Velmi prosim help

hawo · Napísal **hawo**: 07.12.2007 22:05

caute mam zavireny comp a neviem si s tym rady ani adware ani spybot nepomaha stale mi vyskakuju vseliake reklamne stranky na nejake spyware programi atd tu je log z hijackthis :

Logfile of HijackThis v1.99.1
Scan saved at 10:02:18 PM, on 12/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\WINDOWS\system32\CTsvcCDA.exe
D:\WINDOWS\system32\agxspwnr.exe
D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\MsPMSPSv.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
D:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
D:\WINDOWS\system32\CTHELPER.EXE
D:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
D:\Program Files\RivaTuner v2.06\RivaTuner.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
D:\Program Files\QIP\qip.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Opera\Opera.exe
D:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Program Files\HijackThis\HijackThis.exe
D:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemonsearch.com/sk/
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - D:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - D:\WINDOWS\system32\vnwnmosk.dll
O4 - HKLM\..\Run: [NVMixerTray] "D:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [CTSysVol] D:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] D:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [SBDrvDet] D:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] D:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "D:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "D:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "D:\Program Files\RivaTuner v2.06\RivaTuner.exe" /S
O4 - HKLM\..\Run: [RivaTuner] "D:\Program Files\RivaTuner v2.06\RivaTuner.exe" /T
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O8 - Extra context menu item: &Download All with FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://D:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://D:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://D:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://D:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{2D316933-7461-417E-AA53-2A3954928055}: NameServer = 10.5.9.1,10.0.0.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{4CBF2A84-F286-43C8-B627-A1C4E891FCE4}: NameServer = 10.5.9.1,10.0.0.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{2D316933-7461-417E-AA53-2A3954928055}: NameServer = 10.5.9.1,10.0.0.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{2D316933-7461-417E-AA53-2A3954928055}: NameServer = 10.5.9.1,10.0.0.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: E404Helper - {1a015275-500e-4c8f-b244-d6e494796af8} - e404d.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DomainService - - D:\WINDOWS\system32\agxspwnr.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe

Horalka · Napísal **Horalka**: 08.12.2007 10:09

Ja som v tomto laik, zatiaľ ti poradím, že fixni
O21 - SSODL: E404Helper - {1a015275-500e-4c8f-b244-d6e494796af8} - e404d.dll (file missing)

D:\WINDOWS\system32\agxspwnr.exe - Tento proces som nenašiel cez Google.. Nepozdáva sa mi... Zatiaľ nič nerob dokým nepríde niekto iný (Roberbo)...

Tomas1 · Napísal **Tomas1**: 08.12.2007 19:12

Aky použivaš antivirus?

Prečo maš domovsku stranku http://www.daemonsearch.com/sk/
To si nastavil ty alebo ten vir/spyware?

Dalej toto poznaš?

O17 - HKLM\System\CCS\Services\Tcpip\..\{2D316933-7461-417E-AA53-2A3954928055}: NameServer = 10.5.9.1,10.0.0.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{4CBF2A84-F286-43C8-B627-A1C4E891FCE4}: NameServer = 10.5.9.1,10.0.0.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{2D316933-7461-417E-AA53-2A3954928055}: NameServer = 10.5.9.1,10.0.0.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{2D316933-7461-417E-AA53-2A3954928055}: NameServer = 10.5.9.1,10.0.0.2

hawo · Napísal autor témy **hawo**: 08.12.2007 21:24

No tu stranku nastavil program sam to mi tak zas nevadi a je to len v IE ja pouzivam operu a to ostatne nepoznam mam to fixnut ? a pouzivam nod 32

Tomas1 · Napísal **Tomas1**: 08.12.2007 21:36

hawo píše:

No tu stranku nastavil program sam to mi tak zas nevadi a je to len v IE ja pouzivam operu a to ostatne nepoznam mam to fixnut ? a pouzivam nod 32

Zatial nefixuj nic...ked pustiš NOD32 na prechádzku tak najde niečo??

Otestuj na www.virustotal.com tieto subory:

D:\WINDOWS\system32\agxspwnr.exe
D:\WINDOWS\system32\CTsvcCDA.exe

A aky program ti nastavil tu domovsku stranku..? Len dufam že nie DAEMON4

Roberbo · Napísal **Roberbo**: 09.12.2007 1:14

Priznavam, ze moc nejdem do hlbky, lebo mam prave za sebou 540km z opacneho konca Slovenska a mi to uz akosik nemysli

,

Ak je to ozaj Malware, co sa javi ..skus najpr stiahnut http://siri.geekstogo.com/SmitfraudFix.exe

a pomocou F8 pri starte pc prejdi do nudzoveho rezimu a spusti tuto utilitu..
Na otazky zodpovedaj "Y" a potom posli novy log..(pozor na prehodene "Y" a "Z" klavesnice)

Novy log posli uz z aktualneho programu..ktory si najprv stiahni z http://www.trendsecure.com/portal/en-US ... ckthis.php

Velmi prosim help

Podobné témy