Prosím Vás o kontrolu logu z HJT. Hodně se mi zpomalilo načítání stránek na internetu, tak se prosím podívejte jestli tam není něco špatného a nemá to na to vliv. Nevím jestli to tak mábýt ale při spuštění IE se mi zdá, že mi něco stahuje data, protože odesílání dat je mnohem větší než dat přijímaných a přitom nic neodesílám. Je to tak tři dny se objem odesílaných dat o mnoho zvýšil. Děkuju
A tady je konečně ten HJT :
Logfile of HijackThis v1.99.1
Scan saved at 21:03:18, on 13.6.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\HIJACKTHIS\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.accoona.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
HJT
-
mijaja
- Tvůrce článků
-
Level 6.5
- Příspěvky: 4136
- Registrován: září 05
- Bydliště: Zlín
- Pohlaví:
- Stav:
Offline
- Kontakt:
V HJT logu fixni jen tohle:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.accoona.com
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
Možná to dělá ta accoona:
Asi bude lepší log z MWAVu.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.accoona.com
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
Možná to dělá ta accoona:
The Accoona toolbar is classified as adware or spyware by some malware removal programs. Some people feel they have been tricked into installing the toolbar without their knowledge or consent. Others install it knowingly without understanding what it is, and are confused by it.
Asi bude lepší log z MWAVu.
HJT
Spustil jsem MWAV a z toho logu jsem se snažil vytáhnout ty viry co mi to napsalo, když tak pošlu celý log ale z toho by jsi se asi zbláznil :
Tue Jun 13 22:42:11 2006 => System found infected with whenu.savenow Spyware/Adware ({c285d18d-43a2-4aef-83fb-bf280e660a97})! Action taken: No Action Taken.
Tue Jun 13 22:42:15 2006 => Offending Folder found: C:\Program Files\xolox
Tue Jun 13 22:42:15 2006 => Object "xolox Spyware/Adware" found in File System! Action Taken: No Action Taken.
Tue Jun 13 22:42:18 2006 => Offending Folder found: C:\Documents and Settings\PC\Nabídka Start\programy\xolox
Tue Jun 13 22:42:18 2006 => Object "xolox Spyware/Adware" found in File System! Action Taken: No Action Taken.
Tue Jun 13 22:42:18 2006 => Offending Folder found: C:\Documents and Settings\PC\Nabídka Start\Programy\xolox
Tue Jun 13 22:42:18 2006 => Object "xolox Spyware/Adware" found in File System! Action Taken: No Action Taken.
Tue Jun 13 22:42:54 2006 => File C:\WINDOWS\NDNuninstall6_98.exe tagged as "not-a-virus:AdWare.Win32.NewDotNet.e". Action Taken: No Action Taken.
Tue Jun 13 22:53:10 2006 => File C:\DOCUME~1\PC\LOCALS~1\TEMPOR~1\Content.IE5\4J3B2KT1\pluginst[1].htm infected by "Trojan-Downloader.HTML.Agent.ad" Virus! Action Taken: No Action Taken.
Tue Jun 13 22:49:18 2006 => Scanning File C:\DOCUME~1\PC\LOCALS~1\Temp\Spyware.sdb
Tue Jun 13 22:49:21 2006 => Scanning File C:\DOCUME~1\PC\LOCALS~1\Temp\virus.avi
Tue Jun 13 22:49:21 2006 => Scanning File C:\DOCUME~1\PC\LOCALS~1\Temp\virus004.avc
Tue Jun 13 22:49:21 2006 => Scanning File C:\DOCUME~1\PC\LOCALS~1\Temp\virus005.avc
Tue Jun 13 22:49:21 2006 => Scanning File C:\DOCUME~1\PC\LOCALS~1\Temp\virus006.avc
Tue Jun 13 22:49:21 2006 => Scanning File C:\DOCUME~1\PC\LOCALS~1\Temp\virus007.avc
Tue Jun 13 22:49:21 2006 => Scanning File C:\DOCUME~1\PC\LOCALS~1\Temp\virus008.avc
Tue Jun 13 22:49:22 2006 => Scanning File C:\DOCUME~1\PC\LOCALS~1\Temp\virus009.avc
Tue Jun 13 22:49:22 2006 => Scanning File C:\DOCUME~1\PC\LOCALS~1\Temp\virus010.avc
Tue Jun 13 22:49:22 2006 => Scanning File C:\DOCUME~1\PC\LOCALS~1\Temp\virus011.avc
Tue Jun 13 22:49:22 2006 => Scanning File C:\DOCUME~1\PC\LOCALS~1\Temp\virus012.avc
Tue Jun 13 22:49:22 2006 => Scanning File C:\DOCUME~1\PC\LOCALS~1\Temp\virus013.avc
Tue Jun 13 22:49:22 2006 => Scanning File C:\DOCUME~1\PC\LOCALS~1\Temp\virus014.avc
Tue Jun 13 22:49:22 2006 => Scanning File C:\DOCUME~1\PC\LOCALS~1\Temp\virus015.avc
Tue Jun 13 22:49:22 2006 => Scanning File C:\DOCUME~1\PC\LOCALS~1\Temp\virus016.avc
Tue Jun 13 22:49:22 2006 => Scanning File C:\DOCUME~1\PC\LOCALS~1\Temp\virus017.avc
Tue Jun 13 22:49:22 2006 => Scanning File C:\DOCUME~1\PC\LOCALS~1\Temp\virus018.avc
Tue Jun 13 22:49:22 2006 => Scanning File C:\DOCUME~1\PC\LOCALS~1\Temp\virus019.avc
Tue Jun 13 22:49:22 2006 => Scanning File C:\DOCUME~1\PC\LOCALS~1\Temp\virus020.avc
Tue Jun 13 23:04:54 2006 => ***** Checking for specific ITW Viruses *****
Tue Jun 13 23:04:54 2006 => Checking for Welchia Virus...
Tue Jun 13 23:04:54 2006 => Checking for LovGate Virus...
Tue Jun 13 23:04:54 2006 => Checking for CodeRed Virus...
Tue Jun 13 23:04:54 2006 => Checking for OpaServ Virus...
Tue Jun 13 23:04:54 2006 => Checking for Sobig.e Virus...
Tue Jun 13 23:04:54 2006 => Checking for Winupie Virus...
Tue Jun 13 23:04:54 2006 => Checking for Swen Virus...
Tue Jun 13 23:04:54 2006 => Checking for JS.Fortnight Virus...
Tue Jun 13 23:04:54 2006 => Checking for Novarg Virus...
Tue Jun 13 23:04:54 2006 => Checking for Pagabot Virus...
Tue Jun 13 23:04:54 2006 => Checking for Parite.b Virus...
Tue Jun 13 23:04:54 2006 => Checking for Parite.a Virus...
Tue Jun 13 23:04:54 2006 => Checking for Adware.SeekSeek Virus...
Tue Jun 13 23:04:54 2006 => ***** Scanning complete. *****
Tue Jun 13 23:04:54 2006 => Total Objects Scanned: 34262
Tue Jun 13 23:04:54 2006 => Total Critical Objects: 6
Tue Jun 13 23:04:54 2006 => Total Disinfected Objects: 0
Tue Jun 13 23:04:54 2006 => Total Objects Renamed: 0
Tue Jun 13 23:04:54 2006 => Total Deleted Objects: 0
Tue Jun 13 23:04:54 2006 => Total Errors: 13
Tue Jun 13 23:04:54 2006 => Time Elapsed: 00:23:33
Tue Jun 13 23:04:54 2006 => Virus Database Date: 5/12/2006
Tue Jun 13 23:04:54 2006 => Virus Database Count: 193177
Tue Jun 13 23:04:54 2006 => Scan Completed.
Tue Jun 13 22:42:11 2006 => System found infected with whenu.savenow Spyware/Adware ({c285d18d-43a2-4aef-83fb-bf280e660a97})! Action taken: No Action Taken.
Tue Jun 13 22:42:15 2006 => Offending Folder found: C:\Program Files\xolox
Tue Jun 13 22:42:15 2006 => Object "xolox Spyware/Adware" found in File System! Action Taken: No Action Taken.
Tue Jun 13 22:42:18 2006 => Offending Folder found: C:\Documents and Settings\PC\Nabídka Start\programy\xolox
Tue Jun 13 22:42:18 2006 => Object "xolox Spyware/Adware" found in File System! Action Taken: No Action Taken.
Tue Jun 13 22:42:18 2006 => Offending Folder found: C:\Documents and Settings\PC\Nabídka Start\Programy\xolox
Tue Jun 13 22:42:18 2006 => Object "xolox Spyware/Adware" found in File System! Action Taken: No Action Taken.
Tue Jun 13 22:42:54 2006 => File C:\WINDOWS\NDNuninstall6_98.exe tagged as "not-a-virus:AdWare.Win32.NewDotNet.e". Action Taken: No Action Taken.
Tue Jun 13 22:53:10 2006 => File C:\DOCUME~1\PC\LOCALS~1\TEMPOR~1\Content.IE5\4J3B2KT1\pluginst[1].htm infected by "Trojan-Downloader.HTML.Agent.ad" Virus! Action Taken: No Action Taken.
Tue Jun 13 22:49:18 2006 => Scanning File C:\DOCUME~1\PC\LOCALS~1\Temp\Spyware.sdb
Tue Jun 13 22:49:21 2006 => Scanning File C:\DOCUME~1\PC\LOCALS~1\Temp\virus.avi
Tue Jun 13 22:49:21 2006 => Scanning File C:\DOCUME~1\PC\LOCALS~1\Temp\virus004.avc
Tue Jun 13 22:49:21 2006 => Scanning File C:\DOCUME~1\PC\LOCALS~1\Temp\virus005.avc
Tue Jun 13 22:49:21 2006 => Scanning File C:\DOCUME~1\PC\LOCALS~1\Temp\virus006.avc
Tue Jun 13 22:49:21 2006 => Scanning File C:\DOCUME~1\PC\LOCALS~1\Temp\virus007.avc
Tue Jun 13 22:49:21 2006 => Scanning File C:\DOCUME~1\PC\LOCALS~1\Temp\virus008.avc
Tue Jun 13 22:49:22 2006 => Scanning File C:\DOCUME~1\PC\LOCALS~1\Temp\virus009.avc
Tue Jun 13 22:49:22 2006 => Scanning File C:\DOCUME~1\PC\LOCALS~1\Temp\virus010.avc
Tue Jun 13 22:49:22 2006 => Scanning File C:\DOCUME~1\PC\LOCALS~1\Temp\virus011.avc
Tue Jun 13 22:49:22 2006 => Scanning File C:\DOCUME~1\PC\LOCALS~1\Temp\virus012.avc
Tue Jun 13 22:49:22 2006 => Scanning File C:\DOCUME~1\PC\LOCALS~1\Temp\virus013.avc
Tue Jun 13 22:49:22 2006 => Scanning File C:\DOCUME~1\PC\LOCALS~1\Temp\virus014.avc
Tue Jun 13 22:49:22 2006 => Scanning File C:\DOCUME~1\PC\LOCALS~1\Temp\virus015.avc
Tue Jun 13 22:49:22 2006 => Scanning File C:\DOCUME~1\PC\LOCALS~1\Temp\virus016.avc
Tue Jun 13 22:49:22 2006 => Scanning File C:\DOCUME~1\PC\LOCALS~1\Temp\virus017.avc
Tue Jun 13 22:49:22 2006 => Scanning File C:\DOCUME~1\PC\LOCALS~1\Temp\virus018.avc
Tue Jun 13 22:49:22 2006 => Scanning File C:\DOCUME~1\PC\LOCALS~1\Temp\virus019.avc
Tue Jun 13 22:49:22 2006 => Scanning File C:\DOCUME~1\PC\LOCALS~1\Temp\virus020.avc
Tue Jun 13 23:04:54 2006 => ***** Checking for specific ITW Viruses *****
Tue Jun 13 23:04:54 2006 => Checking for Welchia Virus...
Tue Jun 13 23:04:54 2006 => Checking for LovGate Virus...
Tue Jun 13 23:04:54 2006 => Checking for CodeRed Virus...
Tue Jun 13 23:04:54 2006 => Checking for OpaServ Virus...
Tue Jun 13 23:04:54 2006 => Checking for Sobig.e Virus...
Tue Jun 13 23:04:54 2006 => Checking for Winupie Virus...
Tue Jun 13 23:04:54 2006 => Checking for Swen Virus...
Tue Jun 13 23:04:54 2006 => Checking for JS.Fortnight Virus...
Tue Jun 13 23:04:54 2006 => Checking for Novarg Virus...
Tue Jun 13 23:04:54 2006 => Checking for Pagabot Virus...
Tue Jun 13 23:04:54 2006 => Checking for Parite.b Virus...
Tue Jun 13 23:04:54 2006 => Checking for Parite.a Virus...
Tue Jun 13 23:04:54 2006 => Checking for Adware.SeekSeek Virus...
Tue Jun 13 23:04:54 2006 => ***** Scanning complete. *****
Tue Jun 13 23:04:54 2006 => Total Objects Scanned: 34262
Tue Jun 13 23:04:54 2006 => Total Critical Objects: 6
Tue Jun 13 23:04:54 2006 => Total Disinfected Objects: 0
Tue Jun 13 23:04:54 2006 => Total Objects Renamed: 0
Tue Jun 13 23:04:54 2006 => Total Deleted Objects: 0
Tue Jun 13 23:04:54 2006 => Total Errors: 13
Tue Jun 13 23:04:54 2006 => Time Elapsed: 00:23:33
Tue Jun 13 23:04:54 2006 => Virus Database Date: 5/12/2006
Tue Jun 13 23:04:54 2006 => Virus Database Count: 193177
Tue Jun 13 23:04:54 2006 => Scan Completed.
Proč to neudělat jednoduše, když to jde složitě ....
-
mijaja
- Tvůrce článků
-
Level 6.5
- Příspěvky: 4136
- Registrován: září 05
- Bydliště: Zlín
- Pohlaví:
- Stav:
Offline
- Kontakt:
Tohle stačí. V tabulce výsledků máš 6 kritických objektů a ty tady máš, takže musíš zlikvidovat:
C:\Program Files\xolox - Nevím odkud ho máš, ale tento zlikviduj a zkus stáhnout tento - měl by být bez šmejdů.
C:\Documents and Settings\PC\Nabídka Start\programy\xolox
C:\WINDOWS\NDNuninstall6_98.exe
C:\DOCUME~1\PC\LOCALS~1\TEMPOR~1\Content.IE5\4J3B2KT1\pluginst[1].htm - složku Temporary Internet files vyprázdni celou!
C:\DOCUME~1\PC\LOCALS~1\Temp\Spyware.sdb - Složku Temp vyprázdni také celou!
Ten zbytek jsou soubory mwavu - to nejsou vlastní viry, ale jestli už se mwavem skončils, tak při vyprázdnění Tempu mohou taky do nenávratna.
Potom vysyp i koš. Projeď komp CCleanerem - odkaz a návod mám v podpisu.
C:\Program Files\xolox - Nevím odkud ho máš, ale tento zlikviduj a zkus stáhnout tento - měl by být bez šmejdů.
C:\Documents and Settings\PC\Nabídka Start\programy\xolox
C:\WINDOWS\NDNuninstall6_98.exe
C:\DOCUME~1\PC\LOCALS~1\TEMPOR~1\Content.IE5\4J3B2KT1\pluginst[1].htm - složku Temporary Internet files vyprázdni celou!
C:\DOCUME~1\PC\LOCALS~1\Temp\Spyware.sdb - Složku Temp vyprázdni také celou!
Ten zbytek jsou soubory mwavu - to nejsou vlastní viry, ale jestli už se mwavem skončils, tak při vyprázdnění Tempu mohou taky do nenávratna.
Potom vysyp i koš. Projeď komp CCleanerem - odkaz a návod mám v podpisu.
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 16 hostů