ALERT VIRUS
ALERT VIRUS
Ahoj všichni, poradí mi prosím Vás někdo co udělat, aby se mi přestala neustále objevovat na liště ikona ALERT VIRUS - Váš PC je ohrožen virem ..... ? Spustil jsem ADAWARE, CCLEANER, SEARCH&DESTROY, NOD32. PC je zřejmě čisté, ale v NOD32 mi to našlo nějaké viry v TEMPu a to je asi ten problém. Spustil jsem KILLBOX, kde jsem zadal tu cestu ale on to nenašel. Díky
VIRUS ALERT !
Tady je ten HJT.Logfile of HijackThis v1.99.1
Scan saved at 20:31:23, on 24.3.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Winamp\Winampa.exe
C:\DRIVERS\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: (no name) - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\DRIVERS\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 0977899195
O17 - HKLM\System\CCS\Services\Tcpip\..\{93A193D5-5DDA-4E4F-AB32-F87E802AB7AA}: NameServer = 194.228.41.65 194.228.41.113
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
Scan saved at 20:31:23, on 24.3.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Winamp\Winampa.exe
C:\DRIVERS\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: (no name) - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\DRIVERS\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 0977899195
O17 - HKLM\System\CCS\Services\Tcpip\..\{93A193D5-5DDA-4E4F-AB32-F87E802AB7AA}: NameServer = 194.228.41.65 194.228.41.113
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
- mijaja
- Tvůrce článků
-
Level 6.5
- Příspěvky: 4136
- Registrován: září 05
- Bydliště: Zlín
- Pohlaví:
- Stav:
Offline
- Kontakt:
Tak už se ti tam podařilo dostat nějakou havěť.
Fixni v hijackthisu tyto řádky:
O2 - BHO: (no name) - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
Tohle fixni a potom najdi ten červený soubor na disku a smaž. Nejlépe celou složku RXToolbar Potom vyprázdni složky Temp, Temporary Internet Files a Koš a restartuj. Dej nový log na kontrolu.
Fixni v hijackthisu tyto řádky:
O2 - BHO: (no name) - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
Tohle fixni a potom najdi ten červený soubor na disku a smaž. Nejlépe celou složku RXToolbar Potom vyprázdni složky Temp, Temporary Internet Files a Koš a restartuj. Dej nový log na kontrolu.
VIRUS ALERT !
Takže jsem zaškrtnul ty věci, vymazal TEMP ale ten sfcont.dll jsem v hledáčku nenašel ani ten RXToolbar. Restartoval jsem a je to tam znovu. Tady HJT:
Logfile of HijackThis v1.99.1
Scan saved at 21:23:46, on 24.3.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Winamp\Winampa.exe
C:\DRIVERS\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\DRIVERS\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 0977899195
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
Logfile of HijackThis v1.99.1
Scan saved at 21:23:46, on 24.3.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Winamp\Winampa.exe
C:\DRIVERS\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\DRIVERS\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 0977899195
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
- mijaja
- Tvůrce článků
-
Level 6.5
- Příspěvky: 4136
- Registrován: září 05
- Bydliště: Zlín
- Pohlaví:
- Stav:
Offline
- Kontakt:
Fajn, log je už čistý. Takže ještě ti to tam vyskakuje? Jestli ano, budeme muset udělat podrobnější skenování MWAVem.
Být tebou, tak se zbavím BearShare je to program, který ssebou tahá malware. Nebo ho teda aspoň fixni v HJT:
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
Být tebou, tak se zbavím BearShare je to program, který ssebou tahá malware. Nebo ho teda aspoň fixni v HJT:
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
VIRUS ALERT !
Fixnul jsem BEARSHARE, ale pořád to bliká. Nevím co to je MWAV jak jsi psal, že to tím ještě vyčistíme, tak mi prosím poraď co a jak dál. Ale už to necháme na zítra. Dík
VIRUS ALERT !
Tak jsem spustil ten MWAV a napsal mi tam toho hodně, tak se pokusím zaslat ty věci které jsi mi říkal :
File C:\WINDOWS\system32\ld7FB9.tmp infected by "Trojan-Downloader.Win32.Zlob.ia" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\system32\dfrgsrv.exe infected by "Trojan-Downloader.Win32.Zlob.ia" Virus! Action Taken: No Action Taken.
ERROR!!! Invalid Entry eMuleAutoStart = C:\Program Files\eMule\emule.exe -AutoStart (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken.
ERROR!!! Invalid Entry \??\D:\INSTALL\GMSIPCI.SYS in SYSTEM\CurrentControlSet\Services\GMSIPCI...
Sat Mar 25 10:52:02 2006 => Loading Spyware Signatures from new External Database (Size: 154365).
Sat Mar 25 10:52:10 2006 => Indexed Spyware Databases Successfully Created...
Sat Mar 25 10:52:16 2006 => System found infected with whenu.savenow Spyware/Adware ({c285d18d-43a2-4aef-83fb-bf280e660a97})! Action taken: No Action Taken.
Sat Mar 25 10:52:17 2006 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\uninstall\ares !!!
Sat Mar 25 10:52:17 2006 => Object "ares Spyware/Adware" found in File System! Action Taken: No Action Taken.
Sat Mar 25 10:52:17 2006 => Offending Key found: HKLM\Software\magnet\handlers\limewire !!!
Sat Mar 25 10:52:17 2006 => Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.
Sat Mar 25 10:52:18 2006 => Offending Key found: HKLM\Software\kazaa !!!
Sat Mar 25 10:52:18 2006 => Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Sat Mar 25 10:52:18 2006 => Offending Key found: HKCU\Software\ares !!!
Sat Mar 25 10:52:18 2006 => Object "ares Spyware/Adware" found in File System! Action Taken: No Action Taken.
Sat Mar 25 10:52:18 2006 => Offending Key found: HKCU\Software\kazaa !!!
Sat Mar 25 10:52:18 2006 => Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Sat Mar 25 10:52:18 2006 => Offending Key found: HKCU\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\ares !!!
Sat Mar 25 10:52:18 2006 => Object "ares Spyware/Adware" found in File System! Action Taken: No Action Taken.
Sat Mar 25 10:52:19 2006 => Offending Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\ares !!!
Sat Mar 25 10:52:19 2006 => Object "ares Spyware/Adware" found in File System! Action Taken: No Action Taken.
Sat Mar 25 10:52:20 2006 => Offending Folder found: C:\WINDOWS\system32\1024
Sat Mar 25 10:52:20 2006 => Object "smitfraud variant Browser Hijacker" found in File System! Action Taken: No Action Taken.
Sat Mar 25 10:52:20 2006 => Offending file found: C:\WINDOWS\system32\dfrgsrv.exe
Sat Mar 25 10:52:20 2006 => System found infected with spyfalcon Trojan (dfrgsrv.exe)! Action taken: No Action Taken.
Sat Mar 25 10:52:20 2006 => Offending file found: C:\WINDOWS\system32\ginuerep.dll
Sat Mar 25 10:52:20 2006 => System found infected with spyfalcon Trojan (ginuerep.dll)! Action taken: No Action Taken.
Sat Mar 25 10:52:20 2006 => Offending file found: C:\WINDOWS\system32\ncompat.tlb
Sat Mar 25 10:52:20 2006 => System found infected with smitfraud variant Browser Hijacker (ncompat.tlb)! Action taken: No Action Taken.
Sat Mar 25 10:52:20 2006 => Offending file found: C:\WINDOWS\system32\nvctrl.exe
Sat Mar 25 10:52:20 2006 => System found infected with trojan.zlob.e Browser Hijacker (nvctrl.exe)! Action taken: No Action Taken.
Sat Mar 25 10:52:20 2006 => Offending file found: C:\WINDOWS\system32\ot.ico
Sat Mar 25 10:52:20 2006 => System found infected with smitfraud variant Browser Hijacker (ot.ico)! Action taken: No Action Taken.
Sat Mar 25 10:52:20 2006 => Offending Folder found: C:\Program Files\ares
Sat Mar 25 10:52:20 2006 => Object "ares Spyware/Adware" found in File System! Action Taken: No Action Taken.
Sat Mar 25 10:52:21 2006 => Offending Folder found: C:\Documents and Settings\liska\Data aplikací\limewire
Sat Mar 25 10:52:21 2006 => Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.
Sat Mar 25 10:52:22 2006 => Offending file found: C:\Documents and Settings\liska\Oblíbené položky\antivirus test online.url
Sat Mar 25 10:52:22 2006 => System found infected with smitfraud variant Browser Hijacker (antivirus test online.url)! Action taken: No Action Taken.
Sat Mar 25 10:52:23 2006 => Offending Folder found: C:\Documents and Settings\liska\Nabídka Start\programy\ares
Sat Mar 25 10:52:23 2006 => Object "ares Spyware/Adware" found in File System! Action Taken: No Action Taken.
Sat Mar 25 10:52:23 2006 => Offending Folder found: C:\Documents and Settings\liska\Nabídka Start\Programy\ares
Sat Mar 25 10:52:23 2006 => Object "ares Spyware/Adware" found in File System! Action Taken: No Action Taken.
Sat Mar 25 10:52:23 2006 => Offending Folder found: C:\Documents and Settings\liska\Local Settings\data aplikací\ares
Sat Mar 25 10:52:23 2006 => Object "ares Spyware/Adware" found in File System! Action Taken: No Action Taken.
Sat Mar 25 10:52:24 2006 => Offending Folder found: C:\Documents and Settings\liska\Local Settings\Data aplikací\ares
Sat Mar 25 10:52:24 2006 => Object "ares Spyware/Adware" found in File System! Action Taken: No Action Taken.
Sat Mar 25 10:52:27 2006 => Offending file found: C:\Documents and Settings\All Users\Nabídka Start\online security guide.url
Sat Mar 25 10:52:27 2006 => System found infected with smitfraud variant Browser Hijacker (online security guide.url)! Action taken: No Action Taken.
Sat Mar 25 10:52:28 2006 => Offending file found: C:\Documents and Settings\All Users\Nabídka Start\security troubleshooting.url
Sat Mar 25 10:52:28 2006 => System found infected with smitfraud variant Browser Hijacker (security troubleshooting.url)! Action taken: No Action Taken.
Sat Mar 25 10:52:28 2006 => Offending file found: C:\WINDOWS\system32\uninstall.exe
Sat Mar 25 10:52:28 2006 => System found infected with cws.smartsearch Browser Hijacker (C:\WINDOWS\system32\uninstall.exe)! Action taken: No Action Taken.
Sat Mar 25 10:52:28 2006 => Offending file found: C:\WINDOWS\system32\ctfmon.exe
Sat Mar 25 10:52:28 2006 => System found infected with family keylogger Commercial KeyLogger (C:\WINDOWS\system32\ctfmon.exe)! Action taken: No Action Taken.
File C:\WINDOWS\system32\ld7FB9.tmp infected by "Trojan-Downloader.Win32.Zlob.ia" Virus! Action Taken: No Action Taken.
Sat Mar 25 10:56:14 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy\Recovery\Altnet.zip is Not Scanned
Sat Mar 25 10:56:14 2006 => C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy\Recovery\Altnet.zip not Scanned. Possibly password protected...
Sat Mar 25 10:56:14 2006 => Scanning File C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy\Recovery\InstaFink.zip
Sat Mar 25 10:56:14 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy\Recovery\InstaFink.zip is Not Scanned
Sat Mar 25 10:56:14 2006 => C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy\Recovery\InstaFink.zip not Scanned. Possibly password protected...
Sat Mar 25 10:56:14 2006 => Scanning File C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy\Recovery\Overview.ini [**]
Sat Mar 25 10:56:14 2006 => Scanning File C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy\Recovery\PestTrap.zip
Sat Mar 25 10:56:14 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy\Recovery\PestTrap.zip is Not Scanned
Sat Mar 25 10:56:14 2006 => C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy\Recovery\PestTrap.zip not Scanned. Possibly password protected...
Sat Mar 25 10:56:14 2006 => Scanning File C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy\Recovery\PestTrap1.zip
Sat Mar 25 10:56:14 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy\Recovery\PestTrap1.zip is Not Scanned
Sat Mar 25 10:56:14 2006 => C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy\Recovery\PestTrap1.zip not Scanned. Possibly password protected...
Sat Mar 25 10:56:14 2006 => Scanning File C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy\Recovery\SmitfraudC.zip
Sat Mar 25 10:56:14 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy\Recovery\SmitfraudC.zip is Not Scanned
Sat Mar 25 10:56:14 2006 => C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy\Recovery\SmitfraudC.zip not Scanned. Possibly password protected...
Sat Mar 25 10:56:14 2006 => Scanning File C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip
Sat Mar 25 10:56:14 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip is Not Scanned
Sat Mar 25 10:56:14 2006 => C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip not Scanned. Possibly password protected...
Sat Mar 25 10:56:14 2006 => Scanning File C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy\Recovery\Vcodec.zip
Sat Mar 25 10:56:14 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy\Recovery\Vcodec.zip is Not Scanned
Sat Mar 25 10:56:14 2006 => C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy\Recovery\Vcodec.zip not Scanned. Possibly password protected...
Sat Mar 25 10:56:14 2006 => Scanning File C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy\Recovery\Vcodec1.zip
Sat Mar 25 10:56:14 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy\Recovery\Vcodec1.zip is Not Scanned
Sat Mar 25 10:56:14 2006 => C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy\Recovery\Vcodec1.zip not Scanned. Possibly password protected...
Sat Mar 25 10:56:14 2006 => Scanning File C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy\Recovery\Vcodec2.zip
Sat Mar 25 10:56:14 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy\Recovery\Vcodec2.zip is Not Scanned
Sat Mar 25 10:56:14 2006 => C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy\Recovery\Vcodec2.zip not Scanned. Possibly password protected...
Sat Mar 25 10:56:14 2006 => Scanning File C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy\Recovery\Vcodec3.zip
Sat Mar 25 10:56:14 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy\Recovery\Vcodec3.zip is Not Scanned
S
at Mar 25 10:56:14 2006 => C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy\Recovery\Vcodec3.zip not Scanned. Possibly password protected...
Sat Mar 25 11:23:10 2006 => File C:\Program Files\ESET\infected\0DSBN0DA.NQF tagged as "not-a-virus:AdWare.Win32.SaveNow.bo". Action Taken: No Action Taken.Sat Mar 25 11:23:11 2006 => File C:\Program Files\ESET\infected\4DZAN3CA.NQF tagged as "not-a-virus:AdWare.Win32.Gator.3124". Action Taken: No Action Taken.Sat Mar 25 11:23:11 2006 => File C:\Program Files\ESET\infected\5B0BNVCA.NQF tagged as "not-a-Sat Mar 25 11:23:12 2006 => File C:\Program Files\ESET\infected\D0YMUHDA.NQF tagged as "not-a-virus:Porn-Dialer.Win32.InstantAccess.q". Action Taken: No Action Taken.virus:AdWare.Win32.Gator.3124". Action Taken: No Sat Mar 25 11:23:18 2006 => File C:\Program Files\ESET\infected\FLIKMIBA.NQF tagged as "not-a-virus:AdWare.Win32.BetterInternet.ba". Action Taken: No Action Taken.Action Taken.
Sat Mar 25 11:23:19 2006 => File C:\Program Files\ESET\infected\HV4C4HBA.NQF infected by "Trojan-Downloader.Win32.Zlob.is" Virus! Action Taken: No Action Taken.
Sat Mar 25 11:23:23 2006 => File C:\Program Files\ESET\infected\JBSSV0DA.NQF tagged as "not-a-virus:AdWare.Win32.Altnet.d". Action Taken: No Action Taken.
Sat Mar 25 11:23:23 2006 => File C:\Program Files\ESET\infected\KBT3PACA.NQF tagged as "not-a-virus:Porn-Dialer.Win32.FreeFoto". Action Taken: No Action Taken.
Sat Mar 25 11:23:23 2006 => File C:\Program Files\ESET\infected\MVAZ11AA.NQF infected by "Trojan-Downloader.Win32.Small.ayl" Virus! Action Taken: No Action Taken.
Sat Mar 25 11:23:27 2006 => File C:\Program Files\ESET\infected\NT1S4PDA.NQF tagged as "not-a-virus:AdWare.Win32.Altnet.a". Action Taken: No Action Taken.
Sat Mar 25 11:23:27 2006 => File C:\Program Files\ESET\infected\PNCNIGDA.NQF tagged as "not-a-virus:AdWare.Win32.SaveNow.bo". Action Taken: No Action Taken.
Sat Mar 25 11:23:31 2006 => File C:\Program Files\ESET\infected\SWUVYVDA.NQF tagged as "not-a-virus:AdWare.Win32.Altnet.b". Action Taken: No Action Taken.
Sat Mar 25 11:23:31 2006 => File C:\Program Files\ESET\infected\T05VHGCA.NQF infected by "Trojan-Downloader.Win32.Small.ayl" Virus! Action Taken: No Action Taken.
Sat Mar 25 11:23:31 2006 => File C:\Program Files\ESET\infected\VFFUCFCA.NQF infected by "Trojan-Downloader.Win32.Small.ayl" Virus! Action Taken: No Action Taken.
Sat Mar 25 12:35:36 2006 => File C:\WINDOWS\system32\ld7FB9.tmp infected by "Trojan-Downloader.Win32.Zlob.ia" Virus! Action Taken: No Action Taken.
Sat Mar 25 12:38:25 2006 => ***** Checking for specific ITW Viruses *****
Sat Mar 25 12:38:26 2006 => Checking for Welchia Virus...
Sat Mar 25 12:38:26 2006 => Checking for LovGate Virus...
Sat Mar 25 12:38:26 2006 => Checking for CodeRed Virus...
Sat Mar 25 12:38:26 2006 => Checking for OpaServ Virus...
Sat Mar 25 12:38:26 2006 => Checking for Sobig.e Virus...
Sat Mar 25 12:38:26 2006 => Checking for Winupie Virus...
Sat Mar 25 12:38:26 2006 => Checking for Swen Virus...
Sat Mar 25 12:38:26 2006 => Checking for JS.Fortnight Virus...
Sat Mar 25 12:38:26 2006 => Checking for Novarg Virus...
Sat Mar 25 12:38:26 2006 => Checking for Pagabot Virus...
Sat Mar 25 12:38:26 2006 => Checking for Parite.b Virus...
Sat Mar 25 12:38:26 2006 => Checking for Parite.a Virus...
Sat Mar 25 12:38:26 2006 => Checking for Adware.SeekSeek Virus...
Sat Mar 25 12:38:26 2006 => ***** Scanning complete. *****
Sat Mar 25 12:38:26 2006 => Total Objects Scanned: 59949
Sat Mar 25 12:38:26 2006 => Total Critical Objects: 44
Sat Mar 25 12:38:26 2006 => Total Disinfected Objects: 0
Sat Mar 25 12:38:26 2006 => Total Objects Renamed: 0
Sat Mar 25 12:38:26 2006 => Total Deleted Objects: 0
Sat Mar 25 12:38:26 2006 => Total Errors: 16
Sat Mar 25 12:38:26 2006 => Time Elapsed: 01:48:48
Sat Mar 25 12:38:26 2006 => Virus Database Date: 3/24/2006
Sat Mar 25 12:38:26 2006 => Virus Database Count: 183808
Sat Mar 25 12:38:26 2006 => Scan Completed.
Asi jsou tam i věci navíc ale nevím jaké, takže se nezlob že je toho tolik.
File C:\WINDOWS\system32\ld7FB9.tmp infected by "Trojan-Downloader.Win32.Zlob.ia" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\system32\dfrgsrv.exe infected by "Trojan-Downloader.Win32.Zlob.ia" Virus! Action Taken: No Action Taken.
ERROR!!! Invalid Entry eMuleAutoStart = C:\Program Files\eMule\emule.exe -AutoStart (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken.
ERROR!!! Invalid Entry \??\D:\INSTALL\GMSIPCI.SYS in SYSTEM\CurrentControlSet\Services\GMSIPCI...
Sat Mar 25 10:52:02 2006 => Loading Spyware Signatures from new External Database (Size: 154365).
Sat Mar 25 10:52:10 2006 => Indexed Spyware Databases Successfully Created...
Sat Mar 25 10:52:16 2006 => System found infected with whenu.savenow Spyware/Adware ({c285d18d-43a2-4aef-83fb-bf280e660a97})! Action taken: No Action Taken.
Sat Mar 25 10:52:17 2006 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\uninstall\ares !!!
Sat Mar 25 10:52:17 2006 => Object "ares Spyware/Adware" found in File System! Action Taken: No Action Taken.
Sat Mar 25 10:52:17 2006 => Offending Key found: HKLM\Software\magnet\handlers\limewire !!!
Sat Mar 25 10:52:17 2006 => Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.
Sat Mar 25 10:52:18 2006 => Offending Key found: HKLM\Software\kazaa !!!
Sat Mar 25 10:52:18 2006 => Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Sat Mar 25 10:52:18 2006 => Offending Key found: HKCU\Software\ares !!!
Sat Mar 25 10:52:18 2006 => Object "ares Spyware/Adware" found in File System! Action Taken: No Action Taken.
Sat Mar 25 10:52:18 2006 => Offending Key found: HKCU\Software\kazaa !!!
Sat Mar 25 10:52:18 2006 => Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Sat Mar 25 10:52:18 2006 => Offending Key found: HKCU\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\ares !!!
Sat Mar 25 10:52:18 2006 => Object "ares Spyware/Adware" found in File System! Action Taken: No Action Taken.
Sat Mar 25 10:52:19 2006 => Offending Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\ares !!!
Sat Mar 25 10:52:19 2006 => Object "ares Spyware/Adware" found in File System! Action Taken: No Action Taken.
Sat Mar 25 10:52:20 2006 => Offending Folder found: C:\WINDOWS\system32\1024
Sat Mar 25 10:52:20 2006 => Object "smitfraud variant Browser Hijacker" found in File System! Action Taken: No Action Taken.
Sat Mar 25 10:52:20 2006 => Offending file found: C:\WINDOWS\system32\dfrgsrv.exe
Sat Mar 25 10:52:20 2006 => System found infected with spyfalcon Trojan (dfrgsrv.exe)! Action taken: No Action Taken.
Sat Mar 25 10:52:20 2006 => Offending file found: C:\WINDOWS\system32\ginuerep.dll
Sat Mar 25 10:52:20 2006 => System found infected with spyfalcon Trojan (ginuerep.dll)! Action taken: No Action Taken.
Sat Mar 25 10:52:20 2006 => Offending file found: C:\WINDOWS\system32\ncompat.tlb
Sat Mar 25 10:52:20 2006 => System found infected with smitfraud variant Browser Hijacker (ncompat.tlb)! Action taken: No Action Taken.
Sat Mar 25 10:52:20 2006 => Offending file found: C:\WINDOWS\system32\nvctrl.exe
Sat Mar 25 10:52:20 2006 => System found infected with trojan.zlob.e Browser Hijacker (nvctrl.exe)! Action taken: No Action Taken.
Sat Mar 25 10:52:20 2006 => Offending file found: C:\WINDOWS\system32\ot.ico
Sat Mar 25 10:52:20 2006 => System found infected with smitfraud variant Browser Hijacker (ot.ico)! Action taken: No Action Taken.
Sat Mar 25 10:52:20 2006 => Offending Folder found: C:\Program Files\ares
Sat Mar 25 10:52:20 2006 => Object "ares Spyware/Adware" found in File System! Action Taken: No Action Taken.
Sat Mar 25 10:52:21 2006 => Offending Folder found: C:\Documents and Settings\liska\Data aplikací\limewire
Sat Mar 25 10:52:21 2006 => Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.
Sat Mar 25 10:52:22 2006 => Offending file found: C:\Documents and Settings\liska\Oblíbené položky\antivirus test online.url
Sat Mar 25 10:52:22 2006 => System found infected with smitfraud variant Browser Hijacker (antivirus test online.url)! Action taken: No Action Taken.
Sat Mar 25 10:52:23 2006 => Offending Folder found: C:\Documents and Settings\liska\Nabídka Start\programy\ares
Sat Mar 25 10:52:23 2006 => Object "ares Spyware/Adware" found in File System! Action Taken: No Action Taken.
Sat Mar 25 10:52:23 2006 => Offending Folder found: C:\Documents and Settings\liska\Nabídka Start\Programy\ares
Sat Mar 25 10:52:23 2006 => Object "ares Spyware/Adware" found in File System! Action Taken: No Action Taken.
Sat Mar 25 10:52:23 2006 => Offending Folder found: C:\Documents and Settings\liska\Local Settings\data aplikací\ares
Sat Mar 25 10:52:23 2006 => Object "ares Spyware/Adware" found in File System! Action Taken: No Action Taken.
Sat Mar 25 10:52:24 2006 => Offending Folder found: C:\Documents and Settings\liska\Local Settings\Data aplikací\ares
Sat Mar 25 10:52:24 2006 => Object "ares Spyware/Adware" found in File System! Action Taken: No Action Taken.
Sat Mar 25 10:52:27 2006 => Offending file found: C:\Documents and Settings\All Users\Nabídka Start\online security guide.url
Sat Mar 25 10:52:27 2006 => System found infected with smitfraud variant Browser Hijacker (online security guide.url)! Action taken: No Action Taken.
Sat Mar 25 10:52:28 2006 => Offending file found: C:\Documents and Settings\All Users\Nabídka Start\security troubleshooting.url
Sat Mar 25 10:52:28 2006 => System found infected with smitfraud variant Browser Hijacker (security troubleshooting.url)! Action taken: No Action Taken.
Sat Mar 25 10:52:28 2006 => Offending file found: C:\WINDOWS\system32\uninstall.exe
Sat Mar 25 10:52:28 2006 => System found infected with cws.smartsearch Browser Hijacker (C:\WINDOWS\system32\uninstall.exe)! Action taken: No Action Taken.
Sat Mar 25 10:52:28 2006 => Offending file found: C:\WINDOWS\system32\ctfmon.exe
Sat Mar 25 10:52:28 2006 => System found infected with family keylogger Commercial KeyLogger (C:\WINDOWS\system32\ctfmon.exe)! Action taken: No Action Taken.
File C:\WINDOWS\system32\ld7FB9.tmp infected by "Trojan-Downloader.Win32.Zlob.ia" Virus! Action Taken: No Action Taken.
Sat Mar 25 10:56:14 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy\Recovery\Altnet.zip is Not Scanned
Sat Mar 25 10:56:14 2006 => C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy\Recovery\Altnet.zip not Scanned. Possibly password protected...
Sat Mar 25 10:56:14 2006 => Scanning File C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy\Recovery\InstaFink.zip
Sat Mar 25 10:56:14 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy\Recovery\InstaFink.zip is Not Scanned
Sat Mar 25 10:56:14 2006 => C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy\Recovery\InstaFink.zip not Scanned. Possibly password protected...
Sat Mar 25 10:56:14 2006 => Scanning File C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy\Recovery\Overview.ini [**]
Sat Mar 25 10:56:14 2006 => Scanning File C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy\Recovery\PestTrap.zip
Sat Mar 25 10:56:14 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy\Recovery\PestTrap.zip is Not Scanned
Sat Mar 25 10:56:14 2006 => C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy\Recovery\PestTrap.zip not Scanned. Possibly password protected...
Sat Mar 25 10:56:14 2006 => Scanning File C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy\Recovery\PestTrap1.zip
Sat Mar 25 10:56:14 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy\Recovery\PestTrap1.zip is Not Scanned
Sat Mar 25 10:56:14 2006 => C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy\Recovery\PestTrap1.zip not Scanned. Possibly password protected...
Sat Mar 25 10:56:14 2006 => Scanning File C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy\Recovery\SmitfraudC.zip
Sat Mar 25 10:56:14 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy\Recovery\SmitfraudC.zip is Not Scanned
Sat Mar 25 10:56:14 2006 => C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy\Recovery\SmitfraudC.zip not Scanned. Possibly password protected...
Sat Mar 25 10:56:14 2006 => Scanning File C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip
Sat Mar 25 10:56:14 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip is Not Scanned
Sat Mar 25 10:56:14 2006 => C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip not Scanned. Possibly password protected...
Sat Mar 25 10:56:14 2006 => Scanning File C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy\Recovery\Vcodec.zip
Sat Mar 25 10:56:14 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy\Recovery\Vcodec.zip is Not Scanned
Sat Mar 25 10:56:14 2006 => C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy\Recovery\Vcodec.zip not Scanned. Possibly password protected...
Sat Mar 25 10:56:14 2006 => Scanning File C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy\Recovery\Vcodec1.zip
Sat Mar 25 10:56:14 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy\Recovery\Vcodec1.zip is Not Scanned
Sat Mar 25 10:56:14 2006 => C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy\Recovery\Vcodec1.zip not Scanned. Possibly password protected...
Sat Mar 25 10:56:14 2006 => Scanning File C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy\Recovery\Vcodec2.zip
Sat Mar 25 10:56:14 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy\Recovery\Vcodec2.zip is Not Scanned
Sat Mar 25 10:56:14 2006 => C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy\Recovery\Vcodec2.zip not Scanned. Possibly password protected...
Sat Mar 25 10:56:14 2006 => Scanning File C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy\Recovery\Vcodec3.zip
Sat Mar 25 10:56:14 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy\Recovery\Vcodec3.zip is Not Scanned
S
at Mar 25 10:56:14 2006 => C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy\Recovery\Vcodec3.zip not Scanned. Possibly password protected...
Sat Mar 25 11:23:10 2006 => File C:\Program Files\ESET\infected\0DSBN0DA.NQF tagged as "not-a-virus:AdWare.Win32.SaveNow.bo". Action Taken: No Action Taken.Sat Mar 25 11:23:11 2006 => File C:\Program Files\ESET\infected\4DZAN3CA.NQF tagged as "not-a-virus:AdWare.Win32.Gator.3124". Action Taken: No Action Taken.Sat Mar 25 11:23:11 2006 => File C:\Program Files\ESET\infected\5B0BNVCA.NQF tagged as "not-a-Sat Mar 25 11:23:12 2006 => File C:\Program Files\ESET\infected\D0YMUHDA.NQF tagged as "not-a-virus:Porn-Dialer.Win32.InstantAccess.q". Action Taken: No Action Taken.virus:AdWare.Win32.Gator.3124". Action Taken: No Sat Mar 25 11:23:18 2006 => File C:\Program Files\ESET\infected\FLIKMIBA.NQF tagged as "not-a-virus:AdWare.Win32.BetterInternet.ba". Action Taken: No Action Taken.Action Taken.
Sat Mar 25 11:23:19 2006 => File C:\Program Files\ESET\infected\HV4C4HBA.NQF infected by "Trojan-Downloader.Win32.Zlob.is" Virus! Action Taken: No Action Taken.
Sat Mar 25 11:23:23 2006 => File C:\Program Files\ESET\infected\JBSSV0DA.NQF tagged as "not-a-virus:AdWare.Win32.Altnet.d". Action Taken: No Action Taken.
Sat Mar 25 11:23:23 2006 => File C:\Program Files\ESET\infected\KBT3PACA.NQF tagged as "not-a-virus:Porn-Dialer.Win32.FreeFoto". Action Taken: No Action Taken.
Sat Mar 25 11:23:23 2006 => File C:\Program Files\ESET\infected\MVAZ11AA.NQF infected by "Trojan-Downloader.Win32.Small.ayl" Virus! Action Taken: No Action Taken.
Sat Mar 25 11:23:27 2006 => File C:\Program Files\ESET\infected\NT1S4PDA.NQF tagged as "not-a-virus:AdWare.Win32.Altnet.a". Action Taken: No Action Taken.
Sat Mar 25 11:23:27 2006 => File C:\Program Files\ESET\infected\PNCNIGDA.NQF tagged as "not-a-virus:AdWare.Win32.SaveNow.bo". Action Taken: No Action Taken.
Sat Mar 25 11:23:31 2006 => File C:\Program Files\ESET\infected\SWUVYVDA.NQF tagged as "not-a-virus:AdWare.Win32.Altnet.b". Action Taken: No Action Taken.
Sat Mar 25 11:23:31 2006 => File C:\Program Files\ESET\infected\T05VHGCA.NQF infected by "Trojan-Downloader.Win32.Small.ayl" Virus! Action Taken: No Action Taken.
Sat Mar 25 11:23:31 2006 => File C:\Program Files\ESET\infected\VFFUCFCA.NQF infected by "Trojan-Downloader.Win32.Small.ayl" Virus! Action Taken: No Action Taken.
Sat Mar 25 12:35:36 2006 => File C:\WINDOWS\system32\ld7FB9.tmp infected by "Trojan-Downloader.Win32.Zlob.ia" Virus! Action Taken: No Action Taken.
Sat Mar 25 12:38:25 2006 => ***** Checking for specific ITW Viruses *****
Sat Mar 25 12:38:26 2006 => Checking for Welchia Virus...
Sat Mar 25 12:38:26 2006 => Checking for LovGate Virus...
Sat Mar 25 12:38:26 2006 => Checking for CodeRed Virus...
Sat Mar 25 12:38:26 2006 => Checking for OpaServ Virus...
Sat Mar 25 12:38:26 2006 => Checking for Sobig.e Virus...
Sat Mar 25 12:38:26 2006 => Checking for Winupie Virus...
Sat Mar 25 12:38:26 2006 => Checking for Swen Virus...
Sat Mar 25 12:38:26 2006 => Checking for JS.Fortnight Virus...
Sat Mar 25 12:38:26 2006 => Checking for Novarg Virus...
Sat Mar 25 12:38:26 2006 => Checking for Pagabot Virus...
Sat Mar 25 12:38:26 2006 => Checking for Parite.b Virus...
Sat Mar 25 12:38:26 2006 => Checking for Parite.a Virus...
Sat Mar 25 12:38:26 2006 => Checking for Adware.SeekSeek Virus...
Sat Mar 25 12:38:26 2006 => ***** Scanning complete. *****
Sat Mar 25 12:38:26 2006 => Total Objects Scanned: 59949
Sat Mar 25 12:38:26 2006 => Total Critical Objects: 44
Sat Mar 25 12:38:26 2006 => Total Disinfected Objects: 0
Sat Mar 25 12:38:26 2006 => Total Objects Renamed: 0
Sat Mar 25 12:38:26 2006 => Total Deleted Objects: 0
Sat Mar 25 12:38:26 2006 => Total Errors: 16
Sat Mar 25 12:38:26 2006 => Time Elapsed: 01:48:48
Sat Mar 25 12:38:26 2006 => Virus Database Date: 3/24/2006
Sat Mar 25 12:38:26 2006 => Virus Database Count: 183808
Sat Mar 25 12:38:26 2006 => Scan Completed.
Asi jsou tam i věci navíc ale nevím jaké, takže se nezlob že je toho tolik.
- mijaja
- Tvůrce článků
-
Level 6.5
- Příspěvky: 4136
- Registrován: září 05
- Bydliště: Zlín
- Pohlaví:
- Stav:
Offline
- Kontakt:
Tak doufám, že je to celý výpis těch dacanů, co máš v kompu. Tak v první řadě vyprázdni (vymaž) karanténu v NODu a ve Spybotu. Velká část z tohoto logu patří jim. Dále:
na Jottiscanu zkus otestovat soubor GMSIPCI.SYS - nevím jestli ho najdeš - zdá se být poškozený. Dej zobrazení skrytých a systémových souborů a zkus to přes Hledat...
Máš nainstalován Ares Galaxy na p2p? - je zaneřáděný > Object "ares Spyware/Adware"
To samé Kazaa - nevím jestli existují nějaké jiné solidnější programy, které by fungovaly stejně jako tyhle dva, ale pokud tam budeš mít tyto, tak ti budou stále tahat šmejdy do kompu. Ideální řešení = likvidace obou!
C:\WINDOWS\system32\ld7FB9.tmp
C:\WINDOWS\system32\dfrgsrv.exe
C:\WINDOWS\system32\ncompat.tlb
C:\WINDOWS\system32\nvctrl.exe
C:\WINDOWS\system32\ginuerep.dll
C:\WINDOWS\system32\ot.ico
C:\WINDOWS\system32\uninstall.exe - tady pozor - v tomto umístění je to šmejd! V jiných složkách u jiných programů bývá legitimní. Tady se nesmíš splést v lokalizaci.
Ty červeně vyznačené soubory najdi na disku a smaž - použij i funkci Hledat ... Pokud by ti některý nešel smazat, nebo jej nenajdeš, dej vědět, vymyslíme další postup.
na Jottiscanu zkus otestovat soubor GMSIPCI.SYS - nevím jestli ho najdeš - zdá se být poškozený. Dej zobrazení skrytých a systémových souborů a zkus to přes Hledat...
Máš nainstalován Ares Galaxy na p2p? - je zaneřáděný > Object "ares Spyware/Adware"
To samé Kazaa - nevím jestli existují nějaké jiné solidnější programy, které by fungovaly stejně jako tyhle dva, ale pokud tam budeš mít tyto, tak ti budou stále tahat šmejdy do kompu. Ideální řešení = likvidace obou!
C:\WINDOWS\system32\ld7FB9.tmp
C:\WINDOWS\system32\dfrgsrv.exe
C:\WINDOWS\system32\ncompat.tlb
C:\WINDOWS\system32\nvctrl.exe
C:\WINDOWS\system32\ginuerep.dll
C:\WINDOWS\system32\ot.ico
C:\WINDOWS\system32\uninstall.exe - tady pozor - v tomto umístění je to šmejd! V jiných složkách u jiných programů bývá legitimní. Tady se nesmíš splést v lokalizaci.
Ty červeně vyznačené soubory najdi na disku a smaž - použij i funkci Hledat ... Pokud by ti některý nešel smazat, nebo jej nenajdeš, dej vědět, vymyslíme další postup.
VIRUS ALERT !
Karantény jsem vyprázdnil. GMSIPCI.SYS jsem nenašel. Nepovedlo se mi odstranit :
ld7FB9.tmp
dfrgsrv.exe
ginuerep.dll
Nechce se mi dávat pryč ten ARES. Je možný ho nějak pravidelně čistit, vždy po stahování ?
ld7FB9.tmp
dfrgsrv.exe
ginuerep.dll
Nechce se mi dávat pryč ten ARES. Je možný ho nějak pravidelně čistit, vždy po stahování ?
- mijaja
- Tvůrce článků
-
Level 6.5
- Příspěvky: 4136
- Registrován: září 05
- Bydliště: Zlín
- Pohlaví:
- Stav:
Offline
- Kontakt:
On ten binec je už nějak v něm, takže čištění = odmazání napadených souborů - Musel bys vyzkoušet, který z nich je ten špatný - to může být jen jeden z jeho souborů a snad by se někde u někoho našel čistý(?)
Na ty soubory, které jsi nenašel si stáhni Killbox a spusť jej - do řádku vlož tyto 3 cesty(zkopíruj je tak jak jsou napsány):
C:\WINDOWS\system32\ld7FB9.tmp
C:\WINDOWS\system32\dfrgsrv.exe
C:\WINDOWS\system32\ginuerep.dll
stiskni Delete on reboot + unregister dll before deleting
stiskni kruh s křížem.
Na ty soubory, které jsi nenašel si stáhni Killbox a spusť jej - do řádku vlož tyto 3 cesty(zkopíruj je tak jak jsou napsány):
C:\WINDOWS\system32\ld7FB9.tmp
C:\WINDOWS\system32\dfrgsrv.exe
C:\WINDOWS\system32\ginuerep.dll
stiskni Delete on reboot + unregister dll before deleting
stiskni kruh s křížem.
Zpět na “Viry, antiviry, firewally…”
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 1 host