stále pc něco stahuje a zaplnuje se disk (vyřešeno)
stále pc něco stahuje a zaplnuje se disk (vyřešeno)
prosím pomoc!
-
Guivan5
- Level 2.5
- Příspěvky: 251
- Registrován: září 06
- Bydliště: Praha 8
- Pohlaví:
- Stav:
Offline
- Kontakt:
hoď sem log z hijackthis (v podpisu)
HDD 250 GB, ATI Radeon X1550 512 MB, 1024 MB RAM, Intel Pentium D820 2,8Ghz...
Windows XP Media Center Edition SP2, Spyware Terminator, NOD32 2.7, Zone Alarm
HiJackThis, CCleaner, MWAV,Jottiscan, KillBox, VirusTotall
TweakUI
Windows XP Media Center Edition SP2, Spyware Terminator, NOD32 2.7, Zone Alarm
HiJackThis, CCleaner, MWAV,Jottiscan, KillBox, VirusTotall
TweakUI
Logfile of HijackThis v1.99.1
Scan saved at 17:38:32, on 21.10.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\WINDOWS\system32\svchost.exe
C:\DOCUME~1\Michal\LOCALS~1\Temp\mexe.com
C:\DOCUME~1\Michal\LOCALS~1\Temp\kavss.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Spy Sweeper Fix.lnk = C:\Program Files\Webroot\Spy Sweeper\SpySweeperFix.bat
O4 - Global Startup: Hlavní panel ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 1373061968
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
tohle našel mwaw
Sat Oct 21 17:22:27 2006 => Scanning HKLM\SYSTEM\CurrentControlSet\Services\VxD
Sat Oct 21 17:22:27 2006 => ***** Scanning Registry and File system for Adware/Spyware *****
Sat Oct 21 17:22:27 2006 => Loading Spyware Signatures from new External Database (Size: 172588).
Sat Oct 21 17:22:28 2006 => Indexed Spyware Databases Successfully Created...
Sat Oct 21 17:22:30 2006 => Offending Key found: HKLM\Software\microsoft\downloadmanager !!!
Sat Oct 21 17:23:20 2006 => Object "istbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Sat Oct 21 17:23:20 2006 => Offending Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gator.com !!!
Sat Oct 21 17:23:20 2006 => Object "gain.gator Spyware/Adware" found in File System! Action Taken: No Action Taken.
Sat Oct 21 17:23:20 2006 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\p3p\history\gator.com !!!
Sat Oct 21 17:23:20 2006 => Object "gain.gator Spyware/Adware" found in File System! Action Taken: No Action Taken.
Sat Oct 21 17:23:20 2006 => Offending Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\p3p\history\gator.com !!!
Sat Oct 21 17:23:20 2006 => Object "gain.gator Spyware/Adware" found in File System! Action Taken: No Action Taken.
Sat Oct 21 17:23:31 2006 => Checking CLSID Reference Entries...
Sat Oct 21 17:23:32 2006 => Entry "HKCR\Microsoft.ActiveXPlugin" refers to invalid object "{06DD38D3-D187-11CF-A80D-00C04FD74AD8}". Action Taken: No Action Taken.
Sat Oct 21 17:23:32 2006 => Entry "HKCR\Microsoft.ActiveXPlugin.1" refers to invalid object "{06DD38D3-D187-11CF-A80D-00C04FD74AD8}". Action Taken: No Action Taken.
Scan saved at 17:38:32, on 21.10.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\WINDOWS\system32\svchost.exe
C:\DOCUME~1\Michal\LOCALS~1\Temp\mexe.com
C:\DOCUME~1\Michal\LOCALS~1\Temp\kavss.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Spy Sweeper Fix.lnk = C:\Program Files\Webroot\Spy Sweeper\SpySweeperFix.bat
O4 - Global Startup: Hlavní panel ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 1373061968
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
tohle našel mwaw
Sat Oct 21 17:22:27 2006 => Scanning HKLM\SYSTEM\CurrentControlSet\Services\VxD
Sat Oct 21 17:22:27 2006 => ***** Scanning Registry and File system for Adware/Spyware *****
Sat Oct 21 17:22:27 2006 => Loading Spyware Signatures from new External Database (Size: 172588).
Sat Oct 21 17:22:28 2006 => Indexed Spyware Databases Successfully Created...
Sat Oct 21 17:22:30 2006 => Offending Key found: HKLM\Software\microsoft\downloadmanager !!!
Sat Oct 21 17:23:20 2006 => Object "istbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Sat Oct 21 17:23:20 2006 => Offending Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gator.com !!!
Sat Oct 21 17:23:20 2006 => Object "gain.gator Spyware/Adware" found in File System! Action Taken: No Action Taken.
Sat Oct 21 17:23:20 2006 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\p3p\history\gator.com !!!
Sat Oct 21 17:23:20 2006 => Object "gain.gator Spyware/Adware" found in File System! Action Taken: No Action Taken.
Sat Oct 21 17:23:20 2006 => Offending Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\p3p\history\gator.com !!!
Sat Oct 21 17:23:20 2006 => Object "gain.gator Spyware/Adware" found in File System! Action Taken: No Action Taken.
Sat Oct 21 17:23:31 2006 => Checking CLSID Reference Entries...
Sat Oct 21 17:23:32 2006 => Entry "HKCR\Microsoft.ActiveXPlugin" refers to invalid object "{06DD38D3-D187-11CF-A80D-00C04FD74AD8}". Action Taken: No Action Taken.
Sat Oct 21 17:23:32 2006 => Entry "HKCR\Microsoft.ActiveXPlugin.1" refers to invalid object "{06DD38D3-D187-11CF-A80D-00C04FD74AD8}". Action Taken: No Action Taken.
-
mijaja
- Tvůrce článků
-
Level 6.5
- Příspěvky: 4136
- Registrován: září 05
- Bydliště: Zlín
- Pohlaví:
- Stav:
Offline
- Kontakt:
V Hijackthis logu nemáš nic, a žádný běžící proces by ti neměl nic do kompu stahovat. v Mwavu máš jen pár pozůstatků po šmejdech:
HKLM\Software\microsoft\downloadmanager
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gator.com
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\p3p\history\gator.com
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\p3p\history\gator.com
Ty červené najdi a vymaž. Vyzkoušej RootkitRevealer(link Důležité...)
Co ti píše Kerio?
HKLM\Software\microsoft\downloadmanager
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gator.com
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\p3p\history\gator.com
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\p3p\history\gator.com
Ty červené najdi a vymaž. Vyzkoušej RootkitRevealer(link Důležité...)
Co ti píše Kerio?
Zpět na “Viry, antiviry, firewally…”
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 27 hostů