Stránka 1 z 1
Prosim o pomoc mam vira
Napsal: ned 5. lis 2006, 13:07
od Stano K.
Prosim vas o radu ako sa zbavit vira.
mam naistalovany avast a ten mi vzdy hlasi:
''Príliš veľa rovnakých e-mailov v danom časovom rozpätí''
v pc nepouzivam niaky emailovy klien, akurat iba ten co mam na atlas.sk
problem je v tom ze nedokaze skoro vobec nic podniknut dlhodobo lebo sa vzdy hody restart. Mam v pc 512MB pred tim po nabehnuti win som mal viuzitych cca 200MB a teraz hned po nabehnuti systemu 550MB a niekedy aj viac. Po cca 5-10 minut vo win my hodi okno
a potom sa restartuje system alebo iba jednoducho vyhodi modu obrazovku a tam sa zacne niake odpocitavanie a potom restart a zase nabehne win.
prosim pomoc
//EDIT pridam LOG
Logfile of HijackThis v1.99.1
Scan saved at 13:19:48, on 5.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Kód: Vybrat vše
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
E:\Programs\Avast4\aswUpdSv.exe
E:\Programs\Avast4\ashServ.exe
C:\WINDOWS\System32\cisvc.exe
E:\Programs\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
E:\Programs\Kerio\Personal Firewall 4\kpf4gui.exe
E:\Programs\PowerDVD\PDVDServ.exe
E:\Programs\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\audconf.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Programs\Kerio\Personal Firewall 4\kpf4gui.exe
E:\Install\utorrent-1.6.1-beta-build-483.exe
E:\Programs\Avast4\ashMaiSv.exe
C:\Program Files\WLAN\WLAN\wlanutil.exe
E:\Programs\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox 2 Beta 2\firefox.exe
E:\Programs\DAP\DAP.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\sTano\My Documents\My Completed Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Programs\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [RemoteControl] E:\Programs\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [avast!] E:\Programs\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [dssdiag] C:\WINDOWS\system32\dssconf.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
O4 - HKLM\..\Run: [audiag] C:\WINDOWS\system32\audconf.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [µTorrent] "E:\Install\utorrent-1.6.1-beta-build-483.exe"
O4 - Global Startup: Wireless LAN Utility.lnk = C:\Program Files\WLAN\WLAN\wlanutil.exe
O8 - Extra context menu item: &Clean Traces - E:\Programs\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - E:\Programs\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - E:\Programs\DAP\dapextie2.htm
O8 - Extra context menu item: Download Using &BitSpirit - E:\Programs\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://E:\Programs\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Programs\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Programs\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Programs\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} :oops:
O17 - HKLM\System\CCS\Services\Tcpip\..\{C5A0C3AD-B782-419B-8136-AD69CCD84769}: NameServer = 172.20.0.1
O20 - AppInit_DLLs: iasamsre.dll e1.dll diagdss.dll statdss.dll confaud.dll audstat.dll
O20 - Winlogon Notify: atkcadpt - C:\WINDOWS\system32\atkcadpt.dll
O20 - Winlogon Notify: audmgr - C:\WINDOWS\SYSTEM32\audmgr32.dll
O20 - Winlogon Notify: dssconf - C:\WINDOWS\SYSTEM32\cfgdss.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Programs\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - E:\Programs\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - E:\Programs\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - E:\Programs\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - E:\Programs\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - E:\Programs\SiSoftware\SiSoftware Sandra Lite 2007\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - E:\Programs\SiSoftware\SiSoftware Sandra Lite 2007\RpcSandraSrv.exe
Napsal: ned 5. lis 2006, 13:58
od phz^
koukam asi neorigo okna bez zaplat ze, okamzite si smaz avast to neni antivir.... stahni si nod..
Napsal: ned 5. lis 2006, 14:04
od X-Spidy-X
jj, nod je best. Ale neodhali mali sripty z netu... Na to je asi nej ad-aware! Tohle vypnuti se da prerusit v prikazaku prikazem "shutdown -a", ale tim nevyresis ze se to pri pristim resetu nezacne zase vypinat. Zkus ten ad-aware nebo reinstal.
Jinak E:\Programs\DAP\DAP.EXE - neznam, pokud si to primo ty nestahoval a neinstaloval, vypni to a smaz ...
Napsal: ned 5. lis 2006, 14:08
od phz^
X-Spidy-X píše:jj, nod je best. Ale neodhali mali sripty z netu... Na to je asi nej ad-aware! Tohle vypnuti se da prerusit v prikazaku prikazem "shutdown -a", ale tim nevyresis ze se to pri pristim resetu nezacne zase vypinat. Zkus ten ad-aware nebo reinstal.
Jinak E:\Programs\DAP\DAP.EXE - neznam, pokud si to primo ty nestahoval a neinstaloval, vypni to a smaz ...
ad-aware je uplne na hovno... SpyBot jedine... jinak DAP je download accelerator plus..
Napsal: ned 5. lis 2006, 14:12
od phz^
nejjednodusi zpusob hod ten log z hijacku sem
http://www.hijackthis.de/cz
a uvidis sam
Napsal: ned 5. lis 2006, 16:49
od Stano K.
hnet na zaciatku DIkes vsetkym
- no odistalovalsom avast!
- naistaloval som NOD32 (mimochodom mi vypisuje abysom ho aktualizoval
- ale neviem ked
)-nenasiel nic!
- spustilsom SYBOTSD -> aktualizacia -nenasiel nic!
zatial nic
Napsal: ned 5. lis 2006, 17:13
od Stano K.
odskusane, nenasiel nic, iba 4 nezname aplikacie -> odstranene
stale nic !
Ten NOD32 je trialware da sa aj to upgrade, ak ano pls ako???
A mal by ist v pozadi ako avast, alebo ho teerba sem-tam pustit manualne???
Napsal: ned 5. lis 2006, 17:41
od phz^
sTano11 píše:
odskusane, nenasiel nic, iba 4 nezname aplikacie -> odstranene
stale nic !
Ten NOD32 je trialware da sa aj to upgrade, ak ano pls ako???
A mal by ist v pozadi ako avast, alebo ho teerba sem-tam pustit manualne???
nod je sice trial na 30dní ale aktualizace fungujou vzdy... (stahuj.cz)
na pozadi zadnej jinej antivir....
Napsal: ned 5. lis 2006, 18:37
od Stano K.
Este jedna otazocka teraz mam ten kerio (bezi v pozadi), potom este mam ten NOD32 a SpybotSD.Skusal som aj Ad-aware a neda sa spustit este ho skusim reinstalovat a uvidim. Toto mi staci na ochrabu??? Co mi este odporucate?
Mimochodom DIkes za rady.
Napsal: ned 5. lis 2006, 19:23
od Baron Prášil
no,
sTano11,nejdřív použij Avenger
http://www.viry.cz/forum/viewtopic.php?t=21484
a aktuální skript
http://www.viry.cz/avenger/stration.txt
udělej to alespoň 2x a potom sem postni novej log z HiJackThis
(máš tam požehnaně potvor rodu Warezov/Stration)
Napsal: ned 5. lis 2006, 20:25
od Stano K.
Baron Prášil píše:no...
no a teraz ten LOG:
Kód: Vybrat vše
Logfile of HijackThis v1.99.1
Scan saved at 20:21:31, on 5.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Install\utorrent-1.6.1-beta-build-483.exe
C:\Program Files\WLAN\WLAN\wlanutil.exe
C:\WINDOWS\System32\cisvc.exe
E:\Programs\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
E:\Programs\Kerio\Personal Firewall 4\kpf4gui.exe
E:\Programs\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Mozilla Firefox 2 Beta 2\firefox.exe
E:\Programs\Winamp\Winamp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\sTano\My Documents\My Completed Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Programs\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [dssdiag] C:\WINDOWS\system32\dssconf.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [µTorrent] "E:\Install\utorrent-1.6.1-beta-build-483.exe"
O4 - Global Startup: Wireless LAN Utility.lnk = C:\Program Files\WLAN\WLAN\wlanutil.exe
O8 - Extra context menu item: &Clean Traces - E:\Programs\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - E:\Programs\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - E:\Programs\DAP\dapextie2.htm
O8 - Extra context menu item: Download Using &BitSpirit - E:\Programs\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://E:\Programs\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Programs\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Programs\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Programs\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} :oops: http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{C5A0C3AD-B782-419B-8136-AD69CCD84769}: NameServer = 172.20.0.1
O20 - Winlogon Notify: atkcadpt - C:\WINDOWS\system32\atkcadpt.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - E:\Programs\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - E:\Programs\SiSoftware\SiSoftware Sandra Lite 2007\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - E:\Programs\SiSoftware\SiSoftware Sandra Lite 2007\RpcSandraSrv.exe
Napsal: ned 5. lis 2006, 21:06
od Baron Prášil
pěkně to vyčistil!
teď fixni v HijackThis
O4 - HKLM\..\Run: [dssdiag] C:\WINDOWS\system32\dssconf.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
O20 - Winlogon Notify: atkcadpt - C:\WINDOWS\system32\atkcadpt.dll
potom je pomocí killboxu zlikviduj
stahni si killbox
http://www.bleepingcomputer.com/files/s ... illBox.zip
rozbal,spust a do okýnka zkopíruj tučné
C:\WINDOWS\system32\dssconf.exe
C:\WINDOWS\system32\atkcadpt.dll
zaškrtni Delete on Reboot a Unregister .dll Before Deleting
a klikni na křížek.stroj pude do restartu
po restartu pošli ještě jeden log pro kontrolu
Napsal: ned 5. lis 2006, 21:26
od Stano K.
Baron Prášil píše:po restartu pošli ještě jeden log pro kontrolu
takze
Kód: Vybrat vše
Logfile of HijackThis v1.99.1
Scan saved at 21:24:39, on 5.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
E:\Install\utorrent-1.6.1-beta-build-483.exe
C:\Program Files\WLAN\WLAN\wlanutil.exe
C:\WINDOWS\System32\cisvc.exe
E:\Programs\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
E:\Programs\Kerio\Personal Firewall 4\kpf4gui.exe
E:\Programs\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Mozilla Firefox 2 Beta 2\firefox.exe
C:\Documents and Settings\sTano\My Documents\My Completed Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Programs\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [µTorrent] "E:\Install\utorrent-1.6.1-beta-build-483.exe"
O4 - Global Startup: Wireless LAN Utility.lnk = C:\Program Files\WLAN\WLAN\wlanutil.exe
O8 - Extra context menu item: &Clean Traces - E:\Programs\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - E:\Programs\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - E:\Programs\DAP\dapextie2.htm
O8 - Extra context menu item: Download Using &BitSpirit - E:\Programs\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://E:\Programs\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Programs\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Programs\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Programs\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{C5A0C3AD-B782-419B-8136-AD69CCD84769}: NameServer = 172.20.0.1
O20 - AppInit_DLLs: iasamsre.dll diagdss.dll statdss.dll
O20 - Winlogon Notify: atkcadpt - C:\WINDOWS\system32\atkcadpt.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - E:\Programs\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - E:\Programs\SiSoftware\SiSoftware Sandra Lite 2007\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - E:\Programs\SiSoftware\SiSoftware Sandra Lite 2007\RpcSandraSrv.exe
Napsal: ned 5. lis 2006, 22:00
od Baron Prášil
většina je pryč,ale něco se tam ještě ukázalo,tak použij znova Avenger a tenhle upravenej skript
Kód: Vybrat vše
Files to delete:
%windir%\cc2.exe
%windir%\cc3.exe
%windir%\hv4e05.dll
%windir%\chater.exe
%windir%\msout.exe
nd%windir%\serrv.c
%windir%\serrv.exe
%windir%\serrv.wax
%windir%\serv.exe
%windir%\serv.wax
%windir%\sserrvv.exe
%windir%\system32\actidmoc.exe
%windir%\system32\alerter.exe
%windir%\system32\atrconf.exe
%windir%\system32\attmgr32.dll
%windir%\system32\attstat.dll
%windir%\system32\audconf.exe
%windir%\system32\audmgr32.dll
%windir%\system32\audstat.dll
%windir%\system32\brwconf.exe
%windir%\system32\brwmgr32.dll
%windir%\system32\brwstat.dll
%windir%\system32\cfgd3d.dll
%windir%\system32\cfgmmprm.dll
%windir%\system32\confatt.dll
%windir%\system32\confaud.dll
%windir%\system32\confbrw.dll
%windir%\system32\confcon.dll
%windir%\system32\confega.dll
%windir%\system32\conmgr32.dll
%windir%\system32\conperf.exe
%windir%\system32\conprf32.dll
%windir%\system32\constat.dll
%windir%\system32\cp8xpqj.dll
%windir%\system32\cssewmpd
%windir%\system32\decconf.exe
%windir%\system32\dfssrasc.dll
%windir%\system32\dfssrasc.exe
%windir%\system32\diagd3d.dll
%windir%\system32\dmimmdt2.exe
%windir%\system32\dpugmswe.dll
%windir%\system32\dssconf.exe
%windir%\system32\dxtmsft3.dll
%windir%\system32\e1.dll
%windir%\system32\egaavi.exe
%windir%\system32\egamgr32.dll
%windir%\system32\egastat.dll
%windir%\system32\egperf32.dll
%windir%\system32\evenncob.dll
%windir%\system32\fsxsh4.dll
%windir%\system32\gtmqf608r7.dll
%windir%\system32\hypewmv9.exe
%windir%\system32\ipsecmon.exe
%windir%\system32\ipsmwebh.exe
%windir%\system32\ipxpextm.exe
%windir%\system32\ipxwshel.exe
%windir%\system32\iuennwcf.dll
%windir%\system32\ixsswmas.exe
%windir%\system32\j2t3crh.dll
%windir%\system32\jgdwadsn.dll
%windir%\system32\jgdwadsn.exe
%windir%\system32\kbdfwshe.exe
%windir%\system32\lprmneth.dll
%windir%\system32\lprmneth.exe
%windir%\system32\ml7swr.exe
%windir%\system32\mp4sglmf.dll
%windir%\system32\mqadscp3.exe
%windir%\system32\msihftpw.dll
%windir%\system32\msisnwcf.dll
%windir%\system32\msrdtscf.exe
%windir%\system32\mstsodbc.exe
%windir%\system32\narrwshr.dll
%windir%\system32\netfrtm.dll
%windir%\system32\offfmsre.dll
%windir%\system32\psapdani.dll
%windir%\system32\psbaavic.dll
%windir%\system32\psbamtxe.dll
%windir%\system32\regaufat.dll
%windir%\system32\samsusrr.dll
%windir%\system32\samsusrr.exe
%windir%\system32\scsm.exe
%windir%\system32\shsvmdim.dll
%windir%\system32\snmpmmcn.dll
%windir%\system32\statd3d.dll
%windir%\system32\sysshtic.dll
%windir%\system32\sysshtic.exe
%windir%\system32\trkwpipa.exe
%windir%\system32\tscfvjoy.dll
%windir%\system32\ujn6oqt.dll
%windir%\system32\ulibofff.exe
%windir%\system32\uregdeve.dll
%windir%\system32\uregdeve.exe
%windir%\system32\vbscqdv.exe
%windir%\system32\vdshlicw.exe
%windir%\system32\vmhevnet.dll
%windir%\system32\vmhevnet.exe
%windir%\system32\w3sskbda.dll
%windir%\system32\winbpowr.exe
%windir%\system32\wmnecomc.dll
%windir%\system32\wmpcskdl.dll
%windir%\system32\wshtlprh.dll
%windir%\system32\wupstlnt.dll
%windir%\system32\xactcomr.exe
%windir%\system32\yapconf.exe
%windir%\t2serv.dll
%windir%\t2serv.s
%windir%\t2serv.wax
%windir%\msupdtwiz.exe
%windir%\cc5.exe
%windir%\diagdss.dll
%windir%\iasamsre.dll
%windir%\statdss.dll
Registry values to replace with dummy:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs
Registry keys to delete:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\attmgr
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\audmgr
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\brwmgr
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\conmgr
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\decstat
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dfssrasc
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dssmgr
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jgdwadsn
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\lprmneth
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psbamtxe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\samsusrr
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sysshtic
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\uregdeve
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vmhevnet
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iasamsre
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\diagdss
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\statdss
Registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | audiag
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | brwdiag
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | ciodiag
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | davctool
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | egdiag
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | ipxwshel
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | mqadscp3
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | serv
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | sserrvv
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | t2serv
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | ulibofff
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | msupdtwiz
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | chater.exe
potom novej log z HJT
edit// omlouvám se za úpravu skriptu
Napsal: ned 5. lis 2006, 22:10
od Stano K.
Kód: Vybrat vše
Logfile of HijackThis v1.99.1
Scan saved at 22:09:08, on 5.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
E:\Install\utorrent-1.6.1-beta-build-483.exe
C:\Program Files\WLAN\WLAN\wlanutil.exe
C:\WINDOWS\System32\cisvc.exe
E:\Programs\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
E:\Programs\Kerio\Personal Firewall 4\kpf4gui.exe
E:\Programs\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Mozilla Firefox 2 Beta 2\firefox.exe
C:\Documents and Settings\sTano\My Documents\My Completed Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Programs\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [µTorrent] "E:\Install\utorrent-1.6.1-beta-build-483.exe"
O4 - Global Startup: Wireless LAN Utility.lnk = C:\Program Files\WLAN\WLAN\wlanutil.exe
O8 - Extra context menu item: &Clean Traces - E:\Programs\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - E:\Programs\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - E:\Programs\DAP\dapextie2.htm
O8 - Extra context menu item: Download Using &BitSpirit - E:\Programs\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://E:\Programs\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Programs\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Programs\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Programs\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{C5A0C3AD-B782-419B-8136-AD69CCD84769}: NameServer = 172.20.0.1
O20 - Winlogon Notify: atkcadpt - C:\WINDOWS\system32\atkcadpt.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - E:\Programs\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - E:\Programs\SiSoftware\SiSoftware Sandra Lite 2007\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - E:\Programs\SiSoftware\SiSoftware Sandra Lite 2007\RpcSandraSrv.exe
Napsal: ned 5. lis 2006, 22:13
od Baron Prášil
jo jo,mělo by to bejt ok.
jak se chová kompjůtr?
DIkes moooc pekne!!!
Napsal: ned 5. lis 2006, 22:22
od Stano K.
Baron Prášil píše:jo jo,mělo by to bejt ok.
jak se chová kompjůtr?
ok podla mna fakt super asi
restarty uz niesu, pamet opet mam spet cca 200MB vyuzitych,
a aj narocnejie programy uz nepadaju
DIkes moc pekne
PS: ako si stim vedel rady to by ma fakt zaujimalo, nahodou nedoucujes
Napsal: ned 5. lis 2006, 22:35
od Shit
phz^ píše:...okamzite si smaz avast to neni antivir.... stahni si nod..
Existují i antiviráky, které mají podstatně lepší detekční schopnosti než Avast a jsou přitom legálně free (NOD32 v plné verzi patří mezi placený software).... A updaty trialek NODu32 jsou "trochu" opožděné při aktualizacích narozdíl od placených plných verzích NODu 32....
A na druhou stranu: Neodsuzujte Avast, není to špatný produkt.... (má některé funkce, které nemá ani NOD32 nebo Kaspersky) -> ale jsou i lepší freewarové antiviry ....
Re: DIkes moooc pekne!!!
Napsal: ned 5. lis 2006, 23:08
od Baron Prášil
neni za co
PS: ako si stim vedel rady to by ma fakt zaujimalo, nahodou nedoucujes
sám se učim
jinak doporučuju
http://viry.cz/forum/ a Gůgl
to sou tuny studijního materiálu
Re: DIkes moooc pekne!!!
Napsal: pon 6. lis 2006, 19:23
od Stano K.
DIk, asi idem sa tam registrovat