| | |
| Stránka: 1 z 1
| [ Príspevkov: 11 ] | |
Autor | Správa |
---|
Registrovaný: 21.07.07 Prihlásený: 16.05.10 Príspevky: 30 Témy: 10 |
asi mam nejaky spyware alebo co, lebo ked beham po nete v IE kliknem na nejaky odkaz a ono ma to hodi celkom na inu stranku, napr: , antivirus mi nic nenasiel ani antispyware...dost ma to stve tak prosim poradte co s tym robit, robi to len v IE...
|
|
Registrovaný: 07.04.07 Prihlásený: 24.02.21 Príspevky: 4438 Témy: 85 Bydlisko: Rožňava | Napísal Tomas1: 21.07.2007 17:36 | |
|
Skus preskenovať nejakym Antispywarom. Nemas naintalovane nejake toolbary?
Aky mas IE?
_________________ PC1: l CPU: AMD Phenom II X4 955BE C3 l MB: MSI 870A-G54 l RAM: 2x4GB A-DATA Gamers Series 1600 CL9 l VGA: SAPPHIRE R9 280X VAPOR-X l HDD: SAMSUNG F3 1TB l DVD-RW: LG H22N l PSU: CORSAIR VX450W l MONITOR: LG LCD W2284F-PF l OS: WINDOWS7 HOME PREMIUM l PC2: l CPU: AMD AthlonXP 2100+ 1733MHz (jadro Thoroughbred - B) socket A l MB: ASRock K7VT4A Pro l RAM: Apacer 1280MB 333MHz CL2.5 l VGA: ASUS Nvidia N7600GS SILENT l HDD: Seagate 120GB ATA l CD-RW/DVD: LG H12 l PSU: Trust 370W l MONITOR: LG FLATRON L1919S l OS: XP SP3 SK l NOTEBOOK: ASUS U36SG |
|
Registrovaný: 06.06.07 Prihlásený: 16.02.08 Príspevky: 131 Témy: 10 |
Máš tam vírus Wareout...
Návod na odstránenie:
Kód: http://www.viry.cz/forum/viewtopic.php?t=18759
Ked použiješ Fixwareout(z návodu)..hod mi log z >>HiJackThis<<
a posli mi log a docistime..
|
|
Registrovaný: 21.07.07 Prihlásený: 16.05.10 Príspevky: 30 Témy: 10 | Napísal autor témy Numberos: 21.07.2007 23:33 | |
|
hijackthis:
Kód: Logfile of HijackThis v1.99.1 Scan saved at 23:31:12, on 21.7.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\r_server.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Spyware Terminator\sp_rsser.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Ovislink\Common\TurboG-UI.exe C:\Program Files\MagicDisc\MagicDisc.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe O4 - Global Startup: AirLive Turbo-G Wireless Utility.lnk = C:\Program Files\Ovislink\Common\TurboG-UI.exe O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O11 - Options group: [INTERNATIONAL] International* O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe" /service (file missing) O23 - Service: FrontLine Drivers Auto Removal (v2) (sfrem02) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem02.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
fixwareout: Kód: Username "PC" - 2007-07-21 23:25:54 [Fixwareout edited 2007/07/05]
»»»»»Prerun check HKLM\SOFTWARE\~\Winlogon\ "System"="kdefi.exe"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters "nameserver"="85.255.116.109 85.255.112.103" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{17662A36-B50F-4887-924A-21A304AA3022} "nameserver"="85.255.116.109,85.255.112.103" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{3342DBB0-B668-4D39-8290-53B5552D899C} "nameserver"="85.255.116.109,85.255.112.103" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{4BC27D23-F192-4022-A863-32E3CD1EAF12} "nameserver"="85.255.116.109,85.255.112.103" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{CB516481-C86B-4178-AF00-7DF53CD69E47} "nameserver"="85.255.116.109,85.255.112.103" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{17662A36-B50F-4887-924A-21A304AA3022} "DhcpNameServer"="85.255.116.109,85.255.112.103" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{730A2DA4-15C3-437F-A716-D83A4CC7893D} "DhcpNameServer"="85.255.116.109,85.255.112.103" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{CB516481-C86B-4178-AF00-7DF53CD69E47} "DhcpNameServer"="85.255.116.109,85.255.112.103" <Value cleared.
Vyrovnávacia pamäť prekladania DNS sa úspešne vyprázdnila.
System was rebooted successfully. »»»»» Postrun check HKLM\SOFTWARE\~\Winlogon\ "system"="" .... .... »»»»» Misc files. .... »»»»» Checking for older varients. .... »»»»» Other C:\WINDOWS\Temp\kdefi.ren 65094 04.08.2004
»»»»» Current runs (hklm hkcu "run" Keys Only) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" "SkyTel"="SkyTel.EXE" "Alcmtr"="ALCMTR.EXE" "ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLIStart.exe\"" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\"" "SpywareTerminator"="\"C:\\Program Files\\Spyware Terminator\\SpywareTerminatorShield.exe\"" "nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033" "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\"" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater] .... Hosts file was reset, If you use a custom hosts file please replace it »»»»» End report »»»»»
|
|
Registrovaný: 28.01.07 Prihlásený: 02.12.07 Príspevky: 1703 Témy: 25 | Napísal Rbot: 22.07.2007 9:59 | |
|
Nenašiel som nič podozrivé.
+ Doinštaluj firewall.
|
|
Registrovaný: 06.06.07 Prihlásený: 16.02.08 Príspevky: 131 Témy: 10 |
Ani ja ... odporúčam ti firewall (Comodo alebo Kerio)...
...arobi ti to ešte?
|
|
Registrovaný: 28.01.07 Prihlásený: 02.12.07 Príspevky: 1703 Témy: 25 | |
Registrovaný: 21.07.07 Prihlásený: 16.05.10 Príspevky: 30 Témy: 10 | Napísal autor témy Numberos: 22.07.2007 20:19 | |
|
dik zatial sa to nezopakovalo, keby nahodou ta stranka zase vybehla dam vediet, este 2 otazky:
1.je dobre ak mam spyware terminator, nod32 a toho keira?
2.nezvysuje firewall ping?
|
|
Registrovaný: 22.06.07 Prihlásený: 26.08.09 Príspevky: 225 Témy: 11 | Napísal JohnyN: 22.07.2007 20:22 | |
|
Numberos píše: 1.je dobre ak mam spyware terminator, nod32 a toho keira?
2.nezvysuje firewall ping?
NOD32 a Kerio sa znasaju.. co sa tyka pingu, myslim, ze ho firewall nezvysuje, len mozno bude treba v nastaveniach vypnut blokovanie pingu, na niektorych pc som uz videl, ze si to kerio sam po instalacke zapol.
A este si vypni filtrovanie prenosu dat z netu, lebo ti to inak znacne spomali rychlost netu.
|
|
Registrovaný: 28.01.07 Prihlásený: 02.12.07 Príspevky: 1703 Témy: 25 | Napísal Rbot: 22.07.2007 20:39 | |
|
Numberos píše: dik zatial sa to nezopakovalo, keby nahodou ta stranka zase vybehla dam vediet
1.je dobre ak mam spyware terminator, nod32 a toho keira?
Áno, je to dobré. Máš jeden antivírus (zahŕňa aj detekciu spyware/adware/riskware), jeden firewall a jeden antispyware štít. Prípadne môžeš doplniť PC o nejaký nerezidentný antivírus (BitDefender) / antispyware (Super Antispyware), prípadne utilitu CureIT a podobne.
|
|
Registrovaný: 10.10.06 Prihlásený: 27.04.24 Príspevky: 4990 Témy: 171 Bydlisko: Trnava |
Numberos píše: nezvysuje firewall ping?
Ak mas na mysli ping v hrach, tak ho spomaluje o par percent rovnako ako rychlost netu, t.j. nacitavanie stranok, atd v zavislosti na vykone PC, ale je to len o par milisekund, resp sekund, ale na druhu stranu poskytuje ovela bezpecnost ako keby si bol bez firewallu a to za tych par percent stoji, rovnako ako pouzivanie AV a pod, ktore taktiez beru par percent vykonu PC, co je ale pozorovatelne hlavne u pomalsich PC, u novych ani nie.
_________________ CASE Lian Li PC-7NB with 3x Noctua NF-S12A FLX | PSU Seasonic M12II-520 80 Plus Bronze | MB MSI B450 TOMAHAWK | CPU AMD Ryzen 5 3600 with Noctua NH-U12S | RAM 4x8GB ADATA XPG GAMMIX D10 DDR4 3200MHz CL16 | GPU MSI Radeon RX 580 ARMOR 8G OC | DISK ADATA XPG GAMMIX S11 Pro SSD 512GB MOUSE Logitech M330 Silent Plus | KEYBOARD HP Wired Desktop 320K Keyboard | SOUNDCARD Creative Sound Blaster Z | HEADPHONES Sennheiser RS170 | MONITOR 24" AOC G2460VQ6 1920×1080@75Hz with FreeSync | INTERNET 400/40 Mbps | OS Home 11 & MS 365 Basic | EXTRA ImDisk Toolkit (Desktop/Caches) |
|
| Stránka: 1 z 1
| [ Príspevkov: 11 ] | |
| Nemôžete zakladať nové témy v tomto fóre Nemôžete odpovedať na témy v tomto fóre Nemôžete upravovať svoje príspevky v tomto fóre Nemôžete mazať svoje príspevky v tomto fóre
|
|