Prosim o pomoc alebo radu mam problem s dvomi dll subormi

Vlož ich cesty do poľa na stránke a uvidíme.


Ten súbor poznáš?

No ten subor setup.exe neviem co tam robi ja na F nic nemam je to dvd mechanika takze neviem

a nejak dlho mi odosiela na tej stranke ten zip.exe

Cau aviro, no Ty koki, budu tam a su uz pripravene,,bode ich volat v hiden run po spusteni .. ak sa nemylim

A ked predtym co davam odoslat subor mam zaskrtnut tie dva podtym alebo nie? a kazdy subor co som dal tak dlho odosiela a nic...

No nič ja uz musim ist off maj sa a skus na daco prijst zajtra to doriesime

1. Odznac si "skryt zname pripony suborov.." v menu Tento pocitac. moznosti zlozky.
2. Na ploche vytvor novy textovy subor. Premenuj ho na zistim.bat
zistim.bat musi mat ikonu "servisne koliesko". Ak nema vrat sa k bodu 1.

Pravym tlacitkom daj nan - upravit a vloz tam toto:


Uloz a spusti zistim.bat.
Zobrazeny obsah suboru mam.txt skopiruj sem do fora.,, nech vieme co s tym..

No posli este raz aj aktualny vypis z hijackThis..

Ok tak LOG zo mam.txt
Pozri (rb) c:
=================================
4:13.10.2007 10:45 54 mam.txt
5:13.10.2007 10:45 1˙395 zistim.bat
6:12.10.2007 23:40 157 CFScript_used_2007-10-12@23.43.txt
7:11.10.2007 22:49 1˙522˙185 ComboFix.exe
8:11.10.2007 22:47 7˙552 avatar_120_galactica_146.jpg
9:11.10.2007 21:37 525 Odkaz na WoW.lnk
10:11.10.2007 21:30 482 HAHA nejde.lnk
11:11.10.2007 19:31 130˙048 avenger.exe
12:11.10.2007 18:46 5˙632 Thumbs.db
13:11.10.2007 18:27 96˙978 VirtumundoBeGone.exe
14:11.10.2007 18:27 116˙224 VundoFix.exe
15:11.10.2007 16:16 1˙734 HijackThis.lnk
16:05.10.2007 17:09 715 Odkaz na Transformers.lnk
17:04.10.2007 14:15 38˙400 tutulutu.doc
18:29.09.2007 23:11 933 Spybot - Search & Destroy.lnk
19:17.09.2007 19:04 2˙559 Microsoft Word.lnk
20:16.09.2007 23:22 745 Odkaz na iexplore.lnk
21:14.09.2007 22:26 583 Odkaz na mirc.lnk
22:07.09.2007 17:57 593 Odkaz na WPE PRO.lnk
23:01.09.2007 23:21 622 Cheat Engine.lnk
24:20.08.2007 22:40 41˙472 omfgg.doc
25:20.08.2007 22:37 72˙704 omfg.doc
26:05.08.2007 14:24 582 ZipX.lnk
27:28.07.2007 22:05 607 Odkaz na speed.lnk
28:28.07.2007 15:58 579 Odkaz na nfsc.lnk
29:07.07.2007 17:28 759 YouTube Downloader.lnk
30:07.07.2007 14:28 159˙232 Zoznam Filmov.doc
31:25.06.2007 15:53 840 Navicat MySQL.lnk
32:24.06.2007 18:24 1˙607 Counter-Strike Source.lnk
33:24.06.2007 18:24 1˙607 Half-Life 2.lnk
34:24.06.2007 18:01 559 Steam.lnk
35:17.06.2007 20:57 91˙136 Moderně §ivotně çtěl.doc
36:15.06.2007 23:27 783 WC3Banlist.lnk
37:15.06.2007 14:04 775 BSplayer.lnk
38:15.06.2007 13:13 529 Odkaz na w3l.lnk
39:14.06.2007 23:31 848 Odkaz na Photoshop.lnk
40:14.06.2007 20:07 592 Opera.lnk
41:14.06.2007 18:31 548 Total Commander.lnk
42:14.06.2007 16:21 335 Odkaz na Moje dokumenty.lnk
43:14.06.2007 16:21 104 Odkaz na Tento poźˇtaź.lnk
44:12.06.2007 23:03 2˙052 Microsoft Excel.lnk
45:20.11.2006 15:46 909˙312 MPQEditor.exe
Skryte schovane priamo na c: (rb)
=================================
Zv„zok v jednotke C nem  §iadnu menovku.
S‚riov‚ źˇslo zv„zku je 647A-3D47

Věpis adres ra c:\

11.10.2007 15:23 <DIR> $VAULT$.AVG
12.06.2007 22:20 211 boot.ini
10.10.2007 23:03 <DIR> Config.Msi
12.06.2007 22:26 0 IO.SYS
12.06.2007 22:26 0 MSDOS.SYS
03.08.2004 23:38 47˙564 NTDETECT.COM
03.08.2004 23:59 250˙032 ntldr
01.01.2003 00:01 1˙610˙612˙736 pagefile.sys
14.06.2007 20:10 <DIR> RECYCLER
13.06.2007 00:01 <DIR> System Volume Information
6 sŁborov, 1˙610˙910˙543 bajtov
4 adres rov, 58˙811˙215˙872 vo–něch bajtov
Pozri C:\WINDOWS co nove
=================================
4:13.10.2007 10:39 1˙921˙494 WindowsUpdate.log
5:13.10.2007 00:46 32˙592 SchedLgU.Txt
6:13.10.2007 00:02 3˙160 wincmd.ini
7:13.10.2007 00:02 407 wcx_ftp.ini
8:12.10.2007 22:59 411 wiadebug.log
9:11.10.2007 22:42 52 wiaservc.log
10:11.10.2007 22:04 846˙769 setupapi.log
11:11.10.2007 19:08 91˙394 ntbtlog.txt
12:11.10.2007 14:07 116 NeroDigital.ini
13:10.10.2007 21:24 737˙280 iun6002.exe
14:10.10.2007 20:02 738˙751 iis6.log
15:10.10.2007 20:02 227˙958 comsetup.log
16:10.10.2007 20:02 136˙220 ntdtcsetup.log
17:10.10.2007 20:02 300˙750 tsoc.log
18:10.10.2007 20:02 33˙285 tabletoc.log
19:10.10.2007 20:02 1˙393 imsins.log
20:10.10.2007 20:02 35˙769 ocmsn.log
21:10.10.2007 20:02 3˙810 KB906569.log
22:10.10.2007 20:01 114˙339 netfxocm.log
23:10.10.2007 20:01 315˙080 ocgen.log
24:10.10.2007 20:01 45˙262 MedCtrOC.log
25:10.10.2007 20:01 32˙698 msgsocm.log
26:10.10.2007 20:01 648˙370 FaxSetup.log
27:10.10.2007 20:01 205˙630 msmqinst.log
28:10.10.2007 14:57 13˙873 KB933729.log
29:10.10.2007 14:57 1˙393 imsins.BAK
30:10.10.2007 14:57 65˙759 updspapi.log
31:10.10.2007 14:56 23˙306 KB939653-IE7.log
32:10.10.2007 14:55 10˙315 KB941202.log
33:09.10.2007 02:32 95 wininit.ini
34:06.10.2007 15:20 337 WPE PRO.INI
35:06.10.2007 15:20 30 HexEditor_FindList.hed
36:05.10.2007 11:06 60˙416 ALCFDRTM.VER
37:30.09.2007 17:35 32 go
38:30.09.2007 17:28 32 hip
39:28.09.2007 19:06 23˙398 KB937143-IE7.log
40:28.09.2007 19:04 11˙799 KB938127-IE7.log
Pozri C:\WINDOWS\system32
=================================
4:13.10.2007 10:39 468˙802 perfh009.dat
5:13.10.2007 10:39 91˙564 perfc009.dat
6:13.10.2007 10:39 3˙464 PerfStringBackup.INI
7:11.10.2007 19:08 999 ppqss.ini
8:10.10.2007 22:00 138˙893 nvapps.xml
9:10.10.2007 21:15 664 d3d9caps.dat
10:07.10.2007 13:42 2˙574 rlnuacdr.ini
11:05.10.2007 10:07 279˙552 swreg.exe
12:01.10.2007 10:37 97 mcrh.tmp
13:30.09.2007 19:17 4˙647 jupdate-1.6.0_02-b06.log
14:30.09.2007 11:24 694˙501 gfuamqro.ini
15:29.09.2007 18:31 694˙081 dfgamdax.ini
16:29.09.2007 12:47 4˙212 zllictbl.dat
17:28.09.2007 18:27 693˙772 vhbbutox.ini
18:28.09.2007 13:32 16˙832 amcompat.tlb
19:28.09.2007 13:32 23˙392 nscompat.tlb
20:28.09.2007 07:19 18˙089˙592 MRT.exe
21:27.09.2007 19:34 249˙988 TZLog.log
22:27.09.2007 13:49 693˙421 sxpnfppd.ini
23:26.09.2007 19:30 694˙921 ldvsmwse.ini
24:26.09.2007 10:52 694˙741 hgblbeqy.ini
25:23.09.2007 20:21 693˙712 mkrcfrpc.ini
26:21.09.2007 12:55 221˙632 FNTCACHE.DAT
27:17.09.2007 01:24 356˙352 nvugart.exe
28:17.09.2007 01:24 356˙352 nvuide.exe
29:17.09.2007 01:24 356˙352 NVUNINST.EXE
30:17.09.2007 01:24 356˙352 nvusmb.exe
31:17.09.2007 01:07 413˙696 nvcpl.cpl
32:17.09.2007 01:07 8˙491˙008 nvcpl.dll
33:17.09.2007 01:07 753˙664 nvcplui.exe
34:17.09.2007 01:07 17˙525 nvdisp.nvu
35:17.09.2007 01:07 45˙056 nvmccsrs.dll
36:17.09.2007 01:07 1˙339˙392 nvdspsch.exe
37:17.09.2007 01:07 307˙200 nvexpbar.dll
38:17.09.2007 01:07 3˙334˙144 nvgames.dll
39:17.09.2007 01:07 147˙456 nvcolor.exe
40:17.09.2007 01:07 425˙984 keystone.exe
co s tym setup.exe (rb)
===============

log z hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:47:06, on 13.10.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vokr.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.sk/buxus/docs/OnlineScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B2417317-2635-4552-B035-BDF6F7975EC4}: NameServer = 193.58.193.11,195.12.128.1
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

--
End of file - 6896 bytes

1) Zmaž adresár Avenger z disku C


2) Použi Avenger a vlož do neho toto:



3) Potom mi pošli s heslom "infected" spakovaný archív backup.zip /adresár Avenger na disku C/

threat.samples@gmail.com


* ale chcem až tú novú zálohu

Odoslane amtu je log ak ces

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ijdenfrf

*******************

Script file located at: \??\C:\bkhyqnbt.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\swreg.exe deleted successfully.
File C:\WINDOWS\system32\MRT.exe deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Ok dal som heslo poslane priso ti to? ale ked som odoslan mam email na centrume mi napisalo toto : Odoslali ste správu s prílohou 9 MB mimo Centrum.sk na adresu, ktorá nemusí vedieť veľkú prílohu prijať. Ak chcete odosielať prílohy až 15 MB, odporúčame príjemcovi e-mail na Centrum.sk


//: a ako pridam heslo?

Tak ja tu meditujem zbytočne.


Pri pakovaní z kontextovej ponuky Windows (pridať do archívu...) daj menu rozšírené - nastaviť heslo.

ok tu to skus stahnut http://www.edisk.sk/stahni/76792/backup.zip_9.23MB.html

Jo, diki. Ten jeden súbor je na 99% OK a ten druhý uvidím, čo spraví.


Ako sa správa počítač?

zatial sa sprava dobre hra zatial nesekla poviem ti ked sekne alebo nieco ani vo windowse to neseklo ked nieco tak sa ozvem zatial diki

Som rád, že sme to vyriešili. Mal si tam peknú zbierku šmejdstva.

zas mi to seklo dlho dlho nic a zas

Nový log podľa návodu Roberba a ComboFixu

Pozri (rb) c:
=================================
4:13.10.2007 21:14 54 mam.txt
5:13.10.2007 21:14 1˙377 zistim.bat
6:11.10.2007 22:49 1˙522˙185 ComboFix.exe
7:11.10.2007 22:47 7˙552 avatar_120_galactica_146.jpg
8:11.10.2007 21:37 525 Odkaz na WoW.lnk
9:11.10.2007 21:30 482 HAHA nejde.lnk
10:11.10.2007 19:31 130˙048 avenger.exe
11:11.10.2007 18:46 5˙632 Thumbs.db
12:11.10.2007 18:27 96˙978 VirtumundoBeGone.exe
13:11.10.2007 18:27 116˙224 VundoFix.exe
14:11.10.2007 16:16 1˙734 HijackThis.lnk
15:05.10.2007 17:09 715 Odkaz na Transformers.lnk
16:04.10.2007 14:15 38˙400 tutulutu.doc
17:29.09.2007 23:11 933 Spybot - Search & Destroy.lnk
18:28.09.2007 13:33 788 Windows Media Player.lnk
19:17.09.2007 19:04 2˙559 Microsoft Word.lnk
20:16.09.2007 23:22 745 Odkaz na iexplore.lnk
21:14.09.2007 22:26 583 Odkaz na mirc.lnk
22:07.09.2007 17:57 593 Odkaz na WPE PRO.lnk
23:01.09.2007 23:21 622 Cheat Engine.lnk
24:20.08.2007 22:40 41˙472 omfgg.doc
25:20.08.2007 22:37 72˙704 omfg.doc
26:05.08.2007 14:24 582 ZipX.lnk
27:28.07.2007 22:05 607 Odkaz na speed.lnk
28:28.07.2007 15:58 579 Odkaz na nfsc.lnk
29:07.07.2007 17:28 759 YouTube Downloader.lnk
30:07.07.2007 14:28 159˙232 Zoznam Filmov.doc
31:25.06.2007 15:53 840 Navicat MySQL.lnk
32:24.06.2007 18:24 1˙607 Counter-Strike Source.lnk
33:24.06.2007 18:24 1˙607 Half-Life 2.lnk
34:24.06.2007 18:01 559 Steam.lnk
35:17.06.2007 20:57 91˙136 Moderně §ivotně çtěl.doc
36:15.06.2007 23:27 783 WC3Banlist.lnk
37:15.06.2007 14:04 775 BSplayer.lnk
38:15.06.2007 13:13 529 Odkaz na w3l.lnk
39:14.06.2007 23:31 848 Odkaz na Photoshop.lnk
40:14.06.2007 20:07 592 Opera.lnk
41:14.06.2007 18:31 548 Total Commander.lnk
42:14.06.2007 16:21 335 Odkaz na Moje dokumenty.lnk
43:14.06.2007 16:21 104 Odkaz na Tento poźˇtaź.lnk
44:12.06.2007 23:03 2˙052 Microsoft Excel.lnk
45:20.11.2006 15:46 909˙312 MPQEditor.exe
Skryte schovane priamo na c: (rb)
=================================
Zv„zok v jednotke C nem  §iadnu menovku.
S‚riov‚ źˇslo zv„zku je 647A-3D47

Věpis adres ra c:\

11.10.2007 15:23 <DIR> $VAULT$.AVG
12.06.2007 22:20 211 boot.ini
10.10.2007 23:03 <DIR> Config.Msi
12.06.2007 22:26 0 IO.SYS
12.06.2007 22:26 0 MSDOS.SYS
03.08.2004 23:38 47˙564 NTDETECT.COM
03.08.2004 23:59 250˙032 ntldr
13.10.2007 21:04 1˙610˙612˙736 pagefile.sys
14.06.2007 20:10 <DIR> RECYCLER
13.06.2007 00:01 <DIR> System Volume Information
6 sŁborov, 1˙610˙910˙543 bajtov
4 adres rov, 58˙714˙243˙072 vo–něch bajtov
Pozri C:\WINDOWS co nove
=================================
4:13.10.2007 21:05 1˙946˙278 WindowsUpdate.log
5:13.10.2007 21:05 0 0.log
6:13.10.2007 21:04 2˙048 bootstat.dat
7:13.10.2007 21:03 32˙592 SchedLgU.Txt
8:13.10.2007 19:37 3˙282 wincmd.ini
9:13.10.2007 19:18 407 wcx_ftp.ini
10:12.10.2007 22:59 411 wiadebug.log
11:11.10.2007 22:42 52 wiaservc.log
12:11.10.2007 22:04 846˙769 setupapi.log
13:11.10.2007 19:08 91˙394 ntbtlog.txt
14:11.10.2007 14:07 116 NeroDigital.ini
15:10.10.2007 21:24 737˙280 iun6002.exe
16:10.10.2007 20:02 738˙751 iis6.log
17:10.10.2007 20:02 227˙958 comsetup.log
18:10.10.2007 20:02 136˙220 ntdtcsetup.log
19:10.10.2007 20:02 300˙750 tsoc.log
20:10.10.2007 20:02 33˙285 tabletoc.log
21:10.10.2007 20:02 35˙769 ocmsn.log
22:10.10.2007 20:02 1˙393 imsins.log
23:10.10.2007 20:02 3˙810 KB906569.log
24:10.10.2007 20:01 315˙080 ocgen.log
25:10.10.2007 20:01 45˙262 MedCtrOC.log
26:10.10.2007 20:01 114˙339 netfxocm.log
27:10.10.2007 20:01 32˙698 msgsocm.log
28:10.10.2007 20:01 648˙370 FaxSetup.log
29:10.10.2007 20:01 205˙630 msmqinst.log
30:10.10.2007 14:57 13˙873 KB933729.log
31:10.10.2007 14:57 1˙393 imsins.BAK
32:10.10.2007 14:57 65˙759 updspapi.log
33:10.10.2007 14:56 23˙306 KB939653-IE7.log
34:10.10.2007 14:55 10˙315 KB941202.log
35:09.10.2007 02:32 95 wininit.ini
36:06.10.2007 15:20 337 WPE PRO.INI
37:06.10.2007 15:20 30 HexEditor_FindList.hed
38:05.10.2007 11:06 60˙416 ALCFDRTM.VER
39:30.09.2007 17:35 32 go
40:30.09.2007 17:28 32 hip
Pozri C:\WINDOWS\system32
=================================
4:13.10.2007 11:22 2˙262 wpa.dbl
5:13.10.2007 10:39 468˙802 perfh009.dat
6:13.10.2007 10:39 91˙564 perfc009.dat
7:13.10.2007 10:39 3˙464 PerfStringBackup.INI
8:11.10.2007 19:08 999 ppqss.ini
9:10.10.2007 22:00 138˙893 nvapps.xml
10:10.10.2007 21:15 664 d3d9caps.dat
11:07.10.2007 13:42 2˙574 rlnuacdr.ini
12:01.10.2007 10:37 97 mcrh.tmp
13:30.09.2007 19:17 4˙647 jupdate-1.6.0_02-b06.log
14:30.09.2007 11:24 694˙501 gfuamqro.ini
15:29.09.2007 18:31 694˙081 dfgamdax.ini
16:29.09.2007 12:47 4˙212 zllictbl.dat
17:28.09.2007 18:27 693˙772 vhbbutox.ini
18:28.09.2007 13:32 16˙832 amcompat.tlb
19:28.09.2007 13:32 23˙392 nscompat.tlb
20:27.09.2007 19:34 249˙988 TZLog.log
21:27.09.2007 13:49 693˙421 sxpnfppd.ini
22:26.09.2007 19:30 694˙921 ldvsmwse.ini
23:26.09.2007 10:52 694˙741 hgblbeqy.ini
24:23.09.2007 20:21 693˙712 mkrcfrpc.ini
25:21.09.2007 12:55 221˙632 FNTCACHE.DAT
26:17.09.2007 01:24 356˙352 NVUNINST.EXE
27:17.09.2007 01:24 356˙352 nvuide.exe
28:17.09.2007 01:24 356˙352 nvugart.exe
29:17.09.2007 01:24 356˙352 nvusmb.exe
30:17.09.2007 01:07 413˙696 nvcpl.cpl
31:17.09.2007 01:07 8˙491˙008 nvcpl.dll
32:17.09.2007 01:07 753˙664 nvcplui.exe
33:17.09.2007 01:07 17˙525 nvdisp.nvu
34:17.09.2007 01:07 188˙416 nvmccss.dll
35:17.09.2007 01:07 1˙339˙392 nvdspsch.exe
36:17.09.2007 01:07 307˙200 nvexpbar.dll
37:17.09.2007 01:07 3˙334˙144 nvgames.dll
38:17.09.2007 01:07 1˙478˙656 nview.dll
39:17.09.2007 01:07 147˙456 nvcolor.exe
40:17.09.2007 01:07 45˙056 nvmccsrs.dll
co s tym setup.exe (rb)
===============

a ten combofix mam iba spustit alebo aj spravit ten script a vlozit donho?

Iba spustiť.

ComboFix 07-10-12.1 - x 2007-10-13 21:20:51.3 - NTFSx86
Syst‚m Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.673 [GMT 2:00]
Running from: C:\Documents and Settings\x\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-09-13 to 2007-10-13 )))))))))))))))))))))))))))))))
.

2007-10-11 22:50 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-11 21:56 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-10-11 21:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-11 20:13 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2007-10-11 18:28 <DIR> d-------- C:\VundoFix Backups
2007-10-11 16:16 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-10 23:07 <DIR> d-------- C:\bc90ffd65340b7a4983fd63b91
2007-10-10 22:31 <DIR> d-------- C:\0fc55752b7181cf1ffc3faccd4686901
2007-10-10 21:48 <DIR> d-------- C:\WINDOWS\nview
2007-10-10 21:48 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-10-10 21:25 <DIR> d-------- C:\Program Files\MultiRes
2007-10-10 21:25 737,280 --a------ C:\WINDOWS\iun6002.exe
2007-10-10 21:15 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-10-10 19:52 <DIR> d-------- C:\8bf6130e3143052c4776a56a
2007-10-10 14:06 <DIR> d-------- C:\WINDOWS\OPTIONS
2007-10-10 14:06 <DIR> d-------- C:\Program Files\Realtek
2007-10-10 14:06 96,384 --a------ C:\WINDOWS\system32\drivers\Rtnicxp.sys
2007-10-04 08:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-09-30 19:17 <DIR> d-------- C:\Program Files\Sun
2007-09-29 23:52 <DIR> d--h----- C:\WINDOWS\PIF
2007-09-29 23:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-29 22:43 <DIR> d-------- C:\Program Files\Sunbelt Software
2007-09-27 19:34 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-09-27 19:34 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-09-22 18:15 <DIR> d-------- C:\Program Files\Philips
2007-09-22 18:15 <DIR> d-------- C:\Documents and Settings\x\Application Data\InstallShield

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-13 16:35 --------- d-----w C:\Program Files\ICQToolbar
2007-10-13 09:22 --------- d-----w C:\Documents and Settings\x\Application Data\AVG7
2007-10-11 17:08 167 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2007-10-10 12:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-04 06:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2007-09-30 17:17 --------- d-----w C:\Program Files\Java
2007-09-29 20:51 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-09-16 23:24 356,352 ----a-w C:\WINDOWS\system32\nvusmb.exe
2007-09-16 23:24 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2007-09-16 23:24 356,352 ----a-w C:\WINDOWS\system32\nvuide.exe
2007-09-16 23:24 356,352 ----a-w C:\WINDOWS\system32\nvugart.exe
2007-09-16 23:07 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-09-16 23:07 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-09-16 23:07 8,491,008 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-09-16 23:07 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-09-16 23:07 6,853,088 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-09-16 23:07 6,746,112 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-09-16 23:07 6,344,704 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-09-16 23:07 5,783,040 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-09-16 23:07 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-09-16 23:07 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-09-16 23:07 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-09-16 23:07 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-09-16 23:07 364,544 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-09-16 23:07 36,864 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-09-16 23:07 36,864 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-09-16 23:07 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-09-16 23:07 3,551,232 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-09-16 23:07 3,334,144 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-09-16 23:07 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-09-16 23:07 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-09-16 23:07 2,371,584 ----a-w C:\WINDOWS\system32\nvwss.dll
2007-09-16 23:07 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
2007-09-16 23:07 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe
2007-09-16 23:07 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
2007-09-16 23:07 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
2007-09-16 23:07 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
2007-09-16 23:07 1,478,656 ----a-w C:\WINDOWS\system32\nview.dll
2007-09-16 23:07 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
2007-09-16 23:07 1,150,976 ----a-w C:\WINDOWS\system32\nvmobls.dll
2007-09-16 23:07 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
2007-09-08 17:26 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-09-06 12:02 --------- d-----w C:\Program Files\ICQ6
2007-09-03 18:27 --------- d-----w C:\Documents and Settings\x\Application Data\Hamachi
2007-09-02 17:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ubisoft
2007-09-02 17:33 --------- d--h--r C:\Documents and Settings\x\Application Data\SecuROM
2007-08-28 21:12 --------- d-----w C:\Program Files\Macromedia
2007-08-28 21:12 --------- d-----w C:\Program Files\Common Files\Macromedia
2007-08-28 21:11 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-08-28 18:41 --------- d-----w C:\Program Files\Common Files\EasyInfo
2007-08-27 19:59 --------- d-----w C:\Documents and Settings\x\Application Data\fltk.org
2007-08-27 17:36 --------- d-----w C:\Documents and Settings\x\Application Data\Publish Providers
2007-08-27 17:35 --------- d-----w C:\Documents and Settings\x\Application Data\Sony
2007-08-27 17:32 --------- d-----w C:\Program Files\Microsoft SQL Server
2007-08-27 17:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony
2007-08-27 17:31 --------- d-----w C:\Program Files\Vstplugins
2007-08-27 17:30 --------- d-----w C:\Program Files\Sony
2007-08-27 17:29 --------- d-----w C:\Program Files\Sony Setup
2007-08-26 20:41 --------- d-----w C:\Program Files\Sonic Foundry
2007-08-26 20:41 --------- d-----w C:\Program Files\Pure Motion
2007-08-26 20:41 --------- d-----w C:\Program Files\DebugMode
2007-08-25 22:15 73,124 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2007-08-25 22:15 5,047 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2007-08-25 22:15 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-20 12:18 --------- d-----w C:\Program Files\Common Files\Adobe
2007-08-18 22:09 --------- d-----w C:\Program Files\Common Files\Real
2007-08-18 22:06 --------- d-----w C:\Program Files\Real
2007-08-15 23:27 --------- d-----w C:\Program Files\PSPad editor
2007-08-15 20:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\{B14D9CDC-90D5-4BB2-B6CA-DCF6842AEFD0}
2007-08-08 14:30 19,456 ----a-w C:\WINDOWS\system32\OnlineScannerLang.dll
2007-08-02 16:11 253,952 ----a-w C:\WINDOWS\system32\OnlineScannerDLLA.dll
2007-08-02 16:11 241,664 ----a-w C:\WINDOWS\system32\OnlineScannerDLLW.dll
2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-27 13:49 225,355 ----a-w C:\WINDOWS\system32\lnod32apiW.dll
2007-07-27 13:49 196,683 ----a-w C:\WINDOWS\system32\lnod32apiA.dll
2007-07-15 12:33 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-07-15 12:33 249,856 ------w C:\WINDOWS\Setup1.exe
2004-03-11 11:27 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((( snapshot@2007-10-12_23.02.15.50 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-10-11 12:30:41 91,448 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-10-13 08:39:29 91,564 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-10-11 12:30:41 468,494 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-10-13 08:39:29 468,802 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-12-01 09:54 C:\WINDOWS\SOUNDMAN.EXE]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2004-09-07 15:25]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" []
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-12 10:34]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-04 08:23]
"nwiz"="nwiz.exe" [2007-09-17 01:07 C:\WINDOWS\system32\nwiz.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 01:07]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 01:07]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PowerBar"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

C:\Documents and Settings\x\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 00:05:02]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" -lang 1033
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys
R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe"
R3 PSched;QoS Packet Scheduler;C:\WINDOWS\system32\DRIVERS\psched.sys
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e7ccf07-1931-11dc-ae10-806d6172696f}]
AutoRun\command - F:\Setup.exe

.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-13 21:25:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
PowerBar = ????????????l?@?l?@?D?????A~??????????????A~l?@?l?@????? ???????????W?D~??A~??????A~K?A~x???????[?A~???????? ??????????????|x???0???????????? st??A~????????????????G?B?&???R???????l?@?l?@?????Q?B~????t?@?????l?@?8?@?l?@?3??s????????????????????8?@?_??s8?@?8?@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-13 21:26:55
C:\ComboFix2.txt ... 2007-10-12 23:48
C:\ComboFix3.txt ... 2007-10-12 23:03
.
--- E O F ---

Ked som spustil combofix a ked to robilo tak mi nahlasilo takui chybu a pokracovalo to dalej robilo to stale aj ked som to skennoval prvykrat http://img442.imageshack.us/my.php?image=dasdcj4.jpg

Myslím, že čisto.


Súbory, ktoré zmazal Avenger, môžeš obnoviť. Sú OK. Nezabudni ich zaregistrovať.

pls mozes hodit navod ako to spravit nesom velmi profesional

Otvoríš ten archív so súbormi a označíš ich (dva). Dáš Extract to / Rozbaliť do , nájdeš Windows - system32 a dás OK. Potom spusť ten reg súbor (kockatý) a potvrdíš.


Pre istotu použi toto =>

http://www.viry.cz/forum/viewtopic.php?t=4097

A KDE JE TEN ARCHIV?

To je ten, čo si posielal.

Ok a dalej uz nemam nic spravit?
ked mi zo sekne nebude probme v biose? nastavit teplotu abo daco take?

S ostatným poradia ostatní.