Prosim pomoc - padání spuštěných programů

[Jakub SAFE]

Potrebuju poradit,
kdyz spustim pc a zapnu nejakou hru nebo program po 5 minutach spadne.Co mam delat????



Dekuji.........................

mod. by Ltb - úprava předmětu - "Prosim pomoc" není dostatečně konkrétní

[Reklama]

[Baron Prášil]

hraj piškvorky nebo jiné krátké hry!
a nebo nám pošli nějakej log,nejlépe z hijackthis(jak se dělá už víš)

[Jakub SAFE]

Ono to totiz neni moje ale kamarada.
a jeho log ted nemam v pc.Ja bych to udelal sam ale nak mi to nejde.Nejde poradit nak bez logu?

[Baron Prášil]

si v sekci Viry.... a tak předpokládám,že máš na ně podezření.
ale znáš to,je to fousatý- o tý křišťálový kouly a věštírně Delfský

[Jakub SAFE]

Mam na ne podezreni,uz mam malinko praxe.
Ale newim co s tim.Nemohl by jste mi poradit bez logu?

[Baron Prášil]

[Jakub SAFE]

Aha no tak dekuji

[Baron Prášil]

njn,neni za co.můžeš zkusit střílet do černýho třeba SDFixem nebo Combofixem nebo Smitfraudfixem nebo Vundofixem nebo nějakým jiným fixem ale bez informací ti pomoct nemůžu.

[Jakub SAFE]

ComboFix 07-12-19.2 - Kluci 2007-12-19 19:20:39.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.168 [GMT 1:00]
Running from: C:\Documents and Settings\Kluci\Plocha\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\regedit.com
C:\WINDOWS\system32\pskill.exe
C:\WINDOWS\system32\taskmgr.com

.
((((((((((((((((((((((((( Files Created from 2007-11-19 to 2007-12-19 )))))))))))))))))))))))))))))))
.

2007-12-18 18:14 . 2006-07-12 04:48 17,408 --a------ C:\WINDOWS\system32\drivers\gMouPS2.sys
2007-12-18 18:14 . 2006-07-14 07:30 14,848 --a------ C:\WINDOWS\system32\drivers\gHidPnp.sys
2007-12-18 18:14 . 2006-07-14 07:33 9,984 --a------ C:\WINDOWS\system32\drivers\gMouUsb.sys
2007-12-18 17:50 . 2007-12-18 17:50 <DIR> d-------- C:\Genius
2007-12-17 16:50 . 2007-12-17 16:51 <DIR> d-------- C:\TempProjekty
2007-12-11 22:10 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-12-11 22:10 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-12-11 22:10 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-12-11 22:10 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-12-11 22:10 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-12-09 22:45 . 2007-12-09 22:45 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-09 09:18 . 2007-12-09 09:18 <DIR> d-------- C:\Program Files\Sweet Home 3D
2007-12-06 21:12 . 2007-12-06 21:12 <DIR> d-------- C:\Documents and Settings\Kluci\Data aplikací\ICQ Toolbar
2007-12-05 22:41 . 2007-12-16 19:10 <DIR> d-------- C:\Program Files\ICQLite
2007-12-03 19:22 . 2007-12-16 14:10 <DIR> d-------- C:\Program Files\ewido anti-malware
2007-12-03 18:55 . 2007-12-15 23:21 <DIR> d-------- C:\Documents and Settings\Kluci\Data aplikací\Lavasoft
2007-12-02 22:19 . 2007-12-16 16:07 <DIR> d-------- C:\Program Files\ICQToolbar
2007-12-01 19:22 . 2007-12-13 20:19 <DIR> d-------- C:\Program Files\Xvid CZ
2007-11-30 11:03 . 2007-11-30 11:03 <DIR> d-------- C:\Program Files\WinHTTrack
2007-11-28 18:23 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-18 17:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-13 21:09 --------- d-----w C:\Program Files\hjt
2007-12-11 16:11 470 ----a-w C:\Program Files\mp3.lnk
2007-12-09 11:58 --------- d-----w C:\Program Files\NetBus
2007-12-09 10:44 --------- d-----w C:\Program Files\EA GAMES
2007-12-08 22:12 --------- d-----w C:\Documents and Settings\Kluci\Data aplikací\Skype
2007-12-07 21:21 --------- d-----w C:\Program Files\Cheat Engine
2007-12-02 21:18 --------- d-----w C:\Documents and Settings\Kluci\Data aplikací\ICQ
2007-12-02 20:41 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2007-11-28 17:23 --------- d-----w C:\Program Files\Java
2007-11-22 19:25 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Apple Computer
2007-11-18 14:54 --------- d-----w C:\Program Files\World of Warcraft
2007-11-17 23:32 --------- d-----w C:\Program Files\Icon Changer 5
2007-11-17 23:20 --------- d-----w C:\Program Files\Common Files\Stardock
2007-11-17 21:29 --------- d-----w C:\Documents and Settings\Kluci\Data aplikací\ViStart
2007-11-17 21:21 --------- d-----w C:\Program Files\ViOrb
2007-11-17 21:20 --------- d-----w C:\Program Files\MSN Messenger
2007-11-17 17:00 --------- d-----w C:\Program Files\Ahead DVD Ripper
2007-11-17 16:56 --------- d-----w C:\Program Files\IDoser
2007-11-16 10:36 --------- d-----w C:\Program Files\CCleaner
2007-11-15 21:21 --------- d-----w C:\Program Files\DivX
2007-11-15 20:25 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-11-15 14:26 --------- d-----w C:\Program Files\WinForcer
2007-11-15 14:22 --------- d-----w C:\Program Files\Narrowgate
2007-11-15 14:18 --------- d-----w C:\Program Files\EasyPHP1-8
2007-11-15 14:11 --------- d-----w C:\Program Files\NetBus Pro
2007-11-15 14:09 --------- d-----w C:\Program Files\Hamachi
2007-11-14 14:06 30,728 ----a-w C:\WINDOWS\system32\drivers\epfwtdir.sys
2007-11-14 14:04 27,656 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2007-11-14 14:03 33,800 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
2007-11-06 15:18 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\ESET
2007-11-06 14:44 61,440 ----a-w C:\WINDOWS\system32\!fexojb.dll
2007-11-06 14:35 --------- d-s---w C:\Program Files\Xfire
2007-11-06 14:35 --------- d-----w C:\Documents and Settings\Kluci\Data aplikací\Xfire
2007-11-05 18:28 --------- d--h--r C:\Documents and Settings\Kluci\Data aplikací\SecuROM
2007-11-05 13:22 57,344 ---ha-w C:\WINDOWS\system32\tm3qkcg.dll
2007-11-05 13:22 45,056 ---ha-w C:\WINDOWS\system32\ho39e3ert.exe
2007-11-05 13:18 122,880 ----a-w C:\WINDOWS\system32\s2WyFA8dn.dll
2007-11-05 13:17 94,208 ----a-w C:\WINDOWS\skt70.exe
2007-11-04 13:35 --------- d-----w C:\Documents and Settings\Kluci\Data aplikací\LangSoft
2007-11-04 13:35 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\LangSoft
2007-11-04 08:33 --------- d-----w C:\Program Files\HIP GAMES
2007-11-01 20:09 --------- d-----w C:\Program Files\Electronic Arts
2007-11-01 17:38 --------- d-----w C:\Program Files\Steam
2007-11-01 17:35 --------- d-----w C:\Documents and Settings\Kluci\Data aplikací\ATI
2007-10-29 20:49 --------- d-----w C:\Program Files\Call of Duty
2007-10-28 19:34 --------- d-----w C:\Program Files\Counter-Strike Source
2007-10-27 14:37 --------- d-----w C:\Program Files\Codemasters
2007-10-26 16:05 --------- d-----w C:\Documents and Settings\Kluci\Data aplikací\Apple Computer
2007-10-26 16:03 --------- d-----w C:\Program Files\Apple Software Update
2007-10-26 16:03 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Apple
2007-10-26 08:41 --------- d-----w C:\Documents and Settings\Kluci\Data aplikací\AdobeUM
2007-10-25 09:12 41,984 ----a-w C:\WINDOWS\stk67.exe
2007-10-24 18:40 --------- d-----w C:\Program Files\Pariah
2007-10-24 15:48 --------- d-----w C:\Program Files\SCi Games
2007-10-22 19:58 --------- d-----w C:\Program Files\McFunSoft Video Solution
2007-10-22 19:31 --------- d-----w C:\Program Files\ArcSoft
2007-10-22 19:06 --------- d-----w C:\Program Files\DsNET Corp
2007-10-21 06:22 122,880 ----a-w C:\WINDOWS\system32\qbK2Yy.dll
2007-10-20 00:56 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-10-20 00:56 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-10-19 21:47 --------- d-----w C:\Program Files\Activision
2007-10-15 16:50 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-10-13 09:57 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-10-13 09:28 22,328 ----a-w C:\Documents and Settings\Kluci\Data aplikací\PnkBstrK.sys
2007-09-29 03:21 9,854,976 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-09-29 03:07 356,352 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-09-29 03:06 268,800 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-09-29 02:58 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-09-29 02:58 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-09-29 02:58 143,360 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-09-29 02:58 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-09-29 02:57 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-09-29 02:56 483,328 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-09-29 02:55 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-09-29 02:49 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-09-29 02:47 3,130,720 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-09-29 02:47 172,032 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-09-29 02:36 1,593,600 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-09-29 02:23 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-09-29 02:22 376,832 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-09-29 02:20 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-09-29 02:14 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-09-28 20:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2007-03-22 14:48 224 ----a-w C:\Documents and Settings\Kluci\Gen5.dll
2006-09-20 16:56 2,313 ----a-w C:\Program Files\Terragen.lnk
2006-01-09 12:44 32 ----a-r C:\Documents and Settings\All Users\hash.dat
2005-12-21 14:06 119 ----a-w C:\Documents and Settings\Kluci\KLIC.DLL
2005-10-13 17:49 85 ----a-w C:\Documents and Settings\Kluci\BEH.DLL
2005-04-18 13:08 904 ----a-w C:\Program Files\INSTALL.LOG
2005-04-09 15:28 770 ----a-w C:\Documents and Settings\Kluci\NOUZE.DLL
2005-04-09 15:28 5 ----a-w C:\Documents and Settings\Kluci\CHYBY.DLL
2004-08-18 12:00 94,784 --sh--w C:\WINDOWS\twain.dll
2004-08-18 12:00 50,688 --sh--w C:\WINDOWS\twain_32.dll
2006-12-03 12:22 80 --sh--r C:\WINDOWS\system32\27F8B7DBA9.dll
2006-04-14 13:40 56 --sh--r C:\WINDOWS\system32\27F8B7DBA9.sys
2006-04-14 13:41 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2004-08-18 12:00 1,028,096 --sh--w C:\WINDOWS\system32\mfc42.dll
2004-08-18 12:00 54,784 --sh--w C:\WINDOWS\system32\msvcirt.dll
2004-08-18 12:00 413,696 --sh--w C:\WINDOWS\system32\msvcp60.dll
2004-08-18 12:00 343,040 --sh--w C:\WINDOWS\system32\msvcrt.dll
2004-08-18 12:00 553,472 --sh--w C:\WINDOWS\system32\oleaut32.dll
2004-08-18 12:00 83,456 --sh--w C:\WINDOWS\system32\olepro32.dll
2004-08-18 12:00 12,288 --sh--w C:\WINDOWS\system32\regsvr32.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 00:04]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS Probe"="C:\Program Files\ASUS\Probe\AsusProb.exe" [2002-12-06 16:07]
"WinFast Schedule"="C:\Program Files\WinFast\WFTVFM\WFWIZ.exe" [2005-03-02 13:21]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-24 21:10]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 16:46]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-02-18 18:55]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 09:11]
"pdfSaver3"="" []
"CXMon"="C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe" [2002-03-05 13:34]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 17:34]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-11-14 15:05]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-27 19:12]
"ioCentre"="C:\Genius\ioCentre\gTaskBar.exe" [2006-12-08 21:09]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-18 13:00]

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-04-13 19:28:37]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 19:05:56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll 2001-12-20 23:34 24576 C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ekrn"=2 (0x2)
"EhttpSrv"=3 (0x3)
"aswUpdSv"=2 (0x2)

R1 easdrv;easdrv;C:\WINDOWS\system32\DRIVERS\easdrv.sys [2007-11-14 15:04]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-11-14 15:06]
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2007-03-15 14:20]
R2 eamon;EAMON;C:\WINDOWS\system32\DRIVERS\eamon.sys [2007-11-14 15:03]
R2 ekrn;Eset Service;"C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe" [2007-11-14 15:05]
R2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.;C:\WINDOWS\system32\drivers\wf88vcap.sys [2004-10-18 11:25]
R2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.;C:\WINDOWS\system32\drivers\WF88XBAR.sys [2004-10-18 11:25]
R2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.;C:\WINDOWS\system32\drivers\WF88TUNE.sys [2004-10-18 11:25]
R3 gMouPS2;PS2 Scroll Mouse Device;C:\WINDOWS\system32\DRIVERS\gMouPS2.sys [2006-07-12 04:48]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-18 13:00]
R3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS [2005-01-06 16:55]
S3 dopewars-server;dopewars server;C:\Program Files\dopewars-1.5.10\dopewars.exe -N []
S3 EhttpSrv;Eset HTTP Server;"C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe" [2007-11-14 15:07]
S3 gHidPnp;USB Device Enhanced Function Driver;C:\WINDOWS\system32\Drivers\gHidPnp.Sys [2006-07-14 07:30]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{06a3bab8-6592-11da-ad56-0011d82e1fe2}]
\Shell\AutoRun\command - E:\Autorun.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-10-26 16:03:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-19 19:24:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\WINDOWS\system32\xfire_lsp_10650.dll
.
Completion time: 2007-12-19 19:24:40

[Baron Prášil]

je to pokračování minulého problému?

použij Avenger http://www.spyware.cz/go.php?p=spyware&t=aplikace&id=35

a tento skript

Files to delete:
C:\WINDOWS\system32\Process.exe
C:\WINDOWS\system32\SrchSTS.exe
C:\WINDOWS\system32\tm3qkcg.dll
C:\WINDOWS\system32\ho39e3ert.exe

Folders to delete:
C:\Program Files\dopewars-1.5.10


povol restart a po něm pošli log z Avengeru

toto
C:\WINDOWS\system32\!fexojb.dll
C:\WINDOWS\system32\s2WyFA8dn.dll
C:\WINDOWS\system32\qbK2Yy.dll
C:\Documents and Settings\Kluci\Gen5.dll
C:\WINDOWS\system32\27F8B7DBA9.dll
nech zkontrolovat tady http://www.virustotal.com/flash/index_en.html
nepoužívej "Procházet" ale vlož do okna celou cestu k souboru metodou Ctrl+C > Ctrl+V

tuto knihovnu: xfire_lsp_10650.dll odstraň pomocí LSPFix: http://www.viry.cz/forum/viewtopic.php?t=9464

[Jakub SAFE]

Ano dekuji a co mam delat kdyz jsou nektere soubory infikovane ve Virustotalu?