Vytížení PC:100% opět Vyřešeno

[Damned]

Ty soubory extrahovat do složky c:\WINDOWS\system32\dllcache .
Pokud to nejde, tak je extrahuj do C:\WINDOWS\ServicePackFiles\i386 , pokud složku nemáš, tak ji vytvoř přesně tak jak je napsaná, tj. dodrž velká a malá písmena.

Pokud by ani tak nešlo, tak to zkus v nouzáku.

[Reklama]

[Dejvid_1]

ok, mam to

[Damned]

Teď použij te Dial-a-fix stejně jako předtím. Až dokončí svou práci, tak spusť ComboFix a uvidíme jestli najde a vymění ty infikované soubory.
Log z CF mi sem potom vlož.

[Dejvid_1]

ComboFix 09-10-10.02 - Milan 11.10.2009 9:01.12.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1535.1053 [GMT 2:00]
Spuštěný z: c:\documents and settings\Milan\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ctfmon .exe

-- Předchozí spuštění --

Nakažená kopie c:\windows\system32\lsass.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\dllcache\lsass.exe

Nakažená kopie c:\windows\system32\lsass.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\dllcache\lsass.exe

Nakažená kopie c:\windows\system32\svchost.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\dllcache\svchost.exe

--------

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-09-11 do 2009-10-11 )))))))))))))))))))))))))))))))
.

2009-10-10 22:12 . 2009-10-10 22:12 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-10-10 20:53 . 2009-10-10 20:53 -------- d-----w- c:\windows\system32\ServicePackFiles
2009-10-10 20:52 . 2009-10-10 20:52 -------- d-----w- c:\windows\dllcache
2009-10-10 19:42 . 2009-09-15 10:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-10-10 19:42 . 2009-09-15 10:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-10-10 19:42 . 2009-09-15 10:53 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-10-10 19:42 . 2009-09-15 10:53 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-10-10 19:42 . 2009-09-15 10:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-10-10 19:42 . 2009-09-15 10:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-10-10 19:42 . 2009-09-15 10:56 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-10-10 19:42 . 2009-09-15 10:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-10-10 19:41 . 2009-09-15 10:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-10-10 19:31 . 2008-04-14 07:52 57856 -c--a-w- c:\windows\system32\dllcache\spoolsv.exe
2009-10-10 19:31 . 2008-04-14 07:52 57856 ------w- c:\windows\system32\spoolsv.exe
2009-10-10 18:31 . 2009-10-10 18:31 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-10-10 18:31 . 2009-07-03 14:49 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-10-10 17:40 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-10-10 17:34 . 2009-10-10 17:39 -------- d-----w- c:\program files\Lavasoft
2009-10-10 17:11 . 2008-04-14 06:52 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2009-10-10 17:11 . 2001-10-24 10:25 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-10-10 17:11 . 2008-04-14 06:52 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2009-10-10 17:11 . 2001-10-24 10:25 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2009-10-10 17:10 . 2001-10-24 10:25 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2009-10-10 17:10 . 2001-08-18 04:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2009-10-10 17:10 . 2001-08-17 18:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2009-10-10 17:10 . 2008-04-13 20:04 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2009-10-10 17:10 . 2008-04-13 20:04 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2009-10-10 17:10 . 2008-04-14 06:52 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2009-10-10 17:10 . 2008-04-13 22:06 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys
2009-10-10 17:10 . 2008-04-13 20:05 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2009-10-10 17:10 . 2001-10-24 09:57 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2009-10-10 17:08 . 2001-08-17 18:13 19528 -c--a-w- c:\windows\system32\dllcache\w840nd.sys
2009-10-10 17:07 . 2001-08-17 19:28 794399 -c--a-w- c:\windows\system32\dllcache\usr1806v.sys
2009-10-10 17:06 . 2001-10-24 10:25 50176 -c--a-w- c:\windows\system32\dllcache\umaxp60.dll
2009-10-10 17:06 . 2001-10-24 10:25 47616 -c--a-w- c:\windows\system32\dllcache\umaxcam.dll
2009-10-10 17:06 . 2001-10-24 10:25 212480 -c--a-w- c:\windows\system32\dllcache\um54scan.dll
2009-10-10 17:06 . 2001-10-24 10:25 216576 -c--a-w- c:\windows\system32\dllcache\um34scan.dll
2009-10-10 17:06 . 2001-08-17 19:52 36736 -c--a-w- c:\windows\system32\dllcache\ultra.sys
2009-10-10 17:06 . 2008-04-13 22:06 44672 -c--a-w- c:\windows\system32\dllcache\uagp35.sys
2009-10-10 17:06 . 2001-08-17 19:48 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys
2009-10-10 17:06 . 2001-08-17 18:51 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys
2009-10-10 17:06 . 2001-10-24 10:25 525568 -c--a-w- c:\windows\system32\dllcache\tridxp.dll
2009-10-10 17:06 . 2001-08-17 18:51 159232 -c--a-w- c:\windows\system32\dllcache\tridkbm.sys
2009-10-10 17:06 . 2001-10-24 10:24 440576 -c--a-w- c:\windows\system32\dllcache\tridkb.dll
2009-10-10 17:06 . 2001-08-17 18:51 222336 -c--a-w- c:\windows\system32\dllcache\trid3dm.sys
2009-10-10 17:04 . 2001-08-17 18:13 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys
2009-10-10 17:04 . 2001-08-17 18:13 37961 -c--a-w- c:\windows\system32\dllcache\tdk100b.sys
2009-10-10 17:04 . 2001-08-17 19:49 30464 -c--a-w- c:\windows\system32\dllcache\tbatm155.sys
2009-10-10 17:04 . 2001-08-17 19:52 7040 -c--a-w- c:\windows\system32\dllcache\tandqic.sys
2009-10-10 17:04 . 2001-08-17 18:50 36640 -c--a-w- c:\windows\system32\dllcache\t2r4mini.sys
2009-10-10 17:04 . 2001-10-24 10:24 172768 -c--a-w- c:\windows\system32\dllcache\t2r4disp.dll
2009-10-10 17:04 . 2001-08-17 20:07 32640 -c--a-w- c:\windows\system32\dllcache\symc8xx.sys
2009-10-10 17:04 . 2001-08-17 20:07 16256 -c--a-w- c:\windows\system32\dllcache\symc810.sys
2009-10-10 17:04 . 2001-08-17 20:07 30688 -c--a-w- c:\windows\system32\dllcache\sym_u3.sys
2009-10-10 17:04 . 2001-08-17 20:07 28384 -c--a-w- c:\windows\system32\dllcache\sym_hi.sys
2009-10-10 17:04 . 2001-10-24 10:25 94293 -c--a-w- c:\windows\system32\dllcache\sxports.dll
2009-10-10 17:02 . 2001-08-17 19:51 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys
2009-10-10 17:02 . 2001-10-24 10:25 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll
2009-10-10 17:02 . 2001-08-17 20:07 19072 -c--a-w- c:\windows\system32\dllcache\sparrow.sys
2009-10-10 17:02 . 2001-08-17 19:56 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2009-10-10 17:02 . 2001-08-17 18:51 37040 -c--a-w- c:\windows\system32\dllcache\sonypi.sys
2009-10-10 17:02 . 2001-10-24 10:25 114688 -c--a-w- c:\windows\system32\dllcache\sonypi.dll
2009-10-10 17:02 . 2001-08-17 18:51 20752 -c--a-w- c:\windows\system32\dllcache\sonync.sys
2009-10-10 17:02 . 2008-04-13 22:10 7552 -c--a-w- c:\windows\system32\dllcache\sonyait.sys
2009-10-10 17:02 . 2001-08-17 19:53 9600 -c--a-w- c:\windows\system32\dllcache\sonymc.sys
2009-10-10 17:02 . 2001-08-17 19:53 7040 -c--a-w- c:\windows\system32\dllcache\snyaitmc.sys
2009-10-10 17:00 . 2008-04-14 06:51 73832 -c--a-w- c:\windows\system32\dllcache\slcoinst.dll
2009-10-10 16:59 . 2001-10-24 10:03 161728 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2009-10-10 16:59 . 2001-07-21 20:29 18400 -c--a-w- c:\windows\system32\dllcache\sgsmld.sys
2009-10-10 16:59 . 2001-08-17 18:51 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2009-10-10 16:59 . 2001-10-24 10:24 386560 -c--a-w- c:\windows\system32\dllcache\sgiul50.dll
2009-10-10 16:59 . 2001-08-17 18:19 36480 -c--a-w- c:\windows\system32\dllcache\sfmanm.sys
2009-10-10 16:59 . 2001-10-24 10:02 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2009-10-10 16:59 . 2001-10-24 10:02 17664 -c--a-w- c:\windows\system32\dllcache\sermouse.sys
2009-10-10 16:55 . 2001-08-17 19:53 6912 -c--a-w- c:\windows\system32\dllcache\seaddsmc.sys
2009-10-10 16:55 . 2008-04-13 22:15 11520 -c--a-w- c:\windows\system32\dllcache\scsiscan.sys
2009-10-10 16:55 . 2001-08-17 19:52 11648 -c--a-w- c:\windows\system32\dllcache\scsiprnt.sys
2009-10-10 16:53 . 2001-08-17 18:50 41216 -c--a-w- c:\windows\system32\dllcache\s3mt3d.sys
2009-10-10 16:52 . 2008-04-13 21:53 13776 -c--a-w- c:\windows\system32\dllcache\recagent.sys
2009-10-10 16:52 . 2001-08-17 19:51 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys
2009-10-10 16:52 . 2001-10-24 09:58 714762 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2009-10-10 16:52 . 2001-10-24 09:58 899146 -c--a-w- c:\windows\system32\dllcache\r2mdkxga.sys
2009-10-10 16:52 . 2001-10-24 10:25 41472 -c--a-w- c:\windows\system32\dllcache\qvusd.dll
2009-10-10 16:52 . 2001-08-17 19:53 3328 -c--a-w- c:\windows\system32\dllcache\qv2kux.sys
2009-10-10 16:50 . 2001-08-17 19:53 7168 -c--a-w- c:\windows\system32\dllcache\pnrmc.sys
2009-10-10 16:49 . 2001-08-17 18:11 30282 -c--a-w- c:\windows\system32\dllcache\pcntn5hl.sys
2009-10-10 16:48 . 2001-10-24 09:50 54186 -c--a-w- c:\windows\system32\dllcache\otcsercb.sys
2009-10-10 16:48 . 2001-10-24 09:50 43689 -c--a-w- c:\windows\system32\dllcache\otceth5.sys
2009-10-10 16:48 . 2001-08-17 18:12 27209 -c--a-w- c:\windows\system32\dllcache\otc06x5.sys
2009-10-10 16:48 . 2001-08-17 18:20 54528 -c--a-w- c:\windows\system32\dllcache\opl3sax.sys
2009-10-10 16:48 . 2008-04-13 22:16 61696 -c--a-w- c:\windows\system32\dllcache\ohci1394.sys
2009-10-10 16:48 . 2001-08-17 18:50 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys
2009-10-10 16:48 . 2001-10-24 10:24 123776 -c--a-w- c:\windows\system32\dllcache\nv3.dll
2009-10-10 16:48 . 2008-04-13 21:53 180360 -c--a-w- c:\windows\system32\dllcache\ntmtlfax.sys
2009-10-10 16:48 . 2001-08-17 18:49 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys
2009-10-10 16:44 . 2001-10-24 09:44 9472 -c--a-w- c:\windows\system32\dllcache\ntapm.sys
2009-10-10 16:44 . 2001-08-17 19:53 7552 -c--a-w- c:\windows\system32\dllcache\nsmmc.sys
2009-10-10 16:44 . 2008-04-13 22:24 28672 -c--a-w- c:\windows\system32\dllcache\nscirda.sys
2009-10-10 16:44 . 2001-08-17 18:20 87040 -c--a-w- c:\windows\system32\dllcache\nm6wdm.sys
2009-10-10 16:44 . 2001-08-17 18:20 126080 -c--a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2009-10-10 16:44 . 2001-08-17 18:12 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys
2009-10-10 16:44 . 2008-04-14 06:04 132695 -c--a-w- c:\windows\system32\dllcache\netwlan5.sys
2009-10-10 16:44 . 2001-10-24 09:42 65278 -c--a-w- c:\windows\system32\dllcache\netflx3.sys
2009-10-10 16:44 . 2001-08-17 18:50 39264 -c--a-w- c:\windows\system32\dllcache\neo20xx.sys
2009-10-10 16:44 . 2001-10-24 10:24 60480 -c--a-w- c:\windows\system32\dllcache\neo20xx.dll
2009-10-10 16:42 . 2008-04-14 06:51 1737856 -c--a-w- c:\windows\system32\dllcache\mtxparhd.dll
2009-10-10 16:42 . 2008-04-13 21:53 1309184 -c--a-w- c:\windows\system32\dllcache\mtlstrm.sys
2009-10-10 16:42 . 2008-04-13 21:53 126686 -c--a-w- c:\windows\system32\dllcache\mtlmnt5.sys
2009-10-10 16:42 . 2008-04-13 22:16 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
2009-10-10 16:42 . 2001-08-17 19:48 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
2009-10-10 16:42 . 2001-08-17 20:00 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2009-10-10 16:42 . 2008-04-13 22:24 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2009-10-10 16:42 . 2001-08-17 20:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2009-10-10 16:42 . 2001-08-17 19:48 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2009-10-10 16:41 . 2001-08-17 19:52 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2009-10-10 16:41 . 2001-08-17 19:57 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2009-10-10 16:41 . 2001-08-17 19:52 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2009-10-10 16:41 . 2001-10-24 09:52 320384 -c--a-w- c:\windows\system32\dllcache\mgaum.sys
2009-10-10 16:41 . 2001-10-24 10:24 235648 -c--a-w- c:\windows\system32\dllcache\mgaud.dll
2009-10-10 16:41 . 2008-04-13 22:11 26112 -c--a-w- c:\windows\system32\dllcache\memstpci.sys
2009-10-10 16:41 . 2001-10-24 10:23 47616 -c--a-w- c:\windows\system32\dllcache\memgrp.dll
2009-10-10 16:41 . 2001-08-17 19:58 8320 -c--a-w- c:\windows\system32\dllcache\memcard.sys
2009-10-10 16:41 . 2001-10-24 09:50 164586 -c--a-w- c:\windows\system32\dllcache\mdgndis5.sys
2009-10-10 16:41 . 2001-08-17 19:52 7424 -c--a-w- c:\windows\system32\dllcache\mammoth.sys
2009-10-10 16:40 . 2001-08-17 18:19 48768 -c--a-w- c:\windows\system32\dllcache\maestro.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-11 06:56 . 2009-07-08 08:13 -------- d-----w- c:\program files\SysMetrix
2009-10-10 21:09 . 2009-01-17 10:40 138352 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-10-10 21:08 . 2009-01-17 10:39 191304 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-10-10 17:38 . 2008-10-29 14:59 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-02 17:50 . 2009-05-05 12:17 -------- d-----w- c:\program files\EA GAMES
2009-09-27 21:45 . 2009-05-22 16:26 -------- d-----w- c:\program files\Common Files\Real
2009-09-27 21:44 . 2009-05-13 15:29 -------- d-----w- c:\program files\VstPlugins
2009-09-27 21:44 . 2009-05-13 15:26 -------- d-----w- c:\program files\Image-Line
2009-09-26 15:10 . 2009-01-17 10:39 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-09-25 12:29 . 2008-10-29 15:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-25 12:03 . 2008-10-29 20:48 -------- d-----w- c:\program files\Winamp
2009-09-19 14:35 . 2008-12-02 20:01 140038 ----a-w- c:\windows\War3Unin.dat
2009-09-19 10:36 . 2008-11-15 20:31 -------- d-----w- c:\program files\Teamspeak2_RC2
2009-09-13 08:04 . 2009-01-17 16:48 -------- d-----w- c:\program files\HLSW
2009-09-11 12:00 . 2009-07-01 14:16 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-02 18:12 . 2009-07-24 10:52 -------- d-----w- c:\program files\Winferno
2009-08-28 12:28 . 2008-11-01 09:31 -------- d-----w- c:\program files\Java
2009-08-27 11:04 . 2009-08-27 11:04 -------- d-----w- c:\program files\Hamachi
2009-08-27 11:04 . 2008-12-04 16:30 16224 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-08-06 17:24 . 2008-10-29 14:44 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 17:24 . 2008-10-29 14:44 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 17:24 . 2008-10-29 14:44 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 17:24 . 2007-07-30 18:19 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 17:24 . 2008-10-29 14:44 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-06 17:24 . 2008-04-14 12:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 17:23 . 2008-10-29 14:44 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 17:23 . 2008-10-31 18:39 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 17:23 . 2008-10-31 18:39 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-06 17:23 . 2008-10-29 14:44 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2008-04-14 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-25 03:23 . 2008-11-01 09:31 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 19:04 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\atl.dll
.

------- Sigcheck -------

[-] 2008-04-14 . 30D190DE29B885455ECBB1C8C58B5825 . 512000 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
.
((((((((((((((((((((((((((((( SnapShot_2009-10-10_17.52.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-14 12:00 . 2008-04-14 07:52 14336 c:\windows\system32\svchost.exe
+ 2009-10-10 20:53 . 2008-04-14 07:52 14336 c:\windows\system32\ServicePackFiles\i386\svchost.exe
+ 2009-10-10 20:53 . 2008-04-14 07:52 57856 c:\windows\system32\ServicePackFiles\i386\spoolsv.exe
+ 2009-10-10 20:53 . 2008-04-14 07:52 13312 c:\windows\system32\ServicePackFiles\i386\lsass.exe
+ 2008-04-14 12:00 . 2008-04-14 07:52 13312 c:\windows\system32\lsass.exe
- 2008-10-29 14:50 . 2008-10-29 14:50 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-10-29 14:50 . 2009-10-10 18:31 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-10-10 20:52 . 2008-04-14 07:52 14336 c:\windows\dllcache\svchost.exe
+ 2009-10-10 20:52 . 2008-04-14 07:52 57856 c:\windows\dllcache\spoolsv.exe
+ 2009-10-10 20:52 . 2008-04-14 07:52 13312 c:\windows\dllcache\lsass.exe
+ 2009-10-10 18:31 . 2009-10-10 18:31 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"WinFast Schedule"="c:\program files\WinFast\WFTVFM\WFWIZ.exe" [2009-10-11 27136]
"SysMetrix"="c:\program files\SysMetrix\SysMetrix.exe" [2009-10-11 27136]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-10-10 27136]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-10-07 1630208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Milan\Nabˇdka Start\Programy\Po spuçtŘnˇ\
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-19 630784]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Milan^Nabídka Start^Programy^Po spuštění^PowerReg Scheduler V3.exe]
path=c:\documents and settings\Milan\Nabídka Start\Programy\Po spuštění\PowerReg Scheduler V3.exe
backup=c:\windows\pss\PowerReg Scheduler V3.exeStartup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"FTweakFCleaner"=c:\program files\FCleaner\FCleaner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Games Files\\Valve\\hl.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Games Files\\Valve\\hlds.exe"=
"c:\\Games Files\\WRFT3\\Warcraft III\\Warcraft III.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Games Files\\WRFT3\\Warcraft III\\war3.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10.10.2009 19:40 64160]
R2 BT848;WinFast TV2000 XP WDM Video Capture;c:\windows\system32\drivers\wf2kvcap.sys [29.10.2008 17:15 76373]
R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [19.9.2009 12:21 305936]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3.7.2009 16:49 1029456]
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;c:\windows\system32\drivers\wf2ktunr.sys [29.10.2008 17:15 32631]
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;c:\windows\system32\drivers\wf2kXbar.sys [29.10.2008 17:15 10005]
R3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.sys [29.10.2008 17:20 9510]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'

2009-10-10 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]

2009-10-10 c:\windows\Tasks\Italobrothers - Stamp on the ground.job
- c:\documents and settings\Milan\Plocha\mp3\Nirvana\Nevermind\08-Nirvana-Drain_You.mp3 [2009-07-13 11:27]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Milan\Data aplikací\Mozilla\Firefox\Profiles\rtun255r.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - About:Blank
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-Eurobattle.net - c:\windows\Eurobattle.net



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-11 09:10
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...


**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2009-10-11 9:15
ComboFix-quarantined-files.txt 2009-10-11 07:14
ComboFix2.txt 2009-10-10 20:19
ComboFix3.txt 2009-10-10 17:56
ComboFix4.txt 2009-10-10 16:01
ComboFix5.txt 2009-10-10 22:10

Před spuštěním: Volných bajtů: 15 644 352 512
Po spuštění: Volných bajtů: 15 609 692 160

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
329 --- E O F --- 2009-10-03 21:41

[Damned]

Výborně, malý krůček pro lidstvo, ale obrovský skok pro tvůj PC!

Stáhni si :Dr. Web CureIt
dej update , po aktualizaci dej start.
Tlačítky dole můzeš soubor léčit, smazat, přesunout nebo přejmenovat.Pak napiš výsledek. Sken může trvat dlouho. Nalezenou infekci nejdříve léčit, potom teprve smazat. Pokud něco najde ve složce System Volume Information, tak smazat.

Až budeš mít, nainstaluj si antivir a vlož sem log z HJT.

[Dejvid_1]

Heh, pravda to je pro muj PC jo, ale zas me dneska začal zlobit notebook už 2x modra smrt a samej error.. jak nesnasim visty
tady ten log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:35:40, on 11.10.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ .exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp .exe
C:\Program Files\SysMetrix\SysMetrix .exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\Milan\LOCALS~1\Temp\ctv2892.exe
C:\Documents and Settings\Milan\Plocha\Downloads\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [SysMetrix] C:\Program Files\SysMetrix\SysMetrix.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 6833 bytes

[Dejvid_1]

Tak ted uz mam opravdu velký problém uz mi nejde pustit PC vubec... modra smrt... pise to tech. info. - STOP: 0x0000000A (0x00000000,0x00000002, 0x00000001, 0x804F9D36)

[Dejvid_1]

takhle to zmrvit dokazu asi jen ja

[Damned]

Počkej. Teď děláme tedy co? Aby sme nějak neskákali z bedny na bednu.

Ten zavirovanaj PC nebo NTB? Bo sem si nevšiml, že děláme Visty, (ještě)

[Dejvid_1]

notebook(visty) nechme stranou... spis ten PC, ten je v horsim stavu:-D

[Damned]

Zkus mi tu BSOD vyfotit. Potřebuju ještě ty paranetry "IRQL_NOT_LESS_OR_EQUAL"

[Dejvid_1]

foto