PC pri starte vzdy asi na 10-15sekund akoby zmrzol a potom normalne pokracoval. Stiahol som preto nod32(nie z oficialnej stranky) adaware(z oficialnej stranky) Asi po 2restartoch PC zacal ist neskutocne pomaly. spustil som druhy windows a tam spustil kontrolu systemu NODom a ten mi lokalizoval pravdepodobne virusy v registroch, ktore mali patrit adawaru. Tak som opat spustilwinXP, odinstaloval adaware aj nod a po hladani a najdeni tejto temy:
http://www.pretaktovanie.sk/modules.php ... ic&t=32988
som si stiahol combofix. Po rebootnoti systemu mi to uz ide celkom vpohode(ale stale je tam tych par sekund kedy to zmrzne a navyse mi vyhadzuje error ze nenaslo "lbbobjal.dll" ktory podla regcleaneru je v: D:\windows\system32\lbbobjal.dll
taktiez podla regcleaneru mam pri kazdom restarte v softvare nejake new polozky, ktore som urcite nenainstaloval.
V tomto pripade to je:
author software
[unknown] swearware
[unknow] wget
Kazaa LocalContent
Knight Settings
vsetko co sa mi zdalo aspon trochu dolezite som tu spomenul. Snad to nejak pomoze aniej eto na dlhe citanie. Za kazdu radu budem vdacny.
Antiviry mi uz vycistili co sa dalo a problem neprestava. Prikladam rovno aj ten log z combofixu:
Kód: Vybrať všetko
ComboFix 08-04-04.1 - Rodina 2008-04-05 11:13:20.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.37 [GMT 2:00]
Running from: D:\Documents and Settings\Rodina\Desktop\ComboFix.exe
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\WINDOWS\pskt.ini
D:\WINDOWS\system32\awtrOgfF.dll
D:\WINDOWS\system32\gtpijmuo.dll
D:\WINDOWS\system32\hgGwXqPg.dll
D:\WINDOWS\system32\legjurru.dll
D:\WINDOWS\system32\llmnonpo.ini
D:\WINDOWS\system32\llmnonpo.ini2
D:\WINDOWS\system32\okcvtgoj.dll
D:\WINDOWS\system32\opnonmll.dll
D:\WINDOWS\system32\urqRIaXQ.dll
D:\WINDOWS\system32\winfrun32.bin
.
((((((((((((((((((((((((( Files Created from 2008-03-05 to 2008-04-05 )))))))))))))))))))))))))))))))
.
2008-04-05 00:06 . 2008-04-05 00:06 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-04 12:36 . 2008-04-04 12:36 <DIR> d-------- D:\Program Files\Common Files\Adobe
2008-04-04 08:08 . 2008-04-05 11:10 3,333,630 --a------ D:\WINDOWS\system32\scolmpdain.xml
2008-04-03 22:08 . 2008-04-03 22:08 126,976 --a------ D:\WINDOWS\War3Unin.exe
2008-04-03 22:08 . 2008-04-03 22:09 16,511 --a------ D:\WINDOWS\War3Unin.dat
2008-04-03 22:08 . 2008-04-03 22:08 2,829 --a------ D:\WINDOWS\War3Unin.pif
2008-04-03 21:58 . 2008-04-03 21:58 <DIR> d-------- D:\Program Files\Warcraft III
2008-04-03 19:59 . 2008-04-03 19:59 <DIR> d-------- D:\WINDOWS\system32\NtmsData
2008-04-03 19:47 . 2008-04-03 19:47 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Rabio
2008-04-03 19:43 . 2008-04-03 19:43 <DIR> d--h----- D:\WINDOWS\system32\GroupPolicy
2008-04-03 16:11 . 2008-04-04 23:32 1,632 --a------ D:\WINDOWS\system32\d3d8caps.dat
2008-04-03 13:21 . 2008-04-05 11:24 12,770 --a------ D:\WINDOWS\system32\oodbs.lor
2008-04-03 13:07 . 2008-04-03 13:07 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\ESET
2008-04-03 10:47 . 2008-04-03 10:47 0 --a------ D:\WINDOWS\OODCNT.INI
2008-04-03 10:43 . 2008-04-03 10:43 <DIR> d-------- D:\WINDOWS\system32\oodag
2008-04-03 10:40 . 2008-04-04 12:23 1,690 --a------ D:\WINDOWS\mozver.dat
2008-04-03 10:38 . 2008-04-03 10:38 <DIR> d-------- D:\Program Files\OO Software
2008-04-03 09:59 . 2008-04-03 09:59 <DIR> d-------- D:\Program Files\Winamp
2008-04-03 09:59 . 2008-04-03 09:59 <DIR> d-------- D:\Documents and Settings\Rodina\Application Data\Winamp
2008-04-03 09:38 . 2008-04-03 09:38 <DIR> d-------- D:\Program Files\QIP
2008-04-03 08:47 . 2008-04-03 08:47 <DIR> d-------- D:\Program Files\Lavalys
2008-04-03 08:35 . 2008-04-03 08:59 1,744 --a------ D:\WINDOWS\system32\d3d9caps.dat
2008-04-03 08:31 . 2008-04-03 08:31 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\TEMP
2008-04-03 08:31 . 2006-09-28 16:05 2,414,360 --a------ D:\WINDOWS\system32\d3dx9_31.dll
2008-04-03 08:23 . 2008-04-03 08:23 <DIR> d-------- D:\Documents and Settings\Rodina\Application Data\Talkback
2008-04-03 08:23 . 2008-04-03 08:23 0 --a------ D:\WINDOWS\nsreg.dat
2008-04-03 08:05 . 2008-04-03 08:05 <DIR> d---s---- D:\WINDOWS\system32\Microsoft
2008-04-03 08:05 . 2008-04-03 08:05 8,192 --a------ D:\WINDOWS\REGLOCS.OLD
2008-04-03 00:53 . 2004-08-04 11:00 66,594 --a------ D:\WINDOWS\system32\dllcache\c_852.nls
2008-04-03 00:27 . 2004-08-04 11:00 2,897,920 --a------ D:\WINDOWS\system32\dllcache\xpsp2res.dll
2008-04-03 00:27 . 2004-08-04 11:00 264,192 --a------ D:\WINDOWS\system32\dllcache\wow32.dll
2008-04-03 00:27 . 2004-08-04 11:00 174,200 --a------ D:\WINDOWS\system32\dllcache\xenroll.dll
2008-04-03 00:27 . 2004-08-04 11:00 82,944 --a------ D:\WINDOWS\system32\dllcache\ws2_32.dll
2008-04-03 00:27 . 2004-08-04 11:00 22,528 --a------ D:\WINDOWS\system32\dllcache\wsock32.dll
2008-04-03 00:27 . 2004-08-04 11:00 19,968 --a------ D:\WINDOWS\system32\dllcache\ws2help.dll
2008-04-03 00:27 . 2004-08-04 11:00 8,261 --a------ D:\WINDOWS\system32\dllcache\zoneoc.dll
2008-04-03 00:25 . 2004-08-04 11:00 984,576 --a------ D:\WINDOWS\system32\dllcache\syssetup.dll
2008-04-03 00:24 . 2004-08-04 11:00 8,384,000 --a------ D:\WINDOWS\system32\dllcache\shell32.dll
2008-04-03 00:23 . 2004-08-04 11:00 983,552 --a------ D:\WINDOWS\system32\dllcache\setupapi.dll
2008-04-03 00:22 . 2004-08-04 11:00 1,281,536 --a------ D:\WINDOWS\system32\dllcache\ole32.dll
2008-04-03 00:21 . 2004-08-04 11:00 1,708,032 --a------ D:\WINDOWS\system32\dllcache\netshell.dll
2008-04-03 00:20 . 2004-08-04 11:00 1,024,000 --a------ D:\WINDOWS\system32\dllcache\mfc42u.dll
2008-04-03 00:19 . 2004-08-04 11:00 983,552 --a------ D:\WINDOWS\system32\dllcache\kernel32.dll
2008-04-03 00:18 . 2004-08-04 11:00 1,082,368 --a------ D:\WINDOWS\system32\dllcache\esent.dll
2008-04-03 00:18 . 2004-08-04 11:00 278,016 --a------ D:\WINDOWS\system32\dllcache\gdi32.dll
2008-04-03 00:18 . 2004-08-04 11:00 132,608 --a------ D:\WINDOWS\system32\dllcache\fxsocm.dll
2008-04-03 00:18 . 2004-08-04 11:00 55,808 --a------ D:\WINDOWS\system32\dllcache\eventlog.dll
2008-04-03 00:18 . 2004-08-04 11:00 32,828 --a------ D:\WINDOWS\system32\dllcache\fp40ext.dll
2008-04-03 00:18 . 2004-08-04 11:00 24,772 --a------ D:\WINDOWS\system32\dllcache\geo.nls
2008-04-03 00:18 . 2004-08-04 11:00 9,344 --a------ D:\WINDOWS\system32\dllcache\framebuf.dll
2008-04-03 00:16 . 2004-08-04 11:00 1,852,416 --a------ D:\WINDOWS\system32\dllcache\acgenral.dll
2008-04-03 00:16 . 2004-08-04 11:00 616,960 --a------ D:\WINDOWS\system32\dllcache\advapi32.dll
2008-04-03 00:16 . 2004-08-04 11:00 194,048 --a------ D:\WINDOWS\system32\dllcache\activeds.dll
2008-04-03 00:16 . 2004-08-04 11:00 143,360 --a------ D:\WINDOWS\system32\dllcache\adsldpc.dll
2008-04-03 00:16 . 2004-08-04 11:00 126,976 --a------ D:\WINDOWS\system32\dllcache\apphelp.dll
2008-04-03 00:16 . 2004-08-04 11:00 99,840 --a------ D:\WINDOWS\system32\dllcache\advpack.dll
2008-04-03 00:16 . 2004-08-04 11:00 58,880 --a------ D:\WINDOWS\system32\dllcache\atl.dll
2008-04-03 00:16 . 2004-08-04 11:00 56,832 --a------ D:\WINDOWS\system32\dllcache\authz.dll
2008-04-03 00:16 . 2004-08-04 11:00 52,736 --a------ D:\WINDOWS\system32\dllcache\basesrv.dll
2008-04-03 00:16 . 2004-08-04 11:00 42,496 --a------ D:\WINDOWS\system32\dllcache\audiosrv.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-02 21:35 --------- d-----w D:\Program Files\microsoft frontpage
2008-04-02 17:32 393,728 ----a-w D:\WINDOWS\system32\dllcache\obrb0401.dll
2008-04-02 17:28 152,576 ----a-w D:\WINDOWS\system32\dllcache\bnts.dll
2008-04-02 17:28 152,576 ----a-w D:\WINDOWS\Help\bnts.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:00 15360]
"QIP2005"="D:\Program Files\QIP\qip.exe" [2008-03-25 23:32 3254784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"BM1fdc3419"="D:\WINDOWS\system32\lbobbjal.dll" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 09:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtrOgfF]
awtrOgfF.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
R3 PSched;QoS Packet Scheduler;D:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 09:00]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-05 11:25:14
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
D:\WINDOWS\system32\oodag.exe
D:\WINDOWS\system32\wdfmgr.exe
D:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-04-05 11:26:49 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-05 09:26:38
Pre-Run: 6,628,360,192 bytes free
Post-Run: 6,731,087,872 bytes free
