PCTuning fórum

Diskuze o hardware, software a overclockingu
https://forum.pctuning.cz/

odstraneni Win32/Rootkit.Agent.DP

https://forum.pctuning.cz/viewtopic.php?t=113736

Stránka 1 z 1

odstraneni Win32/Rootkit.Agent.DP

Napsal: pát 11. led 2008, 14:10
od vokounek
Dobry den,
potreboval bych poradit jak se zbavit tohoto svaba Win32/Rootkit.Agent.DP
Nakazu hlasi NOD32 v c:\Windows\System32\Drivers\ip6fw.sys

A je prosim nekde popis, co dany vir dela a zpusobuje?

log ComboFix

Napsal: pát 11. led 2008, 14:11
od vokounek
Zde je log z ComboFix. Jak pokracovat dale a jak zabranit, aby se dany svab opet nedostal do pc?
Dekuji za pomoc a radu

ComboFix 08-01-10.2 - Dáša 2008-01-10 17:08:04.1 - NTFSx86
Running from: c:\Setup\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINXP\system32\9_exception.nls
C:\WINXP\system32\drivers\smtpdrv.sys
C:\WINXP\system32\msssc.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_RUNTIME
-------\LEGACY_SMTPDRV
-------\runtime
-------\smtpdrv


((((((((((((((((((((((((( Files Created from 2007-12-10 to 2008-01-10 )))))))))))))))))))))))))))))))
.

2008-01-10 17:05 . 2000-08-31 08:00 51,200 --a------ C:\WINXP\NirCmd.exe
2008-01-09 17:52 . 2008-01-10 17:18 24,832 --a------ C:\WINXP\system32\drivers\Nrt25.sys
2008-01-06 17:34 . 2008-01-06 17:34 <DIR> d-------- C:\Program Files\O2
2008-01-06 16:21 . 2008-01-06 16:21 <DIR> d-------- C:\Program Files\EMCO UnLock IT
2008-01-01 16:13 . 2006-08-21 10:14 128,896 -----c--- C:\WINXP\system32\dllcache\fltmgr.sys
2008-01-01 16:13 . 2006-08-21 10:14 23,040 -----c--- C:\WINXP\system32\dllcache\fltmc.exe
2008-01-01 16:13 . 2006-08-21 13:27 16,896 -----c--- C:\WINXP\system32\dllcache\fltlib.dll
2008-01-01 16:04 . 2008-01-01 16:04 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-01-01 13:10 . 2007-07-09 14:11 584,192 -----c--- C:\WINXP\system32\dllcache\rpcrt4.dll
2007-12-31 19:45 . 2008-01-09 13:44 <DIR> d--h----- C:\WINXP\$hf_mig$
2007-12-21 19:43 . 2007-12-21 19:43 44 --a------ C:\WINXP\SMWizard.INI
2007-12-21 19:38 . 2001-09-11 18:20 1,285,632 --a------ C:\WINXP\system32\SMMedia.dll
2007-12-21 19:38 . 2003-05-12 16:55 978,944 --a------ C:\WINXP\SynthCoreA.Dll
2007-12-21 19:38 . 2002-08-30 13:59 380,928 --a------ C:\WINXP\SynCor.exe
2007-12-21 19:38 . 2002-11-06 22:23 49,152 --a------ C:\WINXP\system32\S11thk32.dll
2007-12-21 19:38 . 2002-07-24 15:06 45,056 --a------ C:\WINXP\system32\SynthCore11Resources.dll
2007-12-21 19:38 . 2002-11-06 20:00 40,820 --a------ C:\WINXP\system32\Syncor11.dll
2007-12-21 19:38 . 2001-09-11 16:20 30,208 --a------ C:\WINXP\system32\wdmioctl.dll
2007-12-21 19:37 . 2003-01-08 12:23 49,152 --a------ C:\WINXP\system32\DSndUp.exe
2007-12-21 19:37 . 2002-04-17 16:05 45,056 --a------ C:\WINXP\system32\CleanUp.exe
2007-12-19 18:23 . 2002-07-30 16:42 306,688 --a------ C:\WINXP\IsUninst.exe
2007-12-19 18:23 . 2001-12-18 14:45 3,279 --a------ C:\WINXP\system32\drivers\VIAPFD.SYS
2007-12-19 18:12 . 2002-07-23 19:17 659,356 -ra------ C:\WINXP\system32\drivers\ALCXWDM.SYS
2007-12-19 17:29 . 2008-01-08 23:27 21,760 --a------ C:\WINXP\Dgj03.sys
2007-12-13 21:13 . 2007-12-19 17:19 21,760 --a------ C:\WINXP\system32\drivers\Dgj03.sys
2007-12-12 13:40 . 2007-12-12 13:40 <DIR> d-------- C:\Program Files\Skype
2007-12-12 13:40 . 2007-12-12 13:40 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-12-12 13:26 . 2007-12-12 13:26 45,056 --a------ C:\WINXP\NCUNINST.EXE
2007-12-12 13:22 . 2007-12-12 13:22 232,543 --a------ C:\WINXP\hplj1300.hi1
2007-12-12 13:22 . 2007-12-12 13:22 14,914 --a------ C:\WINXP\hplj1300.bu1
2007-12-12 13:16 . 2007-12-12 13:24 <DIR> d-------- C:\Program Files\Hewlett-Packard
2007-12-12 13:14 . 2007-12-12 13:24 188,556 --a------ C:\WINXP\hplj1300.his
2007-12-12 13:14 . 2007-12-12 13:24 14,942 --a------ C:\WINXP\hplj1300.ini
2007-12-12 13:11 . 2004-08-03 22:58 207,360 --a------ C:\WINXP\system32\drivers\Dot4.sys
2007-12-12 13:11 . 2004-08-03 22:58 207,360 --a--c--- C:\WINXP\system32\dllcache\dot4.sys
2007-12-12 13:11 . 2001-10-24 11:43 23,808 --a------ C:\WINXP\system32\drivers\Dot4usb.sys
2007-12-12 13:11 . 2001-10-24 11:43 23,808 --a--c--- C:\WINXP\system32\dllcache\dot4usb.sys
2007-12-12 13:11 . 2001-08-17 21:47 12,928 --a------ C:\WINXP\system32\drivers\Dot4Prt.sys
2007-12-12 13:11 . 2001-08-17 21:47 12,928 --a--c--- C:\WINXP\system32\dllcache\dot4prt.sys
2007-12-12 11:56 . 2007-12-12 11:56 0 --a------ C:\WINXP\nsreg.dat
2007-12-12 11:47 . 2007-12-12 11:47 <DIR> d-------- C:\Program Files\Nero 7
2007-12-12 11:36 . 2007-12-12 11:36 <DIR> d-------- C:\Program Files\Common Files\Corel
2007-12-12 11:35 . 2007-12-12 11:36 <DIR> d-------- C:\Program Files\Corel Graphics 12
2007-12-12 11:33 . 2007-12-12 11:33 <DIR> d-------- C:\Program Files\Codec Pack - All In 1
2007-12-12 11:33 . 2007-12-12 11:33 737,280 --a------ C:\WINXP\iun6002.exe
2007-12-12 11:27 . 2004-08-03 23:15 145,792 --a------ C:\WINXP\system32\drivers\portcls.sys
2007-12-12 11:21 . 2007-12-12 11:21 <DIR> d-------- C:\Program Files\VIA
2007-12-12 11:20 . 2007-06-27 14:42 207,488 -ra------ C:\WINXP\system32\drivers\vinyl97.sys
2007-12-12 10:55 . 2003-06-19 01:31 17,920 --a------ C:\WINXP\system32\mdimon.dll
2007-12-12 10:52 . 2007-12-12 10:53 <DIR> d-------- C:\WINXP\SHELLNEW
2007-12-12 10:49 . 2007-12-12 10:49 <DIR> dr-h----- C:\MSOCache
2007-12-12 10:45 . 2007-12-13 19:16 2,371 --a------ C:\WINXP\WDICT32.INI
2007-12-12 10:45 . 2007-12-12 13:42 0 --a------ C:\WINXP\XXLGSC
2007-12-12 10:44 . 2007-12-12 13:42 4,504 --a------ C:\WINXP\WTRAN32.INI
2007-12-12 10:42 . 2007-12-12 10:43 <DIR> d-------- C:\Program Files\WinTran
2007-12-12 10:30 . 2007-12-12 10:30 <DIR> d-------- C:\Program Files\Acrobat 7.0
2007-12-12 10:30 . 2008-01-06 17:29 384 --a------ C:\WINXP\ODBC.INI
2007-12-12 10:18 . 2008-01-06 17:14 <DIR> d-------- C:\Program Files\NOD32
2007-12-12 10:18 . 2007-12-12 10:16 512,096 --a------ C:\WINXP\system32\drivers\amon.sys
2007-12-12 10:18 . 2007-12-12 10:16 298,104 --a------ C:\WINXP\system32\imon.dll
2007-12-12 10:18 . 2007-12-12 10:16 15,424 --a------ C:\WINXP\system32\drivers\nod32drv.sys
2007-12-12 10:15 . 2007-12-12 10:15 <DIR> d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Nabˇdka Start
2007-12-12 10:08 . 2007-12-12 11:47 316,640 --a------ C:\WINXP\WMSysPr9.prx
2007-12-12 10:04 . 2007-12-12 10:04 <DIR> d-------- C:\WINXP\ServicePackFiles
2007-12-12 10:00 . 2005-06-28 10:21 22,752 --a------ C:\WINXP\system32\spupdsvc.exe
2007-12-12 10:00 . 2004-07-17 11:40 19,528 --a------ C:\WINXP\002143_.tmp
2007-12-12 09:59 . 2007-12-12 10:01 <DIR> d-------- C:\Program Files\Zaloha.old
2007-12-12 09:57 . 2007-12-12 10:07 <DIR> d-------- C:\WINXP\EHome
2007-12-12 09:54 . 2007-12-12 10:24 <DIR> d-------- C:\Zaloha.old
2007-12-12 09:48 . 2003-10-13 21:10 114,688 --------- C:\WINXP\system32\ati2sgag.exe
2007-12-12 09:45 . 2007-12-12 09:45 <DIR> d-------- C:\Program Files\WinCmd
2007-12-12 09:43 . 2007-12-12 09:44 <DIR> d-------- C:\Program Files\HWiNFO32
2007-12-12 09:41 . 2008-01-10 17:05 1,280 --a------ C:\WINXP\WINCMD.INI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-19 16:39 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-12 12:22 --------- d-----w C:\Program Files\Common Files\SWF Studio
2007-12-12 10:49 --------- d-----w C:\Program Files\Common Files\Ahead
2007-12-10 14:39 558,142 ----a-w C:\WINXP\java\Packages\AMW05FHV.ZIP
2007-12-10 14:39 155,995 ----a-w C:\WINXP\java\Packages\HZBFDBBT.ZIP
2007-12-07 21:12 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-07 12:37 --------- d-----w C:\Program Files\Common Files\PCSuite
2007-12-07 12:37 --------- d-----w C:\Program Files\Common Files\Nokia
2007-11-13 10:25 20,480 ----a-w C:\WINXP\system32\drivers\secdrv.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINXP\system32\ctfmon.exe" [2004-08-17 15:49 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49 153136]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-11-12 15:48 21760296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\NOD32\nod32kui.exe" [2007-12-12 10:16 949376]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57 143360]
"DrvLsnr"="C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe" [2003-05-08 11:34 69632]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINXP\System32\CTFMON.EXE" [2004-08-17 15:49 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Nrt25.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINXP^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users.WINXP\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=C:\WINXP\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-06-16 06:03 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2004-06-16 06:03 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-09 18:53 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

R0 Dgj03;Dgj03;C:\WINXP\system32\Drivers\Dgj03.sys [2007-12-19 17:19]
R0 Nrt25;Nrt25;C:\WINXP\system32\Drivers\Nrt25.sys [2008-01-10 17:18]
R1 VIAPFD;VIAPFD;C:\WINXP\system32\Drivers\VIAPFD.SYS [2001-12-18 14:45]
R2 HWiNFO32;HWiNFO32 Kernel Driver;C:\Program Files\HWiNFO32\HWiNFO32.SYS [2005-11-03 12:44]
R3 PSched;Plánovač paketů technologie QoS;C:\WINXP\system32\DRIVERS\psched.sys [2004-08-03 23:04]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{62c7bfe1-a996-11dc-b211-000ea6a46c88}]
\shell\Setup\command - E:\setup.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-10 17:18:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINXP\system32\lsass.exe [5.01.2600.2180]
-> C:\Program Files\NOD32\pr_imon.dll
.
Completion time: 2008-01-10 17:22:20 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-10 16:22:16
.
2008-01-09 21:17:55 --- E O F ---

Re: log ComboFix

Napsal: pát 11. led 2008, 22:54
od BUBINO
Zdravim, prajem pekny den!

Striahnite si avenger na plochu: http://www.viry.cz/forum/viewtopic.php?t=19832
Podla navodu sa dopracujte ku tomu okne a do neho skopirujte nasledovne:
Drivers to unload:
Dgj03
Nrt25

Files to delete:
C:\WINXP\NirCmd.exe
C:\WINXP\system32\drivers\Nrt25.sys
C:\WINXP\Dgj03.sys
C:\WINXP\system32\drivers\Dgj03.sys
C:\WINXP\iun6002.exe
C:\WINXP\002143_.tmp

Registry keys to delete:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Nrt25.sys
Done >> Semafor >> Ok.
Po restartu nabehne log z avengera c:\avenger.txt a ten dajte prosim sem.

Urobte log z IceSwoordu:
Stahnete aplikaci IceSword 1.22 -> http://download.sosej.cz/programy3/IceSword122en.zip
V aplikaci Icesword udelejte logy z:

* Process (v pripade, ze Icesword zobrazi proces cervenou barvou, zvyraznete to radcum v logu)
* Kernel Module

Napsal: pon 14. led 2008, 20:00
od vokounek
Zdravim,
pripada mi, ze Avenger se zachoval nejak divne, postupoval jsem dle postupu, vlozil dany scrip, ale po rebbotu uz mi pc nenajelo, musel jsem provest posledni konfiguraci, po najeti byl avenger log nulovy.
Co s tim dale??


Zde jsou logy z IceSwordu:
Kernel Module:

\WINXP\system32\ntoskrnl.exe
\WINXP\system32\hal.dll
\WINXP\system32\KDCOM.DLL
\WINXP\system32\BOOTVID.dll
ACPI.sys
\WINXP\System32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
viaide.sys
\WINXP\System32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINXP\System32\DRIVERS\CLASSPNP.SYS
Dgj03.sys
Nrt25.sys
fltmgr.sys
sr.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
uagp35.sys
Mup.sys
\SystemRoot\System32\DRIVERS\amdk7.sys
\SystemRoot\System32\DRIVERS\ati2mtag.sys
\SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\usbuhci.sys
\SystemRoot\System32\DRIVERS\USBPORT.SYS
\SystemRoot\System32\DRIVERS\usbehci.sys
\SystemRoot\System32\DRIVERS\fdc.sys
\SystemRoot\System32\DRIVERS\parport.sys
\SystemRoot\System32\DRIVERS\serial.sys
\SystemRoot\System32\DRIVERS\serenum.sys
\SystemRoot\System32\DRIVERS\i8042prt.sys
\SystemRoot\System32\DRIVERS\kbdclass.sys
\SystemRoot\System32\DRIVERS\mouclass.sys
\SystemRoot\System32\DRIVERS\gameenum.sys
\SystemRoot\System32\DRIVERS\imapi.sys
\SystemRoot\System32\DRIVERS\cdrom.sys
\SystemRoot\System32\DRIVERS\redbook.sys
\SystemRoot\System32\DRIVERS\ks.sys
\SystemRoot\system32\drivers\smwdm.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\aeaudio.sys
\SystemRoot\System32\DRIVERS\fetnd5.sys
\SystemRoot\System32\DRIVERS\audstub.sys
\SystemRoot\System32\DRIVERS\rasl2tp.sys
\SystemRoot\System32\DRIVERS\ndistapi.sys
\SystemRoot\System32\DRIVERS\ndiswan.sys
\SystemRoot\System32\DRIVERS\raspppoe.sys
\SystemRoot\System32\DRIVERS\raspptp.sys
\SystemRoot\System32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\psched.sys
\SystemRoot\System32\DRIVERS\msgpc.sys
\SystemRoot\System32\DRIVERS\ptilink.sys
\SystemRoot\System32\DRIVERS\raspti.sys
\SystemRoot\System32\DRIVERS\rdpdr.sys
\SystemRoot\System32\DRIVERS\termdd.sys
\SystemRoot\System32\DRIVERS\swenum.sys
\SystemRoot\System32\DRIVERS\update.sys
\SystemRoot\System32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\DRIVERS\usbhub.sys
\SystemRoot\System32\DRIVERS\USBD.SYS
\SystemRoot\System32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\Drivers\VIAPFD.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\System32\DRIVERS\smtpdrv.sys
\SystemRoot\System32\DRIVERS\ipsec.sys
\SystemRoot\System32\DRIVERS\tcpip.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbios.sys
\SystemRoot\System32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nod32drv.sys
\SystemRoot\System32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\DRIVERS\ipnat.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ati2dvag.dll
\SystemRoot\System32\ati3d2ag.dll
\SystemRoot\System32\DRIVERS\ndisuio.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\drivers\kmixer.sys
\SystemRoot\System32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\system32\drivers\amon.sys
\??\C:\Program Files\HWiNFO32\HWiNFO32.SYS
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\System32\Drivers\IsDrv122.sys
\WINXP\system32\ntdll.dll


Process:

System Idle Process
System
C:\Program Files\WinCmd\TOTALCMD.EXE
C:\Program Files\NOD32\nod32krn.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINXP\system32\wdfmgr.exe
C:\WINXP\system32\smss.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINXP\system32\csrss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\Setup\IceSword122en\IceSword.exe
C:\WINXP\system32\ati2evxx.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\system32\alg.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINXP\system32\spoolsv.exe
C:\WINXP\system32\ati2evxx.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINXP\explorer.exe
C:\Program Files\NOD32\nod32kui.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\WINXP\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINXP\system32\wuauclt.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINXP\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe

Napsal: pon 14. led 2008, 20:48
od BUBINO
Je to ok.

Do avengera pouzi este raz script :
Drivers to unload:
Dgj03
Nrt25

Files to delete:
C:\WINXP\system32\drivers\Nrt25.sys
C:\WINXP\Dgj03.sys
C:\WINXP\system32\drivers\Dgj03.sys
C:\WINXP\iun6002.exe
C:\WINXP\002143_.tmp
c:\Windows\System32\Drivers\ip6fw.sys

Registry keys to delete:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Nrt25.sys
Dajte avenger na plochu skopirujte text do okna.
Done >> Semafor >> OK
Po restarte log ktory nabehne.
Všechny časy jsou v UTC+02:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz