Prosim o pomoc mam vira

Stano K. · Příspěvek od **Stano K.** » ned 5. lis 2006, 13:07

Prosim vas o radu ako sa zbavit vira.
mam naistalovany avast a ten mi vzdy hlasi:
''Príliš veľa rovnakých e-mailov v danom časovom rozpätí''
v pc nepouzivam niaky emailovy klien, akurat iba ten co mam na atlas.sk
problem je v tom ze nedokaze skoro vobec nic podniknut dlhodobo lebo sa vzdy hody restart. Mam v pc 512MB pred tim po nabehnuti win som mal viuzitych cca 200MB a teraz hned po nabehnuti systemu 550MB a niekedy aj viac. Po cca 5-10 minut vo win my hodi okno
Obrázek

a potom sa restartuje system alebo iba jednoducho vyhodi modu obrazovku a tam sa zacne niake odpocitavanie a potom restart a zase nabehne win.
prosim pomoc

//EDIT pridam LOG
Logfile of HijackThis v1.99.1
Scan saved at 13:19:48, on 5.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Kód: Vybrat vše

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
E:\Programs\Avast4\aswUpdSv.exe
E:\Programs\Avast4\ashServ.exe
C:\WINDOWS\System32\cisvc.exe
E:\Programs\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
E:\Programs\Kerio\Personal Firewall 4\kpf4gui.exe
E:\Programs\PowerDVD\PDVDServ.exe
E:\Programs\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\audconf.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Programs\Kerio\Personal Firewall 4\kpf4gui.exe
E:\Install\utorrent-1.6.1-beta-build-483.exe
E:\Programs\Avast4\ashMaiSv.exe
C:\Program Files\WLAN\WLAN\wlanutil.exe
E:\Programs\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox 2 Beta 2\firefox.exe
E:\Programs\DAP\DAP.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\sTano\My Documents\My Completed Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Programs\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [RemoteControl] E:\Programs\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [avast!] E:\Programs\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [dssdiag] C:\WINDOWS\system32\dssconf.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
O4 - HKLM\..\Run: [audiag] C:\WINDOWS\system32\audconf.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [µTorrent] "E:\Install\utorrent-1.6.1-beta-build-483.exe"
O4 - Global Startup: Wireless LAN Utility.lnk = C:\Program Files\WLAN\WLAN\wlanutil.exe
O8 - Extra context menu item: &Clean Traces - E:\Programs\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - E:\Programs\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - E:\Programs\DAP\dapextie2.htm
O8 - Extra context menu item: Download Using &BitSpirit - E:\Programs\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://E:\Programs\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Programs\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Programs\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Programs\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}  :oops: 

O17 - HKLM\System\CCS\Services\Tcpip\..\{C5A0C3AD-B782-419B-8136-AD69CCD84769}: NameServer = 172.20.0.1
O20 - AppInit_DLLs:  iasamsre.dll e1.dll diagdss.dll statdss.dll confaud.dll audstat.dll
O20 - Winlogon Notify: atkcadpt - C:\WINDOWS\system32\atkcadpt.dll
O20 - Winlogon Notify: audmgr - C:\WINDOWS\SYSTEM32\audmgr32.dll
O20 - Winlogon Notify: dssconf - C:\WINDOWS\SYSTEM32\cfgdss.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Programs\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - E:\Programs\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - E:\Programs\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - E:\Programs\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - E:\Programs\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - E:\Programs\SiSoftware\SiSoftware Sandra Lite 2007\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - E:\Programs\SiSoftware\SiSoftware Sandra Lite 2007\RpcSandraSrv.exe

phz^ · Příspěvek od **phz^** » ned 5. lis 2006, 13:58

koukam asi neorigo okna bez zaplat ze, okamzite si smaz avast to neni antivir.... stahni si nod..

X-Spidy-X · Příspěvek od **X-Spidy-X** » ned 5. lis 2006, 14:04

jj, nod je best. Ale neodhali mali sripty z netu... Na to je asi nej ad-aware! Tohle vypnuti se da prerusit v prikazaku prikazem "shutdown -a", ale tim nevyresis ze se to pri pristim resetu nezacne zase vypinat. Zkus ten ad-aware nebo reinstal.
Jinak E:\Programs\DAP\DAP.EXE - neznam, pokud si to primo ty nestahoval a neinstaloval, vypni to a smaz ...

phz^ · Příspěvek od **phz^** » ned 5. lis 2006, 14:08

X-Spidy-X píše:jj, nod je best. Ale neodhali mali sripty z netu... Na to je asi nej ad-aware! Tohle vypnuti se da prerusit v prikazaku prikazem "shutdown -a", ale tim nevyresis ze se to pri pristim resetu nezacne zase vypinat. Zkus ten ad-aware nebo reinstal.
Jinak E:\Programs\DAP\DAP.EXE - neznam, pokud si to primo ty nestahoval a neinstaloval, vypni to a smaz ...

ad-aware je uplne na hovno... SpyBot jedine... jinak DAP je download accelerator plus..

phz^ · Příspěvek od **phz^** » ned 5. lis 2006, 14:12

nejjednodusi zpusob hod ten log z hijacku sem

http://www.hijackthis.de/cz

a uvidis sam

Stano K. · Příspěvek od **Stano K.** » ned 5. lis 2006, 16:49

hnet na zaciatku DIkes vsetkym

- no odistalovalsom avast!
- naistaloval som NOD32 (mimochodom mi vypisuje abysom ho aktualizoval
- ale neviem ked

)-nenasiel nic!
- spustilsom SYBOTSD -> aktualizacia -nenasiel nic!
zatial nic

Stano K. · Příspěvek od **Stano K.** » ned 5. lis 2006, 17:13

phz^ píše:nejjednodusi zpusob hod ten log z hijacku sem http://www.hijackthis.de/cz a uvidis sam

odskusane, nenasiel nic, iba 4 nezname aplikacie -> odstranene
stale nic !
Ten NOD32 je trialware da sa aj to upgrade, ak ano pls ako???
A mal by ist v pozadi ako avast, alebo ho teerba sem-tam pustit manualne???

phz^ · Příspěvek od **phz^** » ned 5. lis 2006, 17:41

sTano11 píše:
phz^ píše:nejjednodusi zpusob hod ten log z hijacku sem http://www.hijackthis.de/cz a uvidis sam
odskusane, nenasiel nic, iba 4 nezname aplikacie -> odstranene
stale nic !
Ten NOD32 je trialware da sa aj to upgrade, ak ano pls ako???
A mal by ist v pozadi ako avast, alebo ho teerba sem-tam pustit manualne???

nod je sice trial na 30dní ale aktualizace fungujou vzdy... (stahuj.cz)

na pozadi zadnej jinej antivir....

Stano K. · Příspěvek od **Stano K.** » ned 5. lis 2006, 18:37

Este jedna otazocka teraz mam ten kerio (bezi v pozadi), potom este mam ten NOD32 a SpybotSD.Skusal som aj Ad-aware a neda sa spustit este ho skusim reinstalovat a uvidim. Toto mi staci na ochrabu??? Co mi este odporucate?
Mimochodom DIkes za rady.

Baron Prášil

no,sTano11,nejdřív použij Avenger http://www.viry.cz/forum/viewtopic.php?t=21484
a aktuální skript
http://www.viry.cz/avenger/stration.txt

udělej to alespoň 2x a potom sem postni novej log z HiJackThis
(máš tam požehnaně potvor rodu Warezov/Stration)

Stano K. · Příspěvek od **Stano K.** » ned 5. lis 2006, 20:25

Baron Prášil píše:no...

no a teraz ten LOG:

Kód: Vybrat vše

Logfile of HijackThis v1.99.1
Scan saved at 20:21:31, on 5.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Install\utorrent-1.6.1-beta-build-483.exe
C:\Program Files\WLAN\WLAN\wlanutil.exe
C:\WINDOWS\System32\cisvc.exe
E:\Programs\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
E:\Programs\Kerio\Personal Firewall 4\kpf4gui.exe
E:\Programs\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Mozilla Firefox 2 Beta 2\firefox.exe
E:\Programs\Winamp\Winamp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\sTano\My Documents\My Completed Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Programs\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [dssdiag] C:\WINDOWS\system32\dssconf.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [µTorrent] "E:\Install\utorrent-1.6.1-beta-build-483.exe"
O4 - Global Startup: Wireless LAN Utility.lnk = C:\Program Files\WLAN\WLAN\wlanutil.exe
O8 - Extra context menu item: &Clean Traces - E:\Programs\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - E:\Programs\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - E:\Programs\DAP\dapextie2.htm
O8 - Extra context menu item: Download Using &BitSpirit - E:\Programs\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://E:\Programs\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Programs\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Programs\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Programs\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}  :oops: http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{C5A0C3AD-B782-419B-8136-AD69CCD84769}: NameServer = 172.20.0.1
O20 - Winlogon Notify: atkcadpt - C:\WINDOWS\system32\atkcadpt.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - E:\Programs\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - E:\Programs\SiSoftware\SiSoftware Sandra Lite 2007\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - E:\Programs\SiSoftware\SiSoftware Sandra Lite 2007\RpcSandraSrv.exe

Baron Prášil

pěkně to vyčistil!

teď fixni v HijackThis

O4 - HKLM\..\Run: [dssdiag] C:\WINDOWS\system32\dssconf.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe

O20 - Winlogon Notify: atkcadpt - C:\WINDOWS\system32\atkcadpt.dll

potom je pomocí killboxu zlikviduj
stahni si killbox
http://www.bleepingcomputer.com/files/s ... illBox.zip
rozbal,spust a do okýnka zkopíruj tučné
C:\WINDOWS\system32\dssconf.exe
C:\WINDOWS\system32\atkcadpt.dll
zaškrtni Delete on Reboot a Unregister .dll Before Deleting
a klikni na křížek.stroj pude do restartu

po restartu pošli ještě jeden log pro kontrolu

Stano K. · Příspěvek od **Stano K.** » ned 5. lis 2006, 21:26

Baron Prášil píše:po restartu pošli ještě jeden log pro kontrolu

takze

Kód: Vybrat vše

Logfile of HijackThis v1.99.1
Scan saved at 21:24:39, on 5.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
E:\Install\utorrent-1.6.1-beta-build-483.exe
C:\Program Files\WLAN\WLAN\wlanutil.exe
C:\WINDOWS\System32\cisvc.exe
E:\Programs\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
E:\Programs\Kerio\Personal Firewall 4\kpf4gui.exe
E:\Programs\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Mozilla Firefox 2 Beta 2\firefox.exe
C:\Documents and Settings\sTano\My Documents\My Completed Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Programs\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [µTorrent] "E:\Install\utorrent-1.6.1-beta-build-483.exe"
O4 - Global Startup: Wireless LAN Utility.lnk = C:\Program Files\WLAN\WLAN\wlanutil.exe
O8 - Extra context menu item: &Clean Traces - E:\Programs\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - E:\Programs\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - E:\Programs\DAP\dapextie2.htm
O8 - Extra context menu item: Download Using &BitSpirit - E:\Programs\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://E:\Programs\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Programs\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Programs\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Programs\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{C5A0C3AD-B782-419B-8136-AD69CCD84769}: NameServer = 172.20.0.1
O20 - AppInit_DLLs:  iasamsre.dll diagdss.dll statdss.dll
O20 - Winlogon Notify: atkcadpt - C:\WINDOWS\system32\atkcadpt.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - E:\Programs\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - E:\Programs\SiSoftware\SiSoftware Sandra Lite 2007\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - E:\Programs\SiSoftware\SiSoftware Sandra Lite 2007\RpcSandraSrv.exe

Baron Prášil

většina je pryč,ale něco se tam ještě ukázalo,tak použij znova Avenger a tenhle upravenej skript

Kód: Vybrat vše

Files to delete:
%windir%\cc2.exe                     
%windir%\cc3.exe                    
%windir%\hv4e05.dll
%windir%\chater.exe               
%windir%\msout.exe 
nd%windir%\serrv.c
%windir%\serrv.exe
%windir%\serrv.wax 
%windir%\serv.exe
%windir%\serv.wax
%windir%\sserrvv.exe 
%windir%\system32\actidmoc.exe
%windir%\system32\alerter.exe
%windir%\system32\atrconf.exe                     
%windir%\system32\attmgr32.dll                     
%windir%\system32\attstat.dll                  
%windir%\system32\audconf.exe           
%windir%\system32\audmgr32.dll           
%windir%\system32\audstat.dll
%windir%\system32\brwconf.exe
%windir%\system32\brwmgr32.dll
%windir%\system32\brwstat.dll           
%windir%\system32\cfgd3d.dll           
%windir%\system32\cfgmmprm.dll                     
%windir%\system32\confatt.dll           
%windir%\system32\confaud.dll           
%windir%\system32\confbrw.dll                    
%windir%\system32\confcon.dll                     
%windir%\system32\confega.dll
%windir%\system32\conmgr32.dll                     
%windir%\system32\conperf.exe                     
%windir%\system32\conprf32.dll                     
%windir%\system32\constat.dll               
%windir%\system32\cp8xpqj.dll           
%windir%\system32\cssewmpd
%windir%\system32\decconf.exe                  
%windir%\system32\dfssrasc.dll                    
%windir%\system32\dfssrasc.exe              
%windir%\system32\diagd3d.dll                 
%windir%\system32\dmimmdt2.exe                     
%windir%\system32\dpugmswe.dll
%windir%\system32\dssconf.exe                     
%windir%\system32\dxtmsft3.dll
%windir%\system32\e1.dll                     
%windir%\system32\egaavi.exe
%windir%\system32\egamgr32.dll                     
%windir%\system32\egastat.dll                     
%windir%\system32\egperf32.dll                     
%windir%\system32\evenncob.dll                     
%windir%\system32\fsxsh4.dll                     
%windir%\system32\gtmqf608r7.dll
%windir%\system32\hypewmv9.exe                     
%windir%\system32\ipsecmon.exe
%windir%\system32\ipsmwebh.exe                    
%windir%\system32\ipxpextm.exe                     
%windir%\system32\ipxwshel.exe
%windir%\system32\iuennwcf.dll 
%windir%\system32\ixsswmas.exe                     
%windir%\system32\j2t3crh.dll
%windir%\system32\jgdwadsn.dll               
%windir%\system32\jgdwadsn.exe           
%windir%\system32\kbdfwshe.exe 
%windir%\system32\lprmneth.dll                     
%windir%\system32\lprmneth.exe
%windir%\system32\ml7swr.exe                    
%windir%\system32\mp4sglmf.dll                     
%windir%\system32\mqadscp3.exe 
%windir%\system32\msihftpw.dll                     
%windir%\system32\msisnwcf.dll
%windir%\system32\msrdtscf.exe
%windir%\system32\mstsodbc.exe
%windir%\system32\narrwshr.dll
%windir%\system32\netfrtm.dll
%windir%\system32\offfmsre.dll
%windir%\system32\psapdani.dll
%windir%\system32\psbaavic.dll              
%windir%\system32\psbamtxe.dll
%windir%\system32\regaufat.dll 
%windir%\system32\samsusrr.dll                     
%windir%\system32\samsusrr.exe                     
%windir%\system32\scsm.exe                     
%windir%\system32\shsvmdim.dll
%windir%\system32\snmpmmcn.dll
%windir%\system32\statd3d.dll                  
%windir%\system32\sysshtic.dll                     
%windir%\system32\sysshtic.exe               
%windir%\system32\trkwpipa.exe
%windir%\system32\tscfvjoy.dll
%windir%\system32\ujn6oqt.dll                     
%windir%\system32\ulibofff.exe
%windir%\system32\uregdeve.dll
%windir%\system32\uregdeve.exe                     
%windir%\system32\vbscqdv.exe
%windir%\system32\vdshlicw.exe                     
%windir%\system32\vmhevnet.dll                     
%windir%\system32\vmhevnet.exe               
%windir%\system32\w3sskbda.dll              
%windir%\system32\winbpowr.exe                  
%windir%\system32\wmnecomc.dll 
%windir%\system32\wmpcskdl.dll
%windir%\system32\wshtlprh.dll
%windir%\system32\wupstlnt.dll 
%windir%\system32\xactcomr.exe  
%windir%\system32\yapconf.exe 
%windir%\t2serv.dll 
%windir%\t2serv.s 
%windir%\t2serv.wax
%windir%\msupdtwiz.exe
%windir%\cc5.exe
%windir%\diagdss.dll
%windir%\iasamsre.dll
%windir%\statdss.dll


Registry values to replace with dummy:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs

Registry keys to delete:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\attmgr
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\audmgr 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\brwmgr 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\conmgr 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\decstat 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dfssrasc 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dssmgr 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jgdwadsn 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\lprmneth 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psbamtxe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\samsusrr 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sysshtic
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\uregdeve 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vmhevnet
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iasamsre
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\diagdss
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\statdss

Registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | audiag
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | brwdiag 
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | ciodiag 
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | davctool
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | egdiag
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | ipxwshel
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | mqadscp3
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | serv
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | sserrvv
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | t2serv
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | ulibofff
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | msupdtwiz
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | chater.exe

potom novej log z HJT

edit// omlouvám se za úpravu skriptu

Stano K. · Příspěvek od **Stano K.** » ned 5. lis 2006, 22:10

Kód: Vybrat vše

Logfile of HijackThis v1.99.1
Scan saved at 22:09:08, on 5.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
E:\Install\utorrent-1.6.1-beta-build-483.exe
C:\Program Files\WLAN\WLAN\wlanutil.exe
C:\WINDOWS\System32\cisvc.exe
E:\Programs\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
E:\Programs\Kerio\Personal Firewall 4\kpf4gui.exe
E:\Programs\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Mozilla Firefox 2 Beta 2\firefox.exe
C:\Documents and Settings\sTano\My Documents\My Completed Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Programs\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [µTorrent] "E:\Install\utorrent-1.6.1-beta-build-483.exe"
O4 - Global Startup: Wireless LAN Utility.lnk = C:\Program Files\WLAN\WLAN\wlanutil.exe
O8 - Extra context menu item: &Clean Traces - E:\Programs\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - E:\Programs\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - E:\Programs\DAP\dapextie2.htm
O8 - Extra context menu item: Download Using &BitSpirit - E:\Programs\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://E:\Programs\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Programs\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Programs\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Programs\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{C5A0C3AD-B782-419B-8136-AD69CCD84769}: NameServer = 172.20.0.1
O20 - Winlogon Notify: atkcadpt - C:\WINDOWS\system32\atkcadpt.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - E:\Programs\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - E:\Programs\SiSoftware\SiSoftware Sandra Lite 2007\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - E:\Programs\SiSoftware\SiSoftware Sandra Lite 2007\RpcSandraSrv.exe

Baron Prášil

jo jo,mělo by to bejt ok.
jak se chová kompjůtr?

Stano K. · Příspěvek od **Stano K.** » ned 5. lis 2006, 22:22

Baron Prášil píše:jo jo,mělo by to bejt ok.
jak se chová kompjůtr?

ok podla mna fakt super asi

restarty uz niesu, pamet opet mam spet cca 200MB vyuzitych,
a aj narocnejie programy uz nepadaju
DIkes moc pekne

PS: ako si stim vedel rady to by ma fakt zaujimalo, nahodou nedoucujes

Shit · Příspěvek od **Shit** » ned 5. lis 2006, 22:35

phz^ píše:...okamzite si smaz avast to neni antivir.... stahni si nod..

Existují i antiviráky, které mají podstatně lepší detekční schopnosti než Avast a jsou přitom legálně free (NOD32 v plné verzi patří mezi placený software).... A updaty trialek NODu32 jsou "trochu" opožděné při aktualizacích narozdíl od placených plných verzích NODu 32....

A na druhou stranu: Neodsuzujte Avast, není to špatný produkt.... (má některé funkce, které nemá ani NOD32 nebo Kaspersky) -> ale jsou i lepší freewarové antiviry ....

Baron Prášil

neni za co

PS: ako si stim vedel rady to by ma fakt zaujimalo, nahodou nedoucujes

sám se učim

jinak doporučuju http://viry.cz/forum/ a Gůgl
to sou tuny studijního materiálu

Stano K. · Příspěvek od **Stano K.** » pon 6. lis 2006, 19:23

Baron Prášil píše:jinak doporučuju http://viry.cz/forum/

DIk, asi idem sa tam registrovat

Prosim o pomoc mam vira

Prosim o pomoc mam vira

DIkes moooc pekne!!!

Re: DIkes moooc pekne!!!

Re: DIkes moooc pekne!!!