HDD po restarte

Dobry den,
precital som si par rad, ale ziadna mi nepomaha:(

po restarte PC, nabehne system XP v poriadku, len na systemovej casti ako keby sa nieco deje, co spomaluje pc, cca 10-15 min sa hdd ukludni

ten zvuk co ten disk vydava je ako pri defragmentacii/scandisku... prosim poradte ako to vyriesit... skusal som i CHKNTFS /X C: ale neako nezabera:(

dakujem

Windows Vista?Pokud ano,je to normální.

ee, Windows XP

Najskor mas napadnute pc..
Pre zaciatok posli vypis z utility Hijackthis.
http://www.trendsecure.com/portal/en-US ... ckthis.php
Spusti [Scan a Save log] a potom cely obsah(Ctrl+A) skopirujes(Ctrl+C) a vloz(CTrl+V) sem do fora.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:35:43, on 29.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\APPs\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\UltraFXP\UltraFxp.exe
D:\APPs\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
D:\APPs\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\alg.exe
E:\-.- MIRc -.-\mIRCescape3n\mirc.exe
D:\APPs\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\totalcmd\TOTALCMD.EXE
E:\-.- MIRc -.-\mircZzZz\mirc.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\@lfa\Local Settings\Temp\wzc363\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - D:\APPs\FlashFXP\IEFlash.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RunDLL32.exe" NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] "D:\APPs\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AAWTray] D:\APPs\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = D:\APPs\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Download All by FlashGet - D:\APPs\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - D:\APPs\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\APPs\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\APPs\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\APPs\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\APPS\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\APPS\FLASHGET\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3084506931
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.30 85.255.112.150
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.30 85.255.112.150
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\APPs\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: O&O Defrag 2000 (OOD2000) - O&O Software GmbH - C:\WINDOWS\system32\OOD2000.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - D:\APPs\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 6586 bytes

Skus stiahnuť utilitku filemon: http://technet.microsoft.com/en-us/sysi ... 96642.aspx , monitoruje aktivitu súborov na zvolených diskoch, nie je to žiadna zákerná utilitka od microsoftu , pôvodne je od sysinternals. No a hneď po štarte ju spusti a sleduj čo spôsobuje to zaťaženie disku.

pravidelne a najviac je to subor
services.exe:720 a robi asi toto:

services.exe:720 OPEN
services.exe:720 LOCK
services.exe:720 QUERY INFORMATION
services.exe:720 READ
services.exe:720 UNLOCK
services.exe:720 CLOSE

a tak to robi v ramci kazdeho diru na C:

OK, je tam aj ďaľšia položka, že "path" s ktorou aplikáciou pracuje najviac "services.exe"?

urobil som par pics

http://mujweb.cz/www/skgirl/sysinternal.JPG

http://mujweb.cz/www/skgirl/sysinternal2.JPG

"path" som neako nepochopil...

aham jup jasne aj path... viac na prilozenych oblazkoch... som vazne uz zufaly:(

1) Ak máš zapojené do USB nejaké Bluetooth zariadnie, vypni ho cez windows a odpoj fyzicky, reštart. Ak nie, prípadne nepomôže, bod:

2) Vypni sieť v "sieťových pripojeniach" -> "pripojenie k miestnej sieti" -> "vypnúť", reštart. Ak PC pôjde normálne, chybu budeme hľadať tam, ak nie, bod:

3) Stiahni: http://download.sysinternals.com/Files/ ... plorer.zip a pozri sa, aké procesy sú spustené hneď pod "services.exe", pokým bude vyťažený na 100% klikni hore na "file" -> "save as" a textovy vycus pastni sem.

1) nemam ziadne bluetooth
2) vypol som, po restarte znovu sa to zacalo chovat tak isto
3) stiahol a sputil som process explorer

Process PID CPU Description Company Name
System Idle Process 0
Interrupts n/a 0.97 Hardware Interrupts
DPCs n/a 0.97 Deferred Procedure Calls
System 4 0.97
smss.exe 888 Windows NT Session Manager Microsoft Corporation
csrss.exe 944 Client Server Runtime Process Microsoft Corporation
winlogon.exe 984 Windows NT Logon Application Microsoft Corporation
services.exe 1056 7.77 Services and Controller app Microsoft Corporation
svchost.exe 1332 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1380 86.41 Generic Host Process for Win32 Services Microsoft Corporation
wuauclt.exe 2276 Automatic Updates Microsoft Corporation
svchost.exe 1436 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1672 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1892 Generic Host Process for Win32 Services Microsoft Corporation
spoolsv.exe 2024 Spooler SubSystem App Microsoft Corporation
CTSVCCDA.EXE 340 Creative Service for CDROM Access Creative Technology Ltd
mdm.exe 420 Machine Debug Manager Microsoft Corporation
nvsvc32.exe 464 NVIDIA Driver Helper Service, Version 93.71 NVIDIA Corporation
svchost.exe 592 Generic Host Process for Win32 Services Microsoft Corporation
alg.exe 2008 Application Layer Gateway Service Microsoft Corporation
lsass.exe 1068 LSA Shell (Export Version) Microsoft Corporation
explorer.exe 1912 2.91 Windows Explorer Microsoft Corporation
rundll32.exe 704 Run a DLL as an App Microsoft Corporation
jusched.exe 712 Java(TM) Platform SE binary Sun Microsystems, Inc.
soundman.exe 748 Realtek Sound Manager Realtek Semiconductor Corp.
realsched.exe 776 RealNetworks Scheduler RealNetworks, Inc.
ctfmon.exe 868 CTF Loader Microsoft Corporation
TeaTimer.exe 908 System settings protector Safer Networking Limited
RegistryBooster.exe 912 Uniblue Registry Booster Uniblue Software
WZQKPICK.EXE 936 WinZip Executable WinZip Computing LP
TOTALCMD.EXE 2220 Total Commander 32 bit international version, file manager replacement for Windows C. Ghisler & Co.
procexp.exe 2324 Sysinternals Process Explorer Sysinternals - www.sysinternals.com

respektive cca po 5minutach vypis:

Process PID CPU Description Company Name
System Idle Process 0 44.66
Interrupts n/a 1.94 Hardware Interrupts
DPCs n/a Deferred Procedure Calls
System 4 1.94
smss.exe 880 Windows NT Session Manager Microsoft Corporation
csrss.exe 936 Client Server Runtime Process Microsoft Corporation
winlogon.exe 976 Windows NT Logon Application Microsoft Corporation
services.exe 1048 38.83 Services and Controller app Microsoft Corporation
svchost.exe 1316 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1412 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1552 Generic Host Process for Win32 Services Microsoft Corporation
wuauclt.exe 3460 Automatic Updates Microsoft Corporation
svchost.exe 1608 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1716 Generic Host Process for Win32 Services Microsoft Corporation
spoolsv.exe 220 Spooler SubSystem App Microsoft Corporation
CTSVCCDA.EXE 1488 Creative Service for CDROM Access Creative Technology Ltd
mdm.exe 1524 Machine Debug Manager Microsoft Corporation
nvsvc32.exe 1604 NVIDIA Driver Helper Service, Version 93.71 NVIDIA Corporation
svchost.exe 1712 1.94 Generic Host Process for Win32 Services Microsoft Corporation
alg.exe 2116 Application Layer Gateway Service Microsoft Corporation
lsass.exe 1060 LSA Shell (Export Version) Microsoft Corporation
explorer.exe 2020 0.97 Windows Explorer Microsoft Corporation
rundll32.exe 460 Run a DLL as an App Microsoft Corporation
jusched.exe 468 Java(TM) Platform SE binary Sun Microsystems, Inc.
soundman.exe 484 Realtek Sound Manager Realtek Semiconductor Corp.
realsched.exe 500 RealNetworks Scheduler RealNetworks, Inc.
ctfmon.exe 508 CTF Loader Microsoft Corporation
TeaTimer.exe 516 1.94 System settings protector Safer Networking Limited
RegistryBooster.exe 572 Uniblue Registry Booster Uniblue Software
WZQKPICK.EXE 668 WinZip Executable WinZip Computing LP
TOTALCMD.EXE 2608 Total Commander 32 bit international version, file manager replacement for Windows C. Ghisler & Co.
procexp.exe 2628 2.91 Sysinternals Process Explorer Sysinternals - www.sysinternals.com
MIRC.EXE 2772 0.97 mIRC mIRC Co. Ltd.
firefox.exe 2680 3.88 Firefox Mozilla Corporation
UltraFxp.exe 2700
DAMN_N~1.EXE 3572 DAMN NFO Viewer DAMN

Vždy pokroč na ďaľší bod ak nepomôže predošlí. Ak máš zapnutú funkciu "obnovovanie systému" môžeš vytvoriť bod obnovy pred menením nastavení.

1) Skús vypnúť "povoliť indexovanie pre tento disk" vo vlastnostiach toho konkrétneho disku ak to máš zapnuté, reštart. Ak to nepomôže, mal si to zapnuté a často ani nehľadáš súbory na disku tak to ani nezapínaj.

2) Skús úplne vypnúť automatické aktualizácie pre XP, reštart.

3) Choď do -> "štart" -> "spustiť" -> napíš: "services.msc" -> tam nájdi: "Nvidia Display Driver Service" -> "vlastnosti" -> "typ spustenia" -> "zakázať", reštart ako obyčajne.

4) Pri bootovaní XP stlač F8 a zvoľ núdzový režim, prejavuje sa symptóm?

Všetky body okrem 1. (ľubovoľne) a 4. vráť späť ak sa nič nezmení.

Skús si spomenúť aké zmeny (nastavenie, inštalácia...) si vykonal pred tým ako sa to začalo prejavovať... Ak žiadny z bodov nepomôže, nemôžeme vylúčiť infekciu PC.

Čakám na výsledok.

1) indexovanie som vypol ... zmena sa neprejavila
2) automaticke aktualizacie XP, mam vypnute cez Control Panel/Windows Security Center/ Automatic Updates (automatic updates is turned off) .. to je snad uplne
3) Nvidia som vypol ... zmena sa neprejavila
4) skusil som safe mode, a v tom mi to nerobi

inak som skusal i adware/spybot nieco nasli fixol som ale stale mi to robi to iste... zufalstvo je uz slaby pojem:(

a ved prave to, ja som v pc nic nemenil, ani nic som neinstaloval, a ako je mijasne ze samo od seba to zacat nemoze, ale s problemom si neviem dat rady... ju a mal som aj avast ani ten nic neporiesil...

Dobre, vylúčme nákazu ak tam nie je.

Otvor si Internet Explorer (ak používaš iný prehliadač) a pastni tam toto: http://www.pandasecurity.com/activescan ... &IdPais=63 , neregistruj sa. Vypni všetky programy ktoré nutne nepotrebuješ (okrem antivíru a firewallu) a daj "scan now". Bude to chvíľu trvať samozrejme, keď dokončí scan, vpravo hore sa objaví možnosť uložiť výsledok do textového súboru, ten si ulož a potom ho sem pastni.

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-04-06 21:51:27
PROTECTIONS: 0
MALWARE: 22
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\@lfa\Application Data\Mozilla\Firefox\Profiles\7d32wkkr.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\@lfa\Application Data\Mozilla\Firefox\Profiles\7d32wkkr.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\@lfa\Application Data\Mozilla\Firefox\Profiles\7d32wkkr.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\@lfa\Application Data\Mozilla\Firefox\Profiles\7d32wkkr.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\@lfa\Application Data\Mozilla\Firefox\Profiles\7d32wkkr.default\cookies.txt[.casalemedia.com/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\@lfa\Application Data\Mozilla\Firefox\Profiles\7d32wkkr.default\cookies.txt[.doubleclick.net/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\@lfa\Cookies\@lfa@doubleclick[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\@lfa\Application Data\Mozilla\Firefox\Profiles\7d32wkkr.default\cookies.txt[.atdmt.com/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\@lfa\Application Data\Mozilla\Firefox\Profiles\7d32wkkr.default\cookies.txt[.fastclick.net/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\@lfa\Application Data\Mozilla\Firefox\Profiles\7d32wkkr.default\cookies.txt[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\@lfa\Application Data\Mozilla\Firefox\Profiles\7d32wkkr.default\cookies.txt[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\@lfa\Application Data\Mozilla\Firefox\Profiles\7d32wkkr.default\cookies.txt[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\@lfa\Application Data\Mozilla\Firefox\Profiles\7d32wkkr.default\cookies.txt[.tribalfusion.com/]
00145869 Cookie/SpyLog TrackingCookie No 0 Yes No C:\Documents and Settings\@lfa\Application Data\Mozilla\Firefox\Profiles\7d32wkkr.default\cookies.txt[.spylog.com/]
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Documents and Settings\@lfa\Application Data\Mozilla\Firefox\Profiles\7d32wkkr.default\cookies.txt[.revenue.net/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\@lfa\Application Data\Mozilla\Firefox\Profiles\7d32wkkr.default\cookies.txt[.com.com/]
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\@lfa\Application Data\Mozilla\Firefox\Profiles\7d32wkkr.default\cookies.txt[.yadro.ru/]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\@lfa\Application Data\Mozilla\Firefox\Profiles\7d32wkkr.default\cookies.txt[.xiti.com/]
00167724 Cookie/HotLog TrackingCookie No 0 Yes No C:\Documents and Settings\@lfa\Application Data\Mozilla\Firefox\Profiles\7d32wkkr.default\cookies.txt[.hotlog.ru/]
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\@lfa\Application Data\Mozilla\Firefox\Profiles\7d32wkkr.default\cookies.txt[.toplist.cz/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\@lfa\Application Data\Mozilla\Firefox\Profiles\7d32wkkr.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\@lfa\Application Data\Mozilla\Firefox\Profiles\7d32wkkr.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\@lfa\Application Data\Mozilla\Firefox\Profiles\7d32wkkr.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\@lfa\Application Data\Mozilla\Firefox\Profiles\7d32wkkr.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\@lfa\Application Data\Mozilla\Firefox\Profiles\7d32wkkr.default\cookies.txt[ad.yieldmanager.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\@lfa\Application Data\Mozilla\Firefox\Profiles\7d32wkkr.default\cookies.txt[.apmebf.com/]
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\@lfa\Application Data\Mozilla\Firefox\Profiles\7d32wkkr.default\cookies.txt[stat.onestat.com/]
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\@lfa\Application Data\Mozilla\Firefox\Profiles\7d32wkkr.default\cookies.txt[stat.onestat.com/]
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\@lfa\Application Data\Mozilla\Firefox\Profiles\7d32wkkr.default\cookies.txt[stat.onestat.com/]
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\@lfa\Application Data\Mozilla\Firefox\Profiles\7d32wkkr.default\cookies.txt[stat.onestat.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\@lfa\Application Data\Mozilla\Firefox\Profiles\7d32wkkr.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\@lfa\Application Data\Mozilla\Firefox\Profiles\7d32wkkr.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\@lfa\Application Data\Mozilla\Firefox\Profiles\7d32wkkr.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\@lfa\Application Data\Mozilla\Firefox\Profiles\7d32wkkr.default\cookies.txt[.advertising.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\@lfa\Application Data\Mozilla\Firefox\Profiles\7d32wkkr.default\cookies.txt[.realmedia.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\@lfa\Application Data\Mozilla\Firefox\Profiles\7d32wkkr.default\cookies.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\@lfa\Application Data\Mozilla\Firefox\Profiles\7d32wkkr.default\cookies.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\@lfa\Application Data\Mozilla\Firefox\Profiles\7d32wkkr.default\cookies.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\@lfa\Application Data\Mozilla\Firefox\Profiles\7d32wkkr.default\cookies.txt[.adultfriendfinder.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\@lfa\Cookies\@lfa@atwola[1].txt
00513107 Trj/Ruins.IC Virus/Trojan No 1 Yes No C:\WINDOWS\system32\kdiju.exe
01143518 Trj/Downloader.OTR Virus/Trojan No 1 Yes No C:\Documents and Settings\@lfa\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\java.class-a70697f-3a0d41e1.class
01143518 Trj/Downloader.OTR Virus/Trojan No 1 Yes No C:\Documents and Settings\@lfa\Application Data\Sun\Java\Deployment\cache\6.0\40\2b2d8ee8-71f4c877
01143518 Trj/Downloader.OTR Virus/Trojan No 1 Yes No C:\Documents and Settings\@lfa\Application Data\Sun\Java\Deployment\cache\6.0\8\36851408-2ac8bd1c
01143518 Trj/Downloader.OTR Virus/Trojan No 1 Yes No C:\Documents and Settings\@lfa\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\java.class-37cb8dd2-3ba9f3ca.class
01942368 Exploit/Gimsh.A HackTools No 0 Yes No C:\Documents and Settings\@lfa\Application Data\Sun\Java\Deployment\cache\6.0\3\785b6d83-7a132c9e[BaaaaBaa.class]
;===================================================================================================================================================================================
SUSPECTS
Sent Location 8
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description 8
;===================================================================================================================================================================================
184380 MEDIUM MS08-002 8
184379 MEDIUM MS08-001 8
182048 HIGH MS07-069 8
182046 HIGH MS07-067 8
182043 HIGH MS07-064 8
179553 HIGH MS07-061 8
176382 HIGH MS07-057 8
176383 HIGH MS07-058 8
170911 HIGH MS07-050 8
170907 HIGH MS07-046 8
170906 HIGH MS07-045 8
170904 HIGH MS07-043 8
164915 HIGH MS07-035 8
164913 HIGH MS07-033 8
164911 HIGH MS07-031 8
160623 HIGH MS07-027 8
157262 HIGH MS07-022 8
157261 HIGH MS07-021 8
157260 HIGH MS07-020 8
157259 HIGH MS07-019 8
156477 HIGH MS07-017 8
150253 HIGH MS07-016 8
150249 HIGH MS07-013 8
150248 HIGH MS07-012 8
150247 HIGH MS07-011 8
150243 HIGH MS07-008 8
150242 HIGH MS07-007 8
150241 MEDIUM MS07-006 8
141034 HIGH MS06-076 8
141033 MEDIUM MS06-075 8
141030 HIGH MS06-072 8
137571 HIGH MS06-070 8
137568 HIGH MS06-067 8
131654 HIGH MS06-055 8
126083 HIGH MS06-042 8
120815 HIGH MS06-022 8
120814 HIGH MS06-021 8
114664 HIGH MS06-013 8
;===================================================================================================================================================================================

Toto stiahni, rozbaľ a spusti: http://www.gmer.net/gmer.zip

V programe choď na položku "Rootkit/Malware", hore.
Potom vpravo dole daj "scan" a po dokončení daj "save".

Keďže som si všimol že sem pastnuté logy nemajú dodržané tabulátory, zvyknú byť neprehľadné.
A tento výstupný log bude o dosť väčší, pošli mi ho preto sem: Sentinel.info@yahoo.com

Toto vymaž ručne:
C:\WINDOWS\system32\kdiju.exe
C:\Documents and Settings\@lfa\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\java.class-a70697f-3a0d41e1.class
C:\Documents and Settings\@lfa\Application Data\Sun\Java\Deployment\cache\6.0\40\2b2d8ee8-71f4c877
C:\Documents and Settings\@lfa\Application Data\Sun\Java\Deployment\cache\6.0\8\36851408-2ac8bd1c
C:\Documents and Settings\@lfa\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\java.class-37cb8dd2-3ba9f3ca.class
C:\Documents and Settings\@lfa\Application Data\Sun\Java\Deployment\cache\6.0\3\785b6d83-7a132c9e[BaaaaBaa.class]

Aktualizuj JAVU:
https://sdlc6d.sun.com/ECom/EComActionServlet;jsessionid=E69580D905A705009F0F26347D2EF489

A zapni si automatické aktualizácie windows XP, nečakaj na SP3!

ahoj
vies co sa mi stalo, a nic som ani neurobil... po tom gmer teste mi po restarte hodilo neaku chybu v services.exe, automaticky sa mi restartol comp a odvtedy ten hdd uz poslucha:))

To je fajn , len škoda, že nevieme čo je prapríčina .

mam jednu otazku pouzivam len mozzilu a internet exproler nepouzivam ked sa pozriem do cookie suborov internetu explorelu mam tam cokie aj ked nepouzivam internet explorer
mam tam cookie:
toplist

prosim o pomoc

mam jednu otazku pouzivam len mozzilu a internet exproler nepouzivam ked sa pozriem do cookie suborov internetu explorelu mam tam cokie aj ked nepouzivam internet explorer
mam tam cookie:
toplist

prosim o pomoc

Na to aby sa Ti objavilo cookie nemusíš IE vôbec otvoriť. Vyobrazovacie jadro IE používajú aj niektoré programy, ktoré pristupujú na internet. Otvor si IE a v nastaveniach -> ochrana osobných údajov -> blokovať všetky cookie. Všetky programy ktoré využívajú IE na prístup k internetu tak budú ovplyvnené. Ale rozmysli si to, či Ti to takto neovplyvní funkcionalitu programov ktoré cookie vyžadujú. Cookies ak nepoužívaš IE sú neškodné...

ok diki ja uz som to urobil a uz sa mi nerobia
lebo mne sa robili aj tracing cokie ale teraz uz nie