Avira...

booom · Napísal **booom**: 21.12.2009 20:33

Zdravím, dnes som odstránil zo systému Avast! 4.8 Home Edition a nahradil som ho Avirou. Pri spustení sprácu úloh systému mi ukazuje 50%-né vyťaženie CPUčka a teplota mi stúpla až na 48°C. A to mám len zapnutý komp a nič spustené nie je ??????
Predtým s Avastom som mal len pár % pri CPU a teplotu okolo35°C.
PC som preskenoval po upgradnutí Aviry, nič mi nenašlo.
Čím to môže byť, že mi narástlo zaťaženie CPU a stúpla teplota.
Vďaka za každý postreh a radu

pitimir · Napísal **pitimir**: 21.12.2009 20:43

Milion dovodov, od SW nezhod medzi jednotlivymi programami, cez docasne zvysenie zataze kvoli updatom atd. az po to, ze ti ten AV proste nesadol - stava sa

booom · Napísal autor témy **booom**: 21.12.2009 21:02

Ja som vymenil len Antivirak a to bolo všetko. PC je v idle, nemám nič spustené a takéto teploty a zaťaženie sa mi nezdá. Asi to bude tak, že Avira nesadla môjmu PC asi si zvykol na Avast

brmbo · Napísal **brmbo**: 21.12.2009 21:08

skus precistit registre - ccleaner + free registry cleaner a skus potom na novo

shiro · Napísal **shiro**: 21.12.2009 23:45

mna by zaujimalo ze skade dosiel na to ze ten CPU zerie prave avira. Sak naco sa pozret do spravcu uloh, ze?

booom · Napísal autor témy **booom**: 22.12.2009 16:09

Som pozeral práve v Správcovi, že mám tak vyťažený CPU a teplotu v Speedfane. A mám spustené 2 aplikácie: Aviru, Speedfan. Procesy sú toľko ako zvyčajne plus mínus. Ale ako píšem po nainštalovaní Aviry išli tieto hodnoty hore (zaťaženie a teplota). Z Avastom som to nemal...

br4n0 · Napísal **br4n0**: 22.12.2009 16:21

To už vieme. Ak ti zaťažuje procesor, máš sa v správcovi pozrieť, KTORÝ KONKRÉTNY proces ho zaťažuje. Ak je to jeden z procesov aviry, zistiť, či práve neprebieha update alebo naplánovaný sken.

booom · Napísal autor témy **booom**: 22.12.2009 17:10

Ako zistím, ktorý konkrétny proces mi zaťažuje CPU??? Nebude to tým, že je aktivovaný AntiVir Guard, teda že Avira stále kontroluje či mi komp nenapadne nejaký vir alebo čo. ???

br4n0 · Napísal **br4n0**: 22.12.2009 17:28

Guard je štandardná rezidentná ochrana. Bez nej sa žiadny AV nezaobíde. Konkrétny proces zistíš v správcovi úloh na záložke procesy v stĺpci CPU pri každom procese.

booom · Napísal autor témy **booom**: 22.12.2009 18:48

Našiel som to a je: Procesy systémovej nečinnosti - SYSTEM - 49 až 51% - 28 Kb použivanej pamäte.
Čo z toho pre mňa vyplýva????
Mám to odstrániť alebo je pes niekde inde zakopaný???

McDog · Napísal **McDog**: 22.12.2009 19:24

Citaj..Procesy systemovej necinnosti..co je necinost?
Stavim sa ze mas zle odstranny Avast:)

booom · Napísal autor témy **booom**: 22.12.2009 19:42

Avast som odstraňoval cez Pridanie alebo odstánenie programov a tú zložku, ktorá ostala v Prog. Files som vymazal, reštartol komp a tak začal inštalovať Aviru a zase reštart.
Procesy systémovej nečinnosti, to neviem čo je, nikdy som si to v správcovi úloh nevšimol a neviem čo to má byť. Mám tento proces ukončiť??? Nič tým nepokazím??? Lebo len pri tomto mám 50% vyťaženie CPU...

pitimir · Napísal **pitimir**: 22.12.2009 21:43

Procesy systemovej necinnosti u mna dosaduju 99%. Ako je to mozne a preco je to tak? Nuz preto, ze ako uz hore uviedol kolega, tak ide o NECINNOST. Pod tymto procesom sa ti zobrazi percentualne vyjadrenie necinnosti

Ktory dalsi proces zere najviac?

citizen · Napísal **citizen**: 23.12.2009 10:37

shiro píše:

mna by zaujimalo ze skade dosiel na to ze ten CPU zerie prave avira. Sak naco sa pozret do spravcu uloh, ze?

sakra ake chytre rady tu davas.nehraj machra chalan sa pyta tak co prudis.si myslis ze mas viacej modrych kociek tak co

McDog · Napísal **McDog**: 23.12.2009 11:16

Ok mrkni do spravcu uloh ci tam nemas niekde proces Avast alebi iny AV....popripade nemas iny bezpecnostne riesenie?postni log z HiJack This-http://www.pcforum.sk/cistime-napadnuty-pocitac-vt54491.html

booom · Napísal autor témy **booom**: 23.12.2009 16:10

Ja pouzžívam momentálne Aviru, doteraz to bol Avast! 4.8 Home Edit., Spyboot-S a D, Ad-Aware. Další proces, ktorý zaťažuje CPU je: svchost.exe 48-50%

Tu je môj log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:03:39, on 23.12.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: Podpora odkazu pre aplikáciu Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.24\RivaTuner.exe" /S
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [sysgif32] C:\WINDOWS\TEMP\~TM17.tmp
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: siszyd32.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwar ... /CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

--
End of file - 8159 bytes

McDog · Napísal **McDog**: 23.12.2009 16:25

No ja tam vidim stale spusteny As-Aware a spyboot....tie by som dal doprec....hm?

pitimir · Napísal **pitimir**: 23.12.2009 22:41

A ja tam vidim haved a aj toho smejda, ktory sa ti naviazal na ServiceHost a taha ti CPU do vysok.

Stiahni ComboFix, najlepsie na plochu. Vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall. Spust program cez ucet s administratorskymi pravami a postupuj podla instrukcii. Cely sken bude trvat cca 10 minut. Pocas neho moze byt PC restartovane. Log, ktory ComboFix vytvori, najdes na adrese "C:\ComboFix.txt".
Ten vloz sem.

Pozor: Kym ComboFix nevytvori log, na nic neklikat, nic nestlacat !!

McDog · Napísal **McDog**: 23.12.2009 22:48

vidis aka krasna spolupraca?A co keby si napisal co a kde je a ako je?Nech viem aj ja?

booom · Napísal autor témy **booom**: 24.12.2009 13:48

Mne ten combofix išiel asi hodinu a trištvrť, ja som dal len demo lebo odo mňa pýtalo licenčný kľúč. Mne vytvorilo akýsi aaw7boot.txt.

================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2009-12-19 14:46

================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2009-12-19 21:50

================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2009-12-20 09:34

================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2009-12-20 10:15

================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2009-12-21 13:38

================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2009-12-21 13:50

================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2009-12-21 15:08

================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2009-12-21 15:19

================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2009-12-21 15:26

================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2009-12-21 19:11

================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2009-12-22 14:42

================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2009-12-23 14:50

================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2009-12-23 19:51

================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2009-12-24 10:14

??????????

Jeffo · Napísal **Jeffo**: 24.12.2009 20:11

Ako sa vypínajú tie vyskakovacie reklami v avire?pls poradte,dik

pitimir · Napísal **pitimir**: 24.12.2009 20:36

Toto urcite nie je log z ComboFixu. Pokial chces pomoct od toho bordelu, hore mas navod. Ak nie, je mi luto.

@Jeffo696: Zakupenim full verzie

Ber to ako malu dan za free pouzivanie v podstate spickoveho AV.

Jeffo · Napísal **Jeffo**: 24.12.2009 21:47

Nie nie,dá sa to vypnúť niekde cez log,niekde to tu už bolo,ale neviem to nájsť

booom · Napísal autor témy **booom**: 25.12.2009 10:14

Log je tu. Som to robil narýchlo a bola to blbosť. Combofix log:

ComboFix 09-12-23.02 - Biker 25.12.2009 9:55.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.2046.1596 [GMT 1:00]
Running from: D:\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Biker\Application Data\avdrn.dat
c:\documents and settings\Biker\Start Menu\Programs\Startup\siszyd32.exe
c:\windows\system32\Data
c:\windows\system32\vidx16.dll

.
((((((((((((((((((((((((( Files Created from 2009-11-25 to 2009-12-25 )))))))))))))))))))))))))))))))
.

2009-12-24 10:34 . 2009-12-24 10:34 -------- d-----w- c:\program files\R-Studio
2009-12-24 10:20 . 2006-12-19 15:53 24072 ----a-w- c:\windows\system32\uxtuneup.dll
2009-12-24 10:20 . 2009-12-24 10:21 -------- d-----w- c:\program files\TuneUp Utilities 2007
2009-12-23 15:03 . 2009-12-23 15:03 -------- d-----w- c:\program files\Trend Micro
2009-12-21 15:31 . 2009-12-22 15:35 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-21 15:31 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-12-21 15:31 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-12-21 15:31 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-12-21 15:31 . 2009-12-21 15:31 -------- d-----w- c:\program files\Avira
2009-12-21 15:31 . 2009-12-21 15:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-12-21 13:58 . 2009-12-21 13:58 61440 ----a-r- c:\documents and settings\Biker\Application Data\Microsoft\Installer\{750B9AD1-4C63-4143-94C5-6FB304199BAD}\ARPPRODUCTICON.exe
2009-12-21 13:39 . 2009-12-25 09:08 704512 ----a-w- c:\windows\system32\drivers\iwuxav.sys
2009-12-20 13:56 . 2009-12-20 13:56 -------- d-----w- c:\documents and settings\Biker\Application Data\dvdcss
2009-12-20 12:36 . 2009-12-20 12:39 -------- d-----w- c:\program files\Doom 3
2009-12-20 11:19 . 2009-12-20 12:16 967 ----a-w- c:\windows\ScUnin.pif
2009-12-20 11:19 . 2009-12-20 12:16 94208 ----a-w- c:\windows\ScUnin.exe
2009-12-20 11:19 . 2009-12-20 12:16 35382 ----a-w- c:\windows\scunin.dat
2009-12-20 11:16 . 2009-12-20 12:16 -------- d-----w- c:\program files\Starcraft
2009-12-19 13:41 . 2009-10-29 10:48 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-12-17 16:10 . 2009-12-17 16:10 -------- d-----w- C:\DriveKey
2009-12-15 18:52 . 1998-09-02 08:28 38160 ----a-w- c:\windows\system32\LMRTREND.dll
2009-12-15 18:52 . 1998-08-27 04:51 182032 ----a-w- c:\windows\system32\dxtmsft3.dll
2009-12-15 18:52 . 1998-09-02 08:28 63488 ----a-w- c:\windows\system32\unam4ie.exe
2009-12-15 18:52 . 1998-09-02 08:02 194320 ----a-w- c:\windows\system32\qcut.dll
2009-12-15 18:52 . 1998-08-17 09:21 11776 ----a-w- c:\windows\system32\mciqtz.drv
2009-12-15 18:52 . 2009-12-15 18:52 4608 ----a-w- c:\windows\system32\w95inf32.dll
2009-12-15 18:52 . 2009-12-15 18:52 2272 ----a-w- c:\windows\system32\w95inf16.dll
2009-12-15 18:49 . 2009-12-15 18:57 -------- d-----w- C:\Truckrace
2009-12-15 18:48 . 1998-07-30 11:51 305152 ----a-w- c:\windows\IsUninst.exe
2009-12-15 18:48 . 2009-12-15 18:48 -------- d-----w- c:\documents and settings\Biker\WINDOWS
2009-12-12 22:07 . 2009-12-12 22:07 -------- d--h--w- c:\windows\PIF
2009-12-11 09:58 . 2009-12-11 09:58 -------- d-----w- c:\program files\Common Files\Skype
2009-12-04 16:48 . 2009-12-24 10:23 -------- d-----w- c:\program files\SpeedFan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-24 23:30 . 2009-10-29 10:13 -------- d-----w- c:\documents and settings\Biker\Application Data\Skype
2009-12-24 23:09 . 2009-10-29 10:14 -------- d-----w- c:\documents and settings\Biker\Application Data\skypePM
2009-12-24 10:49 . 2009-10-29 10:06 862040 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-12-24 10:49 . 2009-10-29 10:06 206944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-12-24 10:49 . 2009-10-29 10:06 390288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-12-24 10:49 . 2009-10-29 10:48 537576 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2009-12-24 10:49 . 2009-10-29 10:06 194104 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2009-12-24 10:49 . 2009-10-29 10:06 370744 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-12-24 10:48 . 2009-10-29 10:06 6296864 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-12-24 10:48 . 2009-10-29 10:06 933120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-12-24 10:48 . 2009-10-29 10:06 816272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-12-24 10:48 . 2009-10-29 10:06 822904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-12-24 10:48 . 2009-10-29 10:06 1643272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-12-24 10:48 . 2009-10-29 10:06 788880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-12-24 10:48 . 2009-10-29 10:06 1181328 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-12-24 10:20 . 2009-10-28 09:11 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-23 17:17 . 2009-10-28 09:50 -------- d-----w- c:\program files\Opera
2009-12-21 13:39 . 2009-12-21 13:39 16 ----a-w- c:\documents and settings\Biker\Application Data\fvgqad.dat
2009-12-20 14:02 . 2009-11-24 10:17 -------- d-----w- c:\documents and settings\Biker\Application Data\vlc
2009-12-19 22:59 . 2009-10-31 23:20 -------- d-----w- c:\program files\HappyFoto
2009-12-19 08:36 . 2009-10-29 09:53 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-19 08:35 . 2009-10-29 09:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-17 16:10 . 2009-10-28 08:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-12 15:28 . 2009-12-12 15:28 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-12-11 09:58 . 2009-10-29 10:13 -------- d-----r- c:\program files\Skype
2009-12-11 09:58 . 2009-10-29 10:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-12-09 08:13 . 2009-10-28 09:32 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-05 16:23 . 2009-10-31 18:25 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2009-12-03 17:30 . 2009-10-28 09:27 521376 ----a-w- c:\documents and settings\Biker\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-03 16:50 . 2009-10-28 10:27 -------- d-----w- c:\program files\TuneUp Utilities 2006
2009-12-03 16:38 . 2009-10-29 10:47 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-12-03 16:38 . 2009-10-31 15:52 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}
2009-11-26 10:48 . 2009-10-29 10:06 163728 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-11-26 10:48 . 2009-10-29 10:06 327000 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-11-26 10:48 . 2009-10-29 10:06 87496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-11-26 10:48 . 2009-10-29 10:06 641632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-11-24 10:17 . 2009-11-24 10:17 -------- d-----w- c:\program files\VideoLAN
2009-11-24 09:56 . 2009-11-24 09:56 -------- d-----w- c:\program files\MSECache
2009-11-22 12:02 . 2009-11-22 12:00 -------- d-----w- c:\program files\Software Informer
2009-11-22 11:07 . 2009-11-01 10:45 -------- d-----w- c:\documents and settings\Biker\Application Data\PC Suite
2009-11-12 09:23 . 2009-10-28 09:07 -------- d-----w- c:\program files\Creative
2009-11-12 09:22 . 2009-11-12 09:22 -------- d-----w- c:\program files\Common Files\Creative
2009-11-12 09:22 . 2009-10-28 10:08 -------- d--h--w- c:\program files\Creative Installation Information
2009-11-11 20:27 . 2009-11-11 20:27 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ
2009-11-06 16:16 . 2009-11-06 16:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-06 16:15 . 2009-11-01 10:42 -------- d-----w- c:\program files\MSBuild
2009-11-05 17:59 . 2009-11-05 17:59 -------- d-----w- c:\documents and settings\Biker\Application Data\CyberLink
2009-11-05 17:58 . 2009-11-05 17:58 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-11-05 17:57 . 2009-11-05 17:57 -------- d-----w- c:\program files\CyberLink
2009-11-02 18:56 . 2009-11-02 18:56 -------- d-----w- c:\program files\Common Files\Futuremark Shared
2009-11-02 16:09 . 2009-10-28 08:57 -------- d-----w- c:\program files\Common Files\InstallShield
2009-11-01 12:16 . 2009-11-01 11:23 -------- d-----w- c:\program files\Common Files\Nokia
2009-11-01 12:15 . 2009-11-01 10:45 -------- d-----w- c:\program files\Nokia
2009-11-01 12:15 . 2009-11-01 11:23 -------- d-----w- c:\program files\Common Files\PCSuite
2009-11-01 11:41 . 2009-11-01 10:46 -------- d-----w- c:\documents and settings\Biker\Application Data\Nokia
2009-11-01 11:41 . 2009-11-01 11:41 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-11-01 11:41 . 2009-11-01 11:41 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-11-01 11:40 . 2009-11-01 11:40 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-11-01 11:40 . 2009-11-01 11:40 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-11-01 11:36 . 2009-11-01 10:45 -------- d-----w- c:\program files\DIFX
2009-11-01 11:36 . 2009-11-01 11:36 -------- d-----w- c:\program files\PC Connectivity Solution
2009-11-01 11:36 . 2009-11-01 11:36 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe
2009-11-01 11:36 . 2009-11-01 11:36 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe
2009-11-01 11:36 . 2009-11-01 11:36 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-11-01 11:36 . 2009-11-01 11:36 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe
2009-11-01 11:35 . 2009-11-01 10:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-11-01 11:34 . 2009-11-01 11:36 33773208 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_eng_web.exe
2009-11-01 11:03 . 2009-11-01 11:01 -------- d-----w- c:\documents and settings\Biker\Application Data\NSeries
2009-11-01 11:02 . 2009-11-01 10:46 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2009-11-01 11:00 . 2009-11-01 11:00 -------- d-----w- c:\program files\Windows Media Connect 2
2009-11-01 10:40 . 2009-11-01 10:40 -------- d-----w- c:\program files\Reference Assemblies
2009-10-31 23:20 . 2009-10-31 23:20 -------- d-----w- c:\documents and settings\Biker\Application Data\Happy Foto
2009-10-31 18:29 . 2003-03-28 03:24 86016 ----a-w- c:\windows\system32\OpenAL32.dll
2009-10-31 18:28 . 2009-10-31 18:28 -------- d-----w- c:\program files\Futuremark
2009-10-31 18:19 . 2009-10-31 15:47 -------- d-----w- c:\program files\Uniblue
2009-10-31 18:06 . 2009-10-28 09:11 -------- d-----w- c:\program files\AGEIA Technologies
2009-10-31 17:51 . 2009-10-31 17:51 -------- d-----w- c:\program files\oZone3D
2009-10-31 16:50 . 2009-10-31 16:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Codemasters
2009-10-31 16:48 . 2009-10-31 16:48 -------- d-----w- c:\program files\OpenAL
2009-10-31 16:48 . 2009-10-31 16:48 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-10-31 16:36 . 2009-10-31 16:36 -------- d-----w- c:\program files\Codemasters
2009-10-31 15:53 . 2009-10-31 15:52 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner
2009-10-31 15:52 . 2009-10-31 15:47 -------- d-----w- c:\documents and settings\Biker\Application Data\Uniblue
2009-10-30 18:28 . 2009-10-29 10:11 -------- d-----w- c:\documents and settings\Biker\Application Data\ICQ
2009-10-30 09:39 . 2009-10-29 10:10 -------- d-----w- c:\program files\ICQ6.5
2009-10-29 20:26 . 2009-10-29 20:26 -------- d-----w- c:\documents and settings\Biker\Application Data\Apple Computer
2009-10-29 11:12 . 2009-10-29 11:09 54743966 ----a-w- c:\documents and settings\All Users\Application Data\Creative\Software Update\cache\Creative MediaSource Player_Organizer 3.30.21__\CMS_PCAPP_LB_3_30_21.exe
2009-10-29 11:09 . 2009-10-29 11:07 37406376 ----a-w- c:\documents and settings\All Users\Application Data\Creative\Software Update\cache\Creative MediaSource 5 Player_Organizer 5.25.02__\CMS5_PCAPP_LB_5_25_02.exe
2009-10-29 11:02 . 2009-10-29 11:01 12846328 ----a-w- c:\documents and settings\All Users\Application Data\Creative\Software Update\cache\Creative WaveStudio 7.11.00__\WAVESTD_PCAPP_LB_7_11_00.exe
2009-10-29 10:48 . 2009-10-29 10:48 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-29 10:48 . 2009-10-29 10:48 93360 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2009-10-29 10:48 . 2009-10-29 10:48 554280 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll
2009-10-29 10:48 . 2009-10-29 10:06 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-10-29 10:48 . 2009-10-29 10:48 212480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\VipreBridge.dll
2009-10-29 10:48 . 2009-10-29 10:48 283944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Vipre.dll
2009-10-29 10:48 . 2009-10-29 10:48 1223976 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll
2009-10-29 10:48 . 2009-10-29 10:48 242984 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll
2009-10-29 10:34 . 2009-10-28 08:40 5938 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-10-29 10:34 . 2009-10-28 08:40 166455 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-10-29 10:17 . 2009-10-29 10:17 -------- d-----w- c:\program files\MSXML 4.0
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"P17Helper"="P17.dll" [2005-05-03 64512]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-25 13680640]
"nwiz"="nwiz.exe" [2008-12-25 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-25 86016]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-12-24 788880]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.24\RivaTuner.exe" [2009-02-25 2781184]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 30208]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-10-30 113664]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Codemasters\\GRID\\GRID.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [28.10.2009 10:42 64288]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [21.12.2009 16:31 108289]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [29.10.2009 11:11 222456]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28.10.2009 10:35 717296]
S3 cpuz130;cpuz130;\??\c:\docume~1\Biker\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Biker\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24.9.2009 12:17 1181328]

--- Other Services/Drivers In Memory ---

*Deregistered* - iwuxav

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-07-18 16:53 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

AddRemove-{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F} - c:\documents and settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}\DriverScanner_Setup.exe
AddRemove-{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} - c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-25 10:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iwuxav]

.
Completion time: 2009-12-25 10:09:13
ComboFix-quarantined-files.txt 2009-12-25 09:09

Pre-Run: 90 800 398 336 bytes free
Post-Run: 12 adresárov, 90 875 883 520 voľných bajtov

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - 553F7A541EDCF93E8D843D021C169CDD

booom · Napísal autor témy **booom**: 25.12.2009 10:57

Po tejto očiste mi nezaťažuje CPU-čko na 50% ten proces. Zmizol po combofixe!!!

Paráda aj teplota CPU mi z 48-50°C klesla na 35-38°C. Terazky mám CPU vyťažený cca na 3% ako predtým.
Vtedy mi aj hry sekali, teraz je to lajtka.

Dakujem "pitimir" za pomoc.

P.S. čo si vyčítal z toho fogu??? Ak začínal ComboFix, tak mi tam vyhodilo 2 tabuľky, niečo ohľadom Aviry... Postupoval som podľa toho čo tam bolo napísané.
???

pitimir · Napísal **pitimir**: 25.12.2009 11:28

1) Co bola blbost?

A treba citat navody poriadne, CF mal byt na ploche.

2) Zostal ti tam este rootkit:

Presun ikonu CF na plochu, vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall a otvor poznamkovy blok. Donho skopiruj:

Kód:

KillAll::
Rootkit::
c:\windows\system32\drivers\iwuxav.sys 

Driver::
iwuxav
ICQ Service

Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iwuxav] 

Folder::
c:\program files\ICQ6Toolbar

Uloz na plochu ako CFScript.txt a mysou pretiahni nad ikonou CF.

Avira...

Program script spracuje a spravi novy log.

Pozor: Ak po aplikacii skriptu nenabehne Windows, restartuj PC, stlac F8 a zvol Poslednu znamu funkcnu konfiguraciu.

booom · Napísal autor témy **booom**: 25.12.2009 19:28

Tak hádam do tretice všetko dobré...

ComboFix 09-12-23.02 - Biker 25.12.2009 19:15:45.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.2046.1698 [GMT 1:00]
Running from: D:\ComboFix.exe
Command switches used :: c:\documents and settings\Biker\Desktop\CFScript.txt.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\ICQ6Toolbar
c:\program files\ICQ6Toolbar\Icons.bmp
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\ICQ6Toolbar\icq6Toolbar.ico
c:\program files\ICQ6Toolbar\ICQToolBar.dll
c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
c:\program files\ICQ6Toolbar\logo_small.gif
c:\program files\ICQ6Toolbar\ServiceStarter.exe
c:\program files\ICQ6Toolbar\short.wav
c:\program files\ICQ6Toolbar\Version.txt

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ICQ_SERVICE
-------\Legacy_IWUXAV
-------\Service_ICQ Service
-------\Service_iwuxav

((((((((((((((((((((((((( Files Created from 2009-11-25 to 2009-12-25 )))))))))))))))))))))))))))))))
.

2009-12-24 10:34 . 2009-12-24 10:34 -------- d-----w- c:\program files\R-Studio
2009-12-24 10:20 . 2006-12-19 15:53 24072 ----a-w- c:\windows\system32\uxtuneup.dll
2009-12-24 10:20 . 2009-12-24 10:21 -------- d-----w- c:\program files\TuneUp Utilities 2007
2009-12-23 15:03 . 2009-12-23 15:03 -------- d-----w- c:\program files\Trend Micro
2009-12-21 15:31 . 2009-12-22 15:35 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-21 15:31 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-12-21 15:31 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-12-21 15:31 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-12-21 15:31 . 2009-12-21 15:31 -------- d-----w- c:\program files\Avira
2009-12-21 15:31 . 2009-12-21 15:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-12-21 13:58 . 2009-12-21 13:58 61440 ----a-r- c:\documents and settings\Biker\Application Data\Microsoft\Installer\{750B9AD1-4C63-4143-94C5-6FB304199BAD}\ARPPRODUCTICON.exe
2009-12-20 13:56 . 2009-12-20 13:56 -------- d-----w- c:\documents and settings\Biker\Application Data\dvdcss
2009-12-20 12:36 . 2009-12-20 12:39 -------- d-----w- c:\program files\Doom 3
2009-12-20 11:19 . 2009-12-20 12:16 967 ----a-w- c:\windows\ScUnin.pif
2009-12-20 11:19 . 2009-12-20 12:16 94208 ----a-w- c:\windows\ScUnin.exe
2009-12-20 11:19 . 2009-12-20 12:16 35382 ----a-w- c:\windows\scunin.dat
2009-12-20 11:16 . 2009-12-20 12:16 -------- d-----w- c:\program files\Starcraft
2009-12-19 13:41 . 2009-10-29 10:48 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-12-17 16:10 . 2009-12-17 16:10 -------- d-----w- C:\DriveKey
2009-12-15 18:52 . 1998-09-02 08:28 38160 ----a-w- c:\windows\system32\LMRTREND.dll
2009-12-15 18:52 . 1998-08-27 04:51 182032 ----a-w- c:\windows\system32\dxtmsft3.dll
2009-12-15 18:52 . 1998-09-02 08:28 63488 ----a-w- c:\windows\system32\unam4ie.exe
2009-12-15 18:52 . 1998-09-02 08:02 194320 ----a-w- c:\windows\system32\qcut.dll
2009-12-15 18:52 . 1998-08-17 09:21 11776 ----a-w- c:\windows\system32\mciqtz.drv
2009-12-15 18:52 . 2009-12-15 18:52 4608 ----a-w- c:\windows\system32\w95inf32.dll
2009-12-15 18:52 . 2009-12-15 18:52 2272 ----a-w- c:\windows\system32\w95inf16.dll
2009-12-15 18:49 . 2009-12-15 18:57 -------- d-----w- C:\Truckrace
2009-12-15 18:48 . 1998-07-30 11:51 305152 ----a-w- c:\windows\IsUninst.exe
2009-12-15 18:48 . 2009-12-15 18:48 -------- d-----w- c:\documents and settings\Biker\WINDOWS
2009-12-12 22:07 . 2009-12-12 22:07 -------- d--h--w- c:\windows\PIF
2009-12-11 09:58 . 2009-12-11 09:58 -------- d-----w- c:\program files\Common Files\Skype
2009-12-04 16:48 . 2009-12-25 16:44 -------- d-----w- c:\program files\SpeedFan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-25 13:47 . 2009-10-29 10:13 -------- d-----w- c:\documents and settings\Biker\Application Data\Skype
2009-12-25 11:11 . 2009-10-29 10:14 -------- d-----w- c:\documents and settings\Biker\Application Data\skypePM
2009-12-24 10:49 . 2009-10-29 10:06 862040 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-12-24 10:49 . 2009-10-29 10:06 206944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-12-24 10:49 . 2009-10-29 10:06 390288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-12-24 10:49 . 2009-10-29 10:48 537576 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2009-12-24 10:49 . 2009-10-29 10:06 194104 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2009-12-24 10:49 . 2009-10-29 10:06 370744 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-12-24 10:48 . 2009-10-29 10:06 6296864 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-12-24 10:48 . 2009-10-29 10:06 933120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-12-24 10:48 . 2009-10-29 10:06 816272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-12-24 10:48 . 2009-10-29 10:06 822904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-12-24 10:48 . 2009-10-29 10:06 1643272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-12-24 10:48 . 2009-10-29 10:06 788880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-12-24 10:48 . 2009-10-29 10:06 1181328 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-12-24 10:20 . 2009-10-28 09:11 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-23 17:17 . 2009-10-28 09:50 -------- d-----w- c:\program files\Opera
2009-12-21 13:39 . 2009-12-21 13:39 16 ----a-w- c:\documents and settings\Biker\Application Data\fvgqad.dat
2009-12-20 14:02 . 2009-11-24 10:17 -------- d-----w- c:\documents and settings\Biker\Application Data\vlc
2009-12-19 22:59 . 2009-10-31 23:20 -------- d-----w- c:\program files\HappyFoto
2009-12-19 08:36 . 2009-10-29 09:53 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-19 08:35 . 2009-10-29 09:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-17 16:10 . 2009-10-28 08:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-12 15:28 . 2009-12-12 15:28 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-12-11 09:58 . 2009-10-29 10:13 -------- d-----r- c:\program files\Skype
2009-12-11 09:58 . 2009-10-29 10:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-12-09 08:13 . 2009-10-28 09:32 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-05 16:23 . 2009-10-31 18:25 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2009-12-03 17:30 . 2009-10-28 09:27 521376 ----a-w- c:\documents and settings\Biker\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-03 16:50 . 2009-10-28 10:27 -------- d-----w- c:\program files\TuneUp Utilities 2006
2009-12-03 16:38 . 2009-10-29 10:47 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-12-03 16:38 . 2009-10-31 15:52 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}
2009-11-26 10:48 . 2009-10-29 10:06 163728 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-11-26 10:48 . 2009-10-29 10:06 327000 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-11-26 10:48 . 2009-10-29 10:06 87496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-11-26 10:48 . 2009-10-29 10:06 641632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-11-24 10:17 . 2009-11-24 10:17 -------- d-----w- c:\program files\VideoLAN
2009-11-24 09:56 . 2009-11-24 09:56 -------- d-----w- c:\program files\MSECache
2009-11-22 12:02 . 2009-11-22 12:00 -------- d-----w- c:\program files\Software Informer
2009-11-22 11:07 . 2009-11-01 10:45 -------- d-----w- c:\documents and settings\Biker\Application Data\PC Suite
2009-11-12 09:23 . 2009-10-28 09:07 -------- d-----w- c:\program files\Creative
2009-11-12 09:22 . 2009-11-12 09:22 -------- d-----w- c:\program files\Common Files\Creative
2009-11-12 09:22 . 2009-10-28 10:08 -------- d--h--w- c:\program files\Creative Installation Information
2009-11-11 20:27 . 2009-11-11 20:27 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ
2009-11-06 16:16 . 2009-11-06 16:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-06 16:15 . 2009-11-01 10:42 -------- d-----w- c:\program files\MSBuild
2009-11-05 17:59 . 2009-11-05 17:59 -------- d-----w- c:\documents and settings\Biker\Application Data\CyberLink
2009-11-05 17:58 . 2009-11-05 17:58 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-11-05 17:57 . 2009-11-05 17:57 -------- d-----w- c:\program files\CyberLink
2009-11-02 18:56 . 2009-11-02 18:56 -------- d-----w- c:\program files\Common Files\Futuremark Shared
2009-11-02 16:09 . 2009-10-28 08:57 -------- d-----w- c:\program files\Common Files\InstallShield
2009-11-01 12:16 . 2009-11-01 11:23 -------- d-----w- c:\program files\Common Files\Nokia
2009-11-01 12:15 . 2009-11-01 10:45 -------- d-----w- c:\program files\Nokia
2009-11-01 12:15 . 2009-11-01 11:23 -------- d-----w- c:\program files\Common Files\PCSuite
2009-11-01 11:41 . 2009-11-01 10:46 -------- d-----w- c:\documents and settings\Biker\Application Data\Nokia
2009-11-01 11:41 . 2009-11-01 11:41 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-11-01 11:41 . 2009-11-01 11:41 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-11-01 11:40 . 2009-11-01 11:40 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-11-01 11:40 . 2009-11-01 11:40 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-11-01 11:36 . 2009-11-01 10:45 -------- d-----w- c:\program files\DIFX
2009-11-01 11:36 . 2009-11-01 11:36 -------- d-----w- c:\program files\PC Connectivity Solution
2009-11-01 11:36 . 2009-11-01 11:36 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe
2009-11-01 11:36 . 2009-11-01 11:36 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe
2009-11-01 11:36 . 2009-11-01 11:36 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-11-01 11:36 . 2009-11-01 11:36 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe
2009-11-01 11:35 . 2009-11-01 10:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-11-01 11:34 . 2009-11-01 11:36 33773208 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_eng_web.exe
2009-11-01 11:03 . 2009-11-01 11:01 -------- d-----w- c:\documents and settings\Biker\Application Data\NSeries
2009-11-01 11:02 . 2009-11-01 10:46 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2009-11-01 11:00 . 2009-11-01 11:00 -------- d-----w- c:\program files\Windows Media Connect 2
2009-11-01 10:40 . 2009-11-01 10:40 -------- d-----w- c:\program files\Reference Assemblies
2009-10-31 23:20 . 2009-10-31 23:20 -------- d-----w- c:\documents and settings\Biker\Application Data\Happy Foto
2009-10-31 18:29 . 2003-03-28 03:24 86016 ----a-w- c:\windows\system32\OpenAL32.dll
2009-10-31 18:28 . 2009-10-31 18:28 -------- d-----w- c:\program files\Futuremark
2009-10-31 18:19 . 2009-10-31 15:47 -------- d-----w- c:\program files\Uniblue
2009-10-31 18:06 . 2009-10-28 09:11 -------- d-----w- c:\program files\AGEIA Technologies
2009-10-31 17:51 . 2009-10-31 17:51 -------- d-----w- c:\program files\oZone3D
2009-10-31 16:50 . 2009-10-31 16:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Codemasters
2009-10-31 16:48 . 2009-10-31 16:48 -------- d-----w- c:\program files\OpenAL
2009-10-31 16:48 . 2009-10-31 16:48 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-10-31 16:36 . 2009-10-31 16:36 -------- d-----w- c:\program files\Codemasters
2009-10-31 15:53 . 2009-10-31 15:52 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner
2009-10-31 15:52 . 2009-10-31 15:47 -------- d-----w- c:\documents and settings\Biker\Application Data\Uniblue
2009-10-30 18:28 . 2009-10-29 10:11 -------- d-----w- c:\documents and settings\Biker\Application Data\ICQ
2009-10-30 09:39 . 2009-10-29 10:10 -------- d-----w- c:\program files\ICQ6.5
2009-10-29 20:26 . 2009-10-29 20:26 -------- d-----w- c:\documents and settings\Biker\Application Data\Apple Computer
2009-10-29 11:12 . 2009-10-29 11:09 54743966 ----a-w- c:\documents and settings\All Users\Application Data\Creative\Software Update\cache\Creative MediaSource Player_Organizer 3.30.21__\CMS_PCAPP_LB_3_30_21.exe
2009-10-29 11:09 . 2009-10-29 11:07 37406376 ----a-w- c:\documents and settings\All Users\Application Data\Creative\Software Update\cache\Creative MediaSource 5 Player_Organizer 5.25.02__\CMS5_PCAPP_LB_5_25_02.exe
2009-10-29 11:02 . 2009-10-29 11:01 12846328 ----a-w- c:\documents and settings\All Users\Application Data\Creative\Software Update\cache\Creative WaveStudio 7.11.00__\WAVESTD_PCAPP_LB_7_11_00.exe
2009-10-29 10:48 . 2009-10-29 10:48 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-29 10:48 . 2009-10-29 10:48 93360 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2009-10-29 10:48 . 2009-10-29 10:48 554280 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll
2009-10-29 10:48 . 2009-10-29 10:06 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-10-29 10:48 . 2009-10-29 10:48 212480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\VipreBridge.dll
2009-10-29 10:48 . 2009-10-29 10:48 283944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Vipre.dll
2009-10-29 10:48 . 2009-10-29 10:48 1223976 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll
2009-10-29 10:48 . 2009-10-29 10:48 242984 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll
2009-10-29 10:34 . 2009-10-28 08:40 5938 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-10-29 10:34 . 2009-10-28 08:40 166455 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-10-29 10:17 . 2009-10-29 10:17 -------- d-----w- c:\program files\MSXML 4.0
.

((((((((((((((((((((((((((((( SnapShot@2009-12-25_09.08.18 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-07-27 12:00 . 2009-12-25 08:56 67312 c:\windows\system32\perfc009.dat
+ 2007-07-27 12:00 . 2009-12-25 18:18 67312 c:\windows\system32\perfc009.dat
+ 2007-07-27 12:00 . 2009-12-25 18:18 432356 c:\windows\system32\perfh009.dat
- 2007-07-27 12:00 . 2009-12-25 08:56 432356 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"P17Helper"="P17.dll" [2005-05-03 64512]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-25 13680640]
"nwiz"="nwiz.exe" [2008-12-25 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-25 86016]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-12-24 788880]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.24\RivaTuner.exe" [2009-02-25 2781184]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 30208]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-10-30 113664]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Codemasters\\GRID\\GRID.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [28.10.2009 10:42 64288]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28.10.2009 10:35 717296]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [21.12.2009 16:31 108289]
S3 cpuz130;cpuz130;\??\c:\docume~1\Biker\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Biker\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24.9.2009 12:17 1181328]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-07-18 16:53 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

AddRemove-ICQToolbar - c:\program files\ICQ6Toolbar\ICQUnToolbar.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-25 19:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spsh.sys >>UNKNOWN [0x8A3FE938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba10cf28
\Driver\ACPI -> ACPI.sys @ 0xb9e67cb8
\Driver\atapi -> atapi.sys @ 0xb9ce8b40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xb9bdebb0
PacketIndicateHandler -> NDIS.sys @ 0xb9bcda0d
SendHandler -> NDIS.sys @ 0xb9be1b40
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2452)
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Rundll32.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Completion time: 2009-12-25 19:23:09 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-25 18:23
ComboFix2.txt 2009-12-25 09:09

Pre-Run: 90 696 183 808 bytes free
Post-Run: 12 adresárov, 90 609 512 448 voľných bajtov

- - End Of File - - 78224814943D60D673EAB5B0D81C7DC8

Je to už v poriadku?????

pitimir · Napísal **pitimir**: 26.12.2009 19:08

Este cosi

1) Stiahni Defogger. Spust, klik na "Disable" -> "OK". V mieste spustenia by sa mal zjavit log, ten sem vloz.

2) Start -> Spustit -> (napis) cmd /c mbr.exe -t >log.txt&start log.txt
Otvori sa textak (log.txt), aj jeho obsah sem skopiruj.

booom · Napísal autor témy **booom**: 27.12.2009 12:38

1)
defogger_disable by jpshortstuff (28.11.09.2)
Log created at 12:27 on 27/12/2009 (Biker)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed

Checking for services/drivers...
Unable to read sptd.sys
SPTD -> Disabled (Service running -> reboot required)

-=E.O.F=-

2)
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK

Už mám PC v poriadku??? Som zbavený rootkitu alebo čo vlastne som mal v nevporiadku, pripadne napadnuté a čím???

pitimir · Napísal **pitimir**: 27.12.2009 13:41

Uz je to OK.

1) Docistime to:

Odinstaluj Combofix:
Start -> Spustit -> (napis) combofix /uninstall

Pouzi T-Cleaner (ak by ho antivirus hlasil ako smejda, nic sa netreba bat, ide len o paranoju AV programu).

Precisti PC CCleanerom (vratane registrov).

Pouzi TFC (spust program a klikni na "Start". Pozor, PC moze byt restartovane).

2) Vloz log z HJT.

V pripade nezrovnalosti sa >>tu<< nachadza navod.

Avira...

Podobné témy