Program Files\CSec deleted successfully
C:\Program Files\uTorrent deleted successfully
C:\Program Files\Common Files\EasyInfo deleted successfully
C:\Documents and Settings\Administrator.SKOLA02-9355F9E.001\Application Data\WinRAR deleted successfully
C:\Documents and Settings\NetworkService\Application Data\Xfire deleted successfully
C:\Documents and Settings\Owner\Application Data\AdobeUM deleted successfully
C:\Documents and Settings\Owner\Application Data\Samsung deleted successfully
C:\Documents and Settings\Owner\Application Data\WinRAR deleted successfully
C:\Documents and Settings\Owner\Local Settings\Application Data\GHISLER deleted successfully
C:\Documents and Settings\CPPAPK~1\Local Settings\Application Data\GHISLER deleted successfully
C:\Documents and Settings\CPPAPK~1\Local Settings\Application Data\WMTools Downloaded Files deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WtuSystemSupport deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\WtuSystemSupport deleted successfully

==== FireFox Fix ======================

Deleted from C:\Documents and Settings\CPPAPK~1\Application Data\Mozilla\Firefox\Profiles\w5l1bhrw.default\prefs.js:
user_pref("browser.startup.homepage", "www.google.sk");

Added to C:\Documents and Settings\CPPAPK~1\Application Data\Mozilla\Firefox\Profiles\w5l1bhrw.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\h25gzff5.default\prefs.js:
user_pref("browser.search.selectedEngine", "Azet");

Added to C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\h25gzff5.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Deleting Files \ Folders ======================

C:\Program Files\CSec not found
C:\Program Files\uTorrent not found
C:\Program Files\ComPlus Applications deleted
C:\Program Files\WindowsUpdate deleted
C:\WINDOWS\system32\appdata deleted
C:\Documents and Settings\CPPAPK~1\Local Settings\Application Data\AVG Web TuneUp deleted
C:\Program Files\AVG Web TuneUp deleted
C:\Documents and Settings\Administrator.SKOLA02-9355F9E.000\Application Data\Uniblue deleted
C:\Documents and Settings\Owner\Application Data\wiaservg.log deleted
C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\AVG Web TuneUp deleted
C:\Documents and Settings\Owner\Local Settings\Application Data\BS_Player deleted
C:\Documents and Settings\Owner\Local Settings\Application Data\AskToolbar deleted
C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Documents and Settings\CPPAPK~1\Application Data\Mozilla\Firefox\Profiles\w5l1bhrw.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\h25gzff5.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [03.06.2013 11:50]

==== Firefox Extensions ======================

ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\h25gzff5.default
- Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
- Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Documents and Settings\CPPAPK~1\Application Data\Mozilla\Firefox\Profiles\w5l1bhrw.default
5D41BCD19A3D90E4EBB58A6BFB79E4F7 - C:\Program Files\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library
8B6884E3E1E5F8ABA5FA0C6A2B13181D - C:\Program Files\Windows Media Player\npwmsdrm.dll - Microsoft® DRM
28000D7EEB2FD95A36E1A7539F599C3B - C:\Program Files\Windows Media Player\npdrmv2.dll - Microsoft® DRM
6F120933F87E7DEC972476170288A267 - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat
0BD343C45B4ECCF8D6AF94D6C3ADC310 - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation


==== Chromium Look ======================


==== Chromium Startpages ======================

C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
"homepage": "http://start.icq.com/",


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Reset Google Chrome ======================

C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences~RF1379f6.TMP was reset successfully
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences~RF28acc7.TMP was reset successfully
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences~RF52f16.TMP was reset successfully
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences~RFa7bd87.TMP was reset successfully
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences~RFdaa796.TMP was reset successfully
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\AVG Web TuneUp deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update deleted successfully

==== Empty IE Cache ======================

C:\Documents and Settings\Default User.WINDOWS\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\NetworkService.NT AUTHORITY.000\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\CPPAPK~1\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Documents and Settings\CPPAPK~1\Local Settings\Application Data\Mozilla\Firefox\Profiles\w5l1bhrw.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=351 folders=74 185183486 bytes)

==== Empty Temp Folders ======================

C:\Documents and Settings\Administrator.SKOLA02-9355F9E.000\Local Settings\Temp emptied successfully
C:\Documents and Settings\Administrator.SKOLA02-9355F9E.001\Local Settings\Temp emptied successfully
C:\Documents and Settings\asus\Local Settings\Temp emptied successfully
C:\Documents and Settings\Default User\Local Settings\Temp emptied successfully
C:\Documents and Settings\Default User.WINDOWS\Local Settings\Temp emptied successfully
C:\Documents and Settings\LocalService\Local Settings\Temp emptied successfully
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temp emptied successfully
C:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings\Temp emptied successfully
C:\Documents and Settings\NetworkService\Local Settings\Temp emptied successfully
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temp emptied successfully
C:\Documents and Settings\NetworkService.NT AUTHORITY.000\Local Settings\Temp emptied successfully
C:\Documents and Settings\Owner\Local Settings\Temp emptied successfully
C:\Documents and Settings\CPPAPK~1\Local Settings\Temp will be emptied at reboot
C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\CPPAPK~1\LOCALS~1\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\RECYCLER successfully emptied

==== Deleting Files / Folders ======================

"C:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Documents and Settings\NetworkService.NT AUTHORITY.000\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Documents and Settings\CPPAPK~1\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found

==== EOF on ne 04.10.2015 at 22:15:44,17 ======================


ComboFix 15-10-01.01 - CPPaP KŠU 04.10.2015 22:35:30.1.1 - x86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.1919.1514 [GMT 2:00]
Running from: c:\documents and settings\CPPaP KŠU\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2015 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Owner\My Documents\~WRD0322.tmp
c:\documents and settings\Owner\My Documents\~WRD2710.tmp
c:\documents and settings\Owner\WINDOWS
c:\windows\$msi31uninstall_kb893803v2$
c:\windows\$msi31uninstall_kb893803v2$\msi.dll
c:\windows\$msi31uninstall_kb893803v2$\msiexec.exe
c:\windows\$msi31uninstall_kb893803v2$\msihnd.dll
c:\windows\$msi31uninstall_kb893803v2$\msimsg.dll
c:\windows\$msi31uninstall_kb893803v2$\msisip.dll
c:\windows\$msi31uninstall_kb893803v2$\reg00013
c:\windows\$msi31uninstall_kb893803v2$\reg00014
c:\windows\$msi31uninstall_kb893803v2$\reg00015
c:\windows\$msi31uninstall_kb893803v2$\reg00016
c:\windows\$msi31uninstall_kb893803v2$\reg00017
c:\windows\$msi31uninstall_kb893803v2$\reg00018
c:\windows\$msi31uninstall_kb893803v2$\reg00019
c:\windows\$msi31uninstall_kb893803v2$\reg00020
c:\windows\$msi31uninstall_kb893803v2$\reg00021
c:\windows\$msi31uninstall_kb893803v2$\reg00022
c:\windows\$msi31uninstall_kb893803v2$\reg00023
c:\windows\$msi31uninstall_kb893803v2$\reg00024
c:\windows\$msi31uninstall_kb893803v2$\reg00025
c:\windows\$msi31uninstall_kb893803v2$\reg00026
c:\windows\$msi31uninstall_kb893803v2$\reg00027
c:\windows\$msi31uninstall_kb893803v2$\reg00028
c:\windows\$msi31uninstall_kb893803v2$\reg00029
c:\windows\$msi31uninstall_kb893803v2$\reg00030
c:\windows\$msi31uninstall_kb893803v2$\reg00031
c:\windows\$msi31uninstall_kb893803v2$\reg00032
c:\windows\$msi31uninstall_kb893803v2$\reg00033
c:\windows\$msi31uninstall_kb893803v2$\reg00034
c:\windows\$msi31uninstall_kb893803v2$\reg00035
c:\windows\$msi31uninstall_kb893803v2$\reg00036
c:\windows\$msi31uninstall_kb893803v2$\reg00037
c:\windows\$msi31uninstall_kb893803v2$\reg00038
c:\windows\$msi31uninstall_kb893803v2$\reg00039
c:\windows\$msi31uninstall_kb893803v2$\reg00040
c:\windows\$msi31uninstall_kb893803v2$\reg00041
c:\windows\$msi31uninstall_kb893803v2$\reg00042
c:\windows\$msi31uninstall_kb893803v2$\reg00043
c:\windows\$msi31uninstall_kb893803v2$\reg00044
c:\windows\$msi31uninstall_kb893803v2$\reg00045
c:\windows\$msi31uninstall_kb893803v2$\reg00046
c:\windows\$msi31uninstall_kb893803v2$\reg00047
c:\windows\$msi31uninstall_kb893803v2$\reg00048
c:\windows\$msi31uninstall_kb893803v2$\reg00051
c:\windows\$msi31uninstall_kb893803v2$\reg00052
c:\windows\$msi31uninstall_kb893803v2$\reg00053
c:\windows\$msi31uninstall_kb893803v2$\reg00054
c:\windows\$msi31uninstall_kb893803v2$\reg00055
c:\windows\$msi31uninstall_kb893803v2$\reg00056
c:\windows\$msi31uninstall_kb893803v2$\reg00057
c:\windows\$msi31uninstall_kb893803v2$\reg00058
c:\windows\$msi31uninstall_kb893803v2$\reg00059
c:\windows\$msi31uninstall_kb893803v2$\reg00060
c:\windows\$msi31uninstall_kb893803v2$\reg00061
c:\windows\$msi31uninstall_kb893803v2$\reg00062
c:\windows\$msi31uninstall_kb893803v2$\reg00063
c:\windows\$msi31uninstall_kb893803v2$\reg00064
c:\windows\$msi31uninstall_kb893803v2$\reg00065
c:\windows\$msi31uninstall_kb893803v2$\reg00066
c:\windows\$msi31uninstall_kb893803v2$\reg00067
c:\windows\$msi31uninstall_kb893803v2$\reg00068
c:\windows\$msi31uninstall_kb893803v2$\reg00069
c:\windows\$msi31uninstall_kb893803v2$\reg00070
c:\windows\$msi31uninstall_kb893803v2$\reg00071
c:\windows\$msi31uninstall_kb893803v2$\reg00072
c:\windows\$msi31uninstall_kb893803v2$\reg00073
c:\windows\$msi31uninstall_kb893803v2$\reg00074
c:\windows\$msi31uninstall_kb893803v2$\reg00075
c:\windows\$msi31uninstall_kb893803v2$\reg00076
c:\windows\$msi31uninstall_kb893803v2$\reg00077
c:\windows\$msi31uninstall_kb893803v2$\reg00078
c:\windows\$msi31uninstall_kb893803v2$\reg00079
c:\windows\$msi31uninstall_kb893803v2$\reg00080
c:\windows\$msi31uninstall_kb893803v2$\reg00081
c:\windows\$msi31uninstall_kb893803v2$\reg00082
c:\windows\$msi31uninstall_kb893803v2$\reg00083
c:\windows\$msi31uninstall_kb893803v2$\reg00084
c:\windows\$msi31uninstall_kb893803v2$\reg00085
c:\windows\$msi31uninstall_kb893803v2$\reg00086
c:\windows\$msi31uninstall_kb893803v2$\reg00087
c:\windows\$msi31uninstall_kb893803v2$\reg00088
c:\windows\$msi31uninstall_kb893803v2$\reg00089
c:\windows\$msi31uninstall_kb893803v2$\reg00090
c:\windows\$msi31uninstall_kb893803v2$\reg00091
c:\windows\$msi31uninstall_kb893803v2$\reg00092
c:\windows\$msi31uninstall_kb893803v2$\reg00093
c:\windows\$msi31uninstall_kb893803v2$\reg00094
c:\windows\$msi31uninstall_kb893803v2$\reg00095
c:\windows\$msi31uninstall_kb893803v2$\reg00096
c:\windows\$msi31uninstall_kb893803v2$\reg00097
c:\windows\$msi31uninstall_kb893803v2$\reg00098
c:\windows\$msi31uninstall_kb893803v2$\reg00099
c:\windows\$msi31uninstall_kb893803v2$\reg00100
c:\windows\$msi31uninstall_kb893803v2$\reg00101
c:\windows\$msi31uninstall_kb893803v2$\reg00102
c:\windows\$msi31uninstall_kb893803v2$\reg00103
c:\windows\$msi31uninstall_kb893803v2$\reg00104
c:\windows\$msi31uninstall_kb893803v2$\reg00105
c:\windows\$msi31uninstall_kb893803v2$\reg00106
c:\windows\$msi31uninstall_kb893803v2$\reg00107
c:\windows\$msi31uninstall_kb893803v2$\reg00108
c:\windows\$msi31uninstall_kb893803v2$\reg00109
c:\windows\$msi31uninstall_kb893803v2$\reg00110
c:\windows\$msi31uninstall_kb893803v2$\reg00111
c:\windows\$msi31uninstall_kb893803v2$\reg00112
c:\windows\$msi31uninstall_kb893803v2$\reg00113
c:\windows\$msi31uninstall_kb893803v2$\reg00114
c:\windows\$msi31uninstall_kb893803v2$\reg00115
c:\windows\$msi31uninstall_kb893803v2$\reg00116
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.exe
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.inf
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.txt
c:\windows\$msi31uninstall_kb893803v2$\spuninst\updspapi.dll
c:\windows\system32\DEBUG.log
c:\windows\system32\MUI\041b\tourstart.exe
D:\AUTORUN.INF
.
.
((((((((((((((((((((((((( Files Created from 2015-09-04 to 2015-10-04 )))))))))))))))))))))))))))))))
.
.
2015-10-04 20:07 . 2015-10-04 19:30 24064 ----a-w- c:\windows\zoek-delete.exe
2015-10-04 19:30 . 2015-10-04 19:58 -------- d-----w- C:\zoek_backup
2015-10-04 12:24 . 2015-10-04 19:18 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-10-04 12:24 . 2015-10-04 12:36 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\RogueKiller
2015-10-02 22:41 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2015-10-02 22:41 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2015-10-02 22:41 . 2013-11-27 20:21 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2015-10-02 22:41 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2015-10-02 22:40 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2015-10-02 22:39 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2015-10-02 22:38 . 2013-07-03 02:12 25088 -c----w- c:\windows\system32\dllcache\hidparse.sys
2015-10-02 22:38 . 2013-07-03 01:59 14976 -c----w- c:\windows\system32\dllcache\usbscan.sys
2015-10-02 22:37 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2015-10-02 22:37 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2015-10-02 22:37 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys
2015-10-02 22:37 . 2013-07-17 00:58 123008 -c----w- c:\windows\system32\dllcache\usbvideo.sys
2015-10-02 22:37 . 2013-07-17 00:58 60160 -c----w- c:\windows\system32\dllcache\usbaudio.sys
2015-10-02 22:36 . 2012-05-28 18:16 536576 -c----w- c:\windows\system32\dllcache\msado15.dll
2015-10-02 22:35 . 2014-02-26 01:59 13312 -c----w- c:\windows\system32\dllcache\xp_eos.exe
2015-10-02 22:35 . 2014-02-26 01:59 13312 ------w- c:\windows\system32\xp_eos.exe
2015-10-02 22:35 . 2012-07-04 14:05 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2015-10-02 22:35 . 2013-08-09 00:55 144128 -c----w- c:\windows\system32\dllcache\usbport.sys
2015-10-02 22:35 . 2013-08-09 00:55 32384 -c----w- c:\windows\system32\dllcache\usbccgp.sys
2015-10-02 22:35 . 2013-08-09 00:55 5376 -c----w- c:\windows\system32\dllcache\usbd.sys
2015-10-02 22:35 . 2009-03-18 11:02 30336 -c----w- c:\windows\system32\dllcache\usbehci.sys
2015-10-02 22:34 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2015-10-02 22:32 . 2015-10-02 22:32 -------- d-----w- c:\documents and settings\CPPaP KŠU\Local Settings\Application Data\OCCT_-_Ocbase_-_Adrien_Me
2015-10-02 20:45 . 2005-05-26 13:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2015-10-02 19:46 . 2015-10-02 19:48 -------- d-----w- C:\AdwCleaner
2015-10-02 18:15 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2015-10-02 18:15 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2015-10-02 18:15 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2015-10-02 18:15 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2015-10-02 18:15 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2015-10-02 18:15 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2015-10-02 18:15 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2015-10-02 18:15 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2015-10-02 18:15 . 2010-12-09 15:15 718336 -c----w- c:\windows\system32\dllcache\ntdll.dll
2015-10-02 18:14 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2015-10-02 18:14 . 2012-07-06 13:58 337920 -c----w- c:\windows\system32\dllcache\netapi32.dll
2015-10-02 18:14 . 2013-11-06 01:03 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2015-10-02 18:14 . 2010-07-12 12:55 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
2015-10-02 17:29 . 2008-04-14 03:42 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2015-09-29 18:54 . 2015-09-29 18:56 -------- d-----w- c:\program files\trend micro
2015-09-29 18:54 . 2015-09-29 18:54 -------- d-----w- C:\rsit
2015-09-29 17:57 . 2015-09-29 17:57 -------- d-----w- c:\program files\HD Tune
2015-09-29 17:47 . 2015-09-29 17:47 -------- d-----w- c:\program files\CCleaner
2015-09-29 15:11 . 2015-09-29 15:11 -------- d-----w- c:\program files\AIDA64 Extreme Edition
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-08-19 09:52 . 2015-04-09 12:12 238512 ----a-w- c:\windows\system32\drivers\avgidsdriverlx.sys
2015-08-19 09:52 . 2015-03-11 10:13 222640 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2015-08-04 09:33 . 2015-04-07 10:45 230832 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2015-08-04 09:32 . 2015-04-03 07:37 189872 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2015-07-23 14:44 . 2015-03-11 10:08 31664 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ACU"="c:\program files\Atheros\ACU.exe" [2006-11-17 348249]
"AVG_UI"="c:\program files\AVG\AVG2015\avgui.exe" [2015-08-24 3775912]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2015\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 18:43 69632 ----a-w- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HControl]
2006-10-14 17:37 110592 ----a-w- c:\windows\ATK0100\HControl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-10-30 19:49 16269312 ----a-w- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 18:04 2879488 ----a-w- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2006-08-07 13:11 573440 ----a-w- c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2006-11-10 10:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2006-05-25 18:02 786521 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wireless Console 2]
2006-12-20 21:03 1036288 ----a-w- c:\program files\Wireless Console 2\wcourier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Atheros\\ACU.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\AVG\\AVG2015\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2015\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2015\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2015\\avgemcx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [11.3.2015 12:13 222640]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [11.3.2015 12:13 290272]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [20.3.2015 12:18 35808]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [11.3.2015 12:13 132576]
R1 AVGIDSDriverl;AVGIDSDriverl;c:\windows\system32\drivers\avgidsdriverlx.sys [9.4.2015 14:12 238512]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [11.3.2015 12:08 31664]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [15.4.2015 13:05 207328]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7.4.2015 12:45 230832]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2015\avgwdsvc.exe [24.8.2015 16:05 335656]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2015\avgidsagent.exe [24.8.2015 16:33 3637160]
.
Contents of the 'Scheduled Tasks' folder
.
2015-10-04 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2015-10-02 01:59]
.
2015-10-04 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2015-10-02 01:59]
.
.
------- Supplementary Scan -------
.
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\CPPaP KŠU\Application Data\Mozilla\Firefox\Profiles\w5l1bhrw.default\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
c:\documents and settings\Owner\Start Menu\Programs\Startup\hamachi.lnk - c:\program files\Hamachi\hamachi.exe
HKLM_ActiveSetup-ccc-core-static - msiexec
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-10-04 22:42
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1120)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2015-10-04 22:44:45
ComboFix-quarantined-files.txt 2015-10-04 20:44
.
Pre-Run: 11 024 375 808 bytes free
Post-Run: 18 adresárov, 11 114 897 408 voľných bajtov
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 00A32AF65A1EE319592D1869056BFE14
8F558EB6672622401DA993E1E865C861

Uživatelský avatar
Orcus
člen Security týmu
Elite Level 10.5
Elite Level 10.5
Příspěvky: 10645
Registrován: duben 10
Bydliště: Okolo rostou 3 růže =o)
Pohlaví: Muž
Stav:
Offline

Re: NTB samovoľný reštart

Příspěvekod Orcus » 05 říj 2015 08:52

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený červeně:

ClearJavaCache::

KillAll::

File::
c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job



Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.


Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.


Obrázek

- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu

Upozornění : Může se stát, že po aplikaci skriptu a restartu počítače Windows nenaběhnou, pak znovu restartuj počítač, mačkej F8 a pak zvol poslední známou funkční konfiguraci.

====================================================

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.
Láska hřeje, ale uhlí je uhlí. :fire:



Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.

Pár rad k bezpečnosti PC.

Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix

Pokud budete spokojeni , můžete podpořit naše fórum.

paulus33
nováček
Příspěvky: 8
Registrován: listopad 12
Pohlaví: Muž
Stav:
Offline

Re: NTB samovoľný reštart

Příspěvekod paulus33 » 05 říj 2015 20:02

ComboFix 15-10-01.01 - CPPaP KŠU 05.10.2015 19:38:10.2.1 - x86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.1919.1512 [GMT 2:00]
Running from: c:\documents and settings\CPPaP KŠU\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\CPPaP KŠU\Desktop\CFScript.txt
AV: AVG AntiVirus Free Edition 2015 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
FILE ::
"c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job"
"c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
.
.
((((((((((((((((((((((((( Files Created from 2015-09-05 to 2015-10-05 )))))))))))))))))))))))))))))))
.
.
2015-10-04 20:07 . 2015-10-04 19:30 24064 ----a-w- c:\windows\zoek-delete.exe
2015-10-04 19:30 . 2015-10-04 19:58 -------- d-----w- C:\zoek_backup
2015-10-04 12:24 . 2015-10-04 19:18 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-10-04 12:24 . 2015-10-04 12:36 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\RogueKiller
2015-10-02 22:41 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2015-10-02 22:41 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2015-10-02 22:41 . 2013-11-27 20:21 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2015-10-02 22:41 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2015-10-02 22:40 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2015-10-02 22:39 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2015-10-02 22:38 . 2013-07-03 02:12 25088 -c----w- c:\windows\system32\dllcache\hidparse.sys
2015-10-02 22:38 . 2013-07-03 01:59 14976 -c----w- c:\windows\system32\dllcache\usbscan.sys
2015-10-02 22:37 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2015-10-02 22:37 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2015-10-02 22:37 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys
2015-10-02 22:37 . 2013-07-17 00:58 123008 -c----w- c:\windows\system32\dllcache\usbvideo.sys
2015-10-02 22:37 . 2013-07-17 00:58 60160 -c----w- c:\windows\system32\dllcache\usbaudio.sys
2015-10-02 22:36 . 2012-05-28 18:16 536576 -c----w- c:\windows\system32\dllcache\msado15.dll
2015-10-02 22:35 . 2014-02-26 01:59 13312 -c----w- c:\windows\system32\dllcache\xp_eos.exe
2015-10-02 22:35 . 2014-02-26 01:59 13312 ------w- c:\windows\system32\xp_eos.exe
2015-10-02 22:35 . 2012-07-04 14:05 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2015-10-02 22:35 . 2013-08-09 00:55 144128 -c----w- c:\windows\system32\dllcache\usbport.sys
2015-10-02 22:35 . 2013-08-09 00:55 32384 -c----w- c:\windows\system32\dllcache\usbccgp.sys
2015-10-02 22:35 . 2013-08-09 00:55 5376 -c----w- c:\windows\system32\dllcache\usbd.sys
2015-10-02 22:35 . 2009-03-18 11:02 30336 -c----w- c:\windows\system32\dllcache\usbehci.sys
2015-10-02 22:34 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2015-10-02 22:32 . 2015-10-02 22:32 -------- d-----w- c:\documents and settings\CPPaP KŠU\Local Settings\Application Data\OCCT_-_Ocbase_-_Adrien_Me
2015-10-02 20:45 . 2005-05-26 13:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2015-10-02 19:46 . 2015-10-02 19:48 -------- d-----w- C:\AdwCleaner
2015-10-02 18:15 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2015-10-02 18:15 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2015-10-02 18:15 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2015-10-02 18:15 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2015-10-02 18:15 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2015-10-02 18:15 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2015-10-02 18:15 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2015-10-02 18:15 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2015-10-02 18:15 . 2010-12-09 15:15 718336 -c----w- c:\windows\system32\dllcache\ntdll.dll
2015-10-02 18:14 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2015-10-02 18:14 . 2012-07-06 13:58 337920 -c----w- c:\windows\system32\dllcache\netapi32.dll
2015-10-02 18:14 . 2013-11-06 01:03 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2015-10-02 18:14 . 2010-07-12 12:55 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
2015-10-02 17:29 . 2008-04-14 03:42 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2015-09-29 18:54 . 2015-09-29 18:56 -------- d-----w- c:\program files\trend micro
2015-09-29 18:54 . 2015-09-29 18:54 -------- d-----w- C:\rsit
2015-09-29 17:57 . 2015-09-29 17:57 -------- d-----w- c:\program files\HD Tune
2015-09-29 17:47 . 2015-09-29 17:47 -------- d-----w- c:\program files\CCleaner
2015-09-29 15:11 . 2015-09-29 15:11 -------- d-----w- c:\program files\AIDA64 Extreme Edition
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-08-19 09:52 . 2015-04-09 12:12 238512 ----a-w- c:\windows\system32\drivers\avgidsdriverlx.sys
2015-08-19 09:52 . 2015-03-11 10:13 222640 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2015-08-04 09:33 . 2015-04-07 10:45 230832 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2015-08-04 09:32 . 2015-04-03 07:37 189872 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2015-07-23 14:44 . 2015-03-11 10:08 31664 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ACU"="c:\program files\Atheros\ACU.exe" [2006-11-17 348249]
"AVG_UI"="c:\program files\AVG\AVG2015\avgui.exe" [2015-08-24 3775912]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2015\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 18:43 69632 ----a-w- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HControl]
2006-10-14 17:37 110592 ----a-w- c:\windows\ATK0100\HControl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-10-30 19:49 16269312 ----a-w- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 18:04 2879488 ----a-w- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2006-08-07 13:11 573440 ----a-w- c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2006-11-10 10:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2006-05-25 18:02 786521 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wireless Console 2]
2006-12-20 21:03 1036288 ----a-w- c:\program files\Wireless Console 2\wcourier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Atheros\\ACU.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\AVG\\AVG2015\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2015\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2015\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2015\\avgemcx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [11.3.2015 12:13 222640]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [11.3.2015 12:13 290272]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [20.3.2015 12:18 35808]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [11.3.2015 12:13 132576]
R1 AVGIDSDriverl;AVGIDSDriverl;c:\windows\system32\drivers\avgidsdriverlx.sys [9.4.2015 14:12 238512]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [11.3.2015 12:08 31664]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [15.4.2015 13:05 207328]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7.4.2015 12:45 230832]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2015\avgidsagent.exe [24.8.2015 16:33 3637160]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2015\avgwdsvc.exe [24.8.2015 16:05 335656]
.
.
------- Supplementary Scan -------
.
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\CPPaP KŠU\Application Data\Mozilla\Firefox\Profiles\w5l1bhrw.default\
FF - prefs.js: browser.startup.homepage - about:home
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-10-05 19:52
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1132)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\acs.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2015-10-05 19:56:20 - machine was rebooted
ComboFix-quarantined-files.txt 2015-10-05 17:56
ComboFix2.txt 2015-10-04 20:44
.
Pre-Run: 11 186 053 120 bytes free
Post-Run: 18 adresárov, 11 157 876 736 voľných bajtov
.
- - End Of File - - 3A27880FCC2CC3AE12ECF50BD794E71E
8F558EB6672622401DA993E1E865C861



aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2015-10-05 19:57:53
-----------------------------
19:57:53.093 OS Version: Windows 5.1.2600 Service Pack 3
19:57:53.093 Number of processors: 1 586 0xF06
19:57:53.093 ComputerName: CPPPAP-14809368 UserName: CPPaP KŠU
19:57:53.515 Initialize success
19:57:53.609 VM: initialized successfully
19:57:53.609 VM: Intel CPU virtualization not supported
19:58:21.406 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
19:58:21.406 Disk 0 Vendor: Hitachi_HTS541680J9SA00 SB2OC70P Size: 76319MB BusType: 3
19:58:21.546 Disk 0 MBR read successfully
19:58:21.546 Disk 0 MBR scan
19:58:21.546 Disk 0 Windows XP default MBR code
19:58:21.546 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 24999 MB offset 63
19:58:21.562 Disk 0 default boot code
19:58:21.562 Disk 0 Partition - 00 0F Extended LBA 51309 MB offset 51199155
19:58:21.578 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 51309 MB offset 51199218
19:58:21.578 Disk 0 scanning sectors +156280320
19:58:21.609 Disk 0 scanning C:\WINDOWS\system32\drivers
19:58:28.609 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\CPPaP KŠU\Desktop\MBR.dat"
19:58:28.625 The log file has been saved successfully to "C:\Documents and Settings\CPPaP KŠU\Desktop\aswMBR.txt"


aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2015-10-05 19:57:53
-----------------------------
19:57:53.093 OS Version: Windows 5.1.2600 Service Pack 3
19:57:53.093 Number of processors: 1 586 0xF06
19:57:53.093 ComputerName: CPPPAP-14809368 UserName: CPPaP KŠU
19:57:53.515 Initialize success
19:57:53.609 VM: initialized successfully
19:57:53.609 VM: Intel CPU virtualization not supported
19:58:21.406 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
19:58:21.406 Disk 0 Vendor: Hitachi_HTS541680J9SA00 SB2OC70P Size: 76319MB BusType: 3
19:58:21.546 Disk 0 MBR read successfully
19:58:21.546 Disk 0 MBR scan
19:58:21.546 Disk 0 Windows XP default MBR code
19:58:21.546 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 24999 MB offset 63
19:58:21.562 Disk 0 default boot code
19:58:21.562 Disk 0 Partition - 00 0F Extended LBA 51309 MB offset 51199155
19:58:21.578 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 51309 MB offset 51199218
19:58:21.578 Disk 0 scanning sectors +156280320
19:58:21.609 Disk 0 scanning C:\WINDOWS\system32\drivers
19:58:28.609 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\CPPaP KŠU\Desktop\MBR.dat"
19:58:28.625 The log file has been saved successfully to "C:\Documents and Settings\CPPaP KŠU\Desktop\aswMBR.txt"
19:58:28.828 Service scanning
19:58:41.859 Modules scanning
19:58:41.859 Disk 0 trace - called modules:
19:58:41.875 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
19:58:41.875 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a9f6ab8]
19:58:41.875 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\00000086[0x8aadd030]
19:58:41.875 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8aa7bd98]
19:58:41.875 Disk 0 statistics 62770/0/0 @ 4,84 MB/s
19:58:41.875 Scan finished successfully
19:58:52.625 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\CPPaP KŠU\Desktop\MBR.dat"
19:58:52.625 The log file has been saved successfully to "C:\Documents and Settings\CPPaP KŠU\Desktop\aswMBR.txt"

paulus33
nováček
Příspěvky: 8
Registrován: listopad 12
Pohlaví: Muž
Stav:
Offline

Re: NTB samovoľný reštart

Příspěvekod paulus33 » 05 říj 2015 20:03

este som zabudol uviest, ze pocas scenu MBR som omylom odtukol log pocas procesu, behaju mi tu deti, sorry...

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43298
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: NTB samovoľný reštart

Příspěvekod jaro3 » 06 říj 2015 09:54

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.


Vlož nový log z HJT + informuj o problémech.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

paulus33
nováček
Příspěvky: 8
Registrován: listopad 12
Pohlaví: Muž
Stav:
Offline

Re: NTB samovoľný reštart

Příspěvekod paulus33 » 06 říj 2015 17:48

NTB je podstatne rýchlejší a stabilný, ďakujem pekne za pomoc.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:44:38, on 6.10.2015
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

FIREFOX: 41.0.1 (x86 sk)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
c:\PROGRA~1\AVG\AVG2015\avgrsx.exe
C:\Program Files\AVG\AVG2015\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Atheros\ACU.exe
C:\Program Files\AVG\AVG2015\avgui.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\AVG\AVG2015\avgidsagent.exe
C:\Program Files\AVG\AVG2015\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG2015\avgnsx.exe
C:\Program Files\AVG\AVG2015\avgemcx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\CPPaP KŠU\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2015\avgui.exe" /TRAYONLY
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2015\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2015\avgwdsvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

--
End of file - 3684 bytes


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 60 hostů