Obsah fóra » Software » Antivíry, bezpečnosť a sieť » Antivíry a antispywary » Avira...





 Stránka: 1 z 2
 [ Príspevkov: 47 ] 1, 2
AutorSpráva
Offline booom

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 14.01.09
Prihlásený: 12.07.21
Príspevky: 282
Témy: 34 | 34
Bydlisko: Košice
NapísalOffline booom: 21.12.2009 20:33 | Avira...

Zdravím, dnes som odstránil zo systému Avast! 4.8 Home Edition a nahradil som ho Avirou. Pri spustení sprácu úloh systému mi ukazuje 50%-né vyťaženie CPUčka a teplota mi stúpla až na 48°C. A to mám len zapnutý komp a nič spustené nie je ??????
Predtým s Avastom som mal len pár % pri CPU a teplotu okolo35°C.
PC som preskenoval po upgradnutí Aviry, nič mi nenašlo.
Čím to môže byť, že mi narástlo zaťaženie CPU a stúpla teplota.
Vďaka za každý postreh a radu :)


Offline pitimir

Skúsený užívateľ
Skúsený užívateľ
Obrázok užívateľa

Registrovaný: 15.08.09
Prihlásený: 05.02.10
Príspevky: 355
Témy: 0 | 0
NapísalOffline pitimir: 21.12.2009 20:43 | Avira...

Milion dovodov, od SW nezhod medzi jednotlivymi programami, cez docasne zvysenie zataze kvoli updatom atd. az po to, ze ti ten AV proste nesadol - stava sa ;)


Offline booom

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 14.01.09
Prihlásený: 12.07.21
Príspevky: 282
Témy: 34 | 34
Bydlisko: Košice
Napísal autor témyOffline booom: 21.12.2009 21:02 | Avira...

Ja som vymenil len Antivirak a to bolo všetko. PC je v idle, nemám nič spustené a takéto teploty a zaťaženie sa mi nezdá. Asi to bude tak, že Avira nesadla môjmu PC asi si zvykol na Avast :D


Offline brmbo

Čestný člen
Čestný člen
Avira...

Registrovaný: 08.01.09
Príspevky: 27825
Témy: 149 | 149
Bydlisko: Sládkovičovo
NapísalOffline brmbo: 21.12.2009 21:08 | Avira...

skus precistit registre - ccleaner + free registry cleaner a skus potom na novo


_________________
book: HP Probook 470 G0, cpu: i5-3230M, gpu: intel HD 4000 + amd HD 8750m, ram: 8GB ddr3, ssd samsung 850 evo 250GB + ssd crucial m4 128GB, os: Win 10 Pro 64bit
Fén: Samsung Galaxy S8 black 64GB
Car: Ford S-Max 1.8 TDCi @ 160 PS
poradenstvo cez SS neposkytujem, lebo uz ma ubijate s tolkymi SS, nechajte to na forum, dakujem za pochopenie
Offline shiro

Užívateľ
Užívateľ
Avira...

Registrovaný: 12.10.06
Prihlásený: 15.11.24
Príspevky: 20519
Témy: 79 | 79
Bydlisko: Banska Byst...
NapísalOffline shiro: 21.12.2009 23:45 | Avira...

mna by zaujimalo ze skade dosiel na to ze ten CPU zerie prave avira. Sak naco sa pozret do spravcu uloh, ze?


_________________
Ryzen 7 3700X | SilentiumPC Fera 3 | Asrock X570M Pro4 | Patriot Viper 4 Blackout 16GB DDR4-3600 CL17 | Gainward RTX4060 Ti Pegasus 8GB | Samsung 970evo Plus 250GB NVMe | Corsair MP510 1TB NVMe | Samsung 980 Pro 2TB NVMe | Corsair RM550x | 32" Samsung ViewFinity S60UA | 3x Noctua NF-S12B redux 1200 PWM
Xiaomi Mi 9 Lite 64GB
Offline booom

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 14.01.09
Prihlásený: 12.07.21
Príspevky: 282
Témy: 34 | 34
Bydlisko: Košice
Napísal autor témyOffline booom: 22.12.2009 16:09 | Avira...

Som pozeral práve v Správcovi, že mám tak vyťažený CPU a teplotu v Speedfane. A mám spustené 2 aplikácie: Aviru, Speedfan. Procesy sú toľko ako zvyčajne plus mínus. Ale ako píšem po nainštalovaní Aviry išli tieto hodnoty hore (zaťaženie a teplota). Z Avastom som to nemal...


Offline br4n0

Skúsený užívateľ
Skúsený užívateľ
Avira...

Registrovaný: 22.03.07
Prihlásený: 23.06.23
Príspevky: 2096
Témy: 15 | 15
Bydlisko: Bratislava V
NapísalOffline br4n0: 22.12.2009 16:21 | Avira...

To už vieme. Ak ti zaťažuje procesor, máš sa v správcovi pozrieť, KTORÝ KONKRÉTNY proces ho zaťažuje. Ak je to jeden z procesov aviry, zistiť, či práve neprebieha update alebo naplánovaný sken.


_________________
DESKTOP: Intel Pentium Dual Core E2180, Gigabyte GA-P31-DS3L, 3GB DDR2 800Mhz, ASUS Radeon HD3650 256MB, ASUS DRW-1608P3S, Hitachi Deskstar T7K250 160GB, Fortron FSP350-60GLN
NTB: HP 510: Intel Celeron M360, 512MB DDR2 533MHz, Intel GMA 900, Hitachi Travelstar 4K120 40GB, Sony CRX880A
Offline booom

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 14.01.09
Prihlásený: 12.07.21
Príspevky: 282
Témy: 34 | 34
Bydlisko: Košice
Napísal autor témyOffline booom: 22.12.2009 17:10 | Avira...

Ako zistím, ktorý konkrétny proces mi zaťažuje CPU??? Nebude to tým, že je aktivovaný AntiVir Guard, teda že Avira stále kontroluje či mi komp nenapadne nejaký vir alebo čo. ???


Offline br4n0

Skúsený užívateľ
Skúsený užívateľ
Avira...

Registrovaný: 22.03.07
Prihlásený: 23.06.23
Príspevky: 2096
Témy: 15 | 15
Bydlisko: Bratislava V
NapísalOffline br4n0: 22.12.2009 17:28 | Avira...

Guard je štandardná rezidentná ochrana. Bez nej sa žiadny AV nezaobíde. Konkrétny proces zistíš v správcovi úloh na záložke procesy v stĺpci CPU pri každom procese.


_________________
DESKTOP: Intel Pentium Dual Core E2180, Gigabyte GA-P31-DS3L, 3GB DDR2 800Mhz, ASUS Radeon HD3650 256MB, ASUS DRW-1608P3S, Hitachi Deskstar T7K250 160GB, Fortron FSP350-60GLN
NTB: HP 510: Intel Celeron M360, 512MB DDR2 533MHz, Intel GMA 900, Hitachi Travelstar 4K120 40GB, Sony CRX880A
Offline booom

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 14.01.09
Prihlásený: 12.07.21
Príspevky: 282
Témy: 34 | 34
Bydlisko: Košice
Napísal autor témyOffline booom: 22.12.2009 18:48 | Avira...

Našiel som to a je: Procesy systémovej nečinnosti - SYSTEM - 49 až 51% - 28 Kb použivanej pamäte.
Čo z toho pre mňa vyplýva????
Mám to odstrániť alebo je pes niekde inde zakopaný??? :)


Offline McDog

Užívateľ
Užívateľ
Avira...

Registrovaný: 06.07.08
Prihlásený: 13.01.24
Príspevky: 2369
Témy: 134 | 134
NapísalOffline McDog: 22.12.2009 19:24 | Avira...

Citaj..Procesy systemovej necinnosti..co je necinost?
Stavim sa ze mas zle odstranny Avast:)


Offline booom

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 14.01.09
Prihlásený: 12.07.21
Príspevky: 282
Témy: 34 | 34
Bydlisko: Košice
Napísal autor témyOffline booom: 22.12.2009 19:42 | Avira...

Avast som odstraňoval cez Pridanie alebo odstánenie programov a tú zložku, ktorá ostala v Prog. Files som vymazal, reštartol komp a tak začal inštalovať Aviru a zase reštart.
Procesy systémovej nečinnosti, to neviem čo je, nikdy som si to v správcovi úloh nevšimol a neviem čo to má byť. Mám tento proces ukončiť??? Nič tým nepokazím??? Lebo len pri tomto mám 50% vyťaženie CPU...


Offline pitimir

Skúsený užívateľ
Skúsený užívateľ
Obrázok užívateľa

Registrovaný: 15.08.09
Prihlásený: 05.02.10
Príspevky: 355
Témy: 0 | 0
NapísalOffline pitimir: 22.12.2009 21:43 | Avira...

Procesy systemovej necinnosti u mna dosaduju 99%. Ako je to mozne a preco je to tak? Nuz preto, ze ako uz hore uviedol kolega, tak ide o NECINNOST. Pod tymto procesom sa ti zobrazi percentualne vyjadrenie necinnosti ;)

Ktory dalsi proces zere najviac?


Offline citizen

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 27.05.09
Prihlásený: 19.09.21
Príspevky: 374
Témy: 27 | 27
NapísalOffline citizen: 23.12.2009 10:37 | Avira...

shiro píše:
mna by zaujimalo ze skade dosiel na to ze ten CPU zerie prave avira. Sak naco sa pozret do spravcu uloh, ze?

sakra ake chytre rady tu davas.nehraj machra chalan sa pyta tak co prudis.si myslis ze mas viacej modrych kociek tak co


Offline McDog

Užívateľ
Užívateľ
Avira...

Registrovaný: 06.07.08
Prihlásený: 13.01.24
Príspevky: 2369
Témy: 134 | 134
NapísalOffline McDog: 23.12.2009 11:16 | Avira...

Ok mrkni do spravcu uloh ci tam nemas niekde proces Avast alebi iny AV....popripade nemas iny bezpecnostne riesenie?postni log z HiJack This-http://www.pcforum.sk/cistime-napadnuty-pocitac-vt54491.html


Offline booom

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 14.01.09
Prihlásený: 12.07.21
Príspevky: 282
Témy: 34 | 34
Bydlisko: Košice
Napísal autor témyOffline booom: 23.12.2009 16:10 | Avira...

Ja pouzžívam momentálne Aviru, doteraz to bol Avast! 4.8 Home Edit., Spyboot-S a D, Ad-Aware. Další proces, ktorý zaťažuje CPU je: svchost.exe 48-50%

Tu je môj log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:03:39, on 23.12.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: Podpora odkazu pre aplikáciu Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.24\RivaTuner.exe" /S
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [sysgif32] C:\WINDOWS\TEMP\~TM17.tmp
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: siszyd32.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwar ... /CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

--
End of file - 8159 bytes


Offline McDog

Užívateľ
Užívateľ
Avira...

Registrovaný: 06.07.08
Prihlásený: 13.01.24
Príspevky: 2369
Témy: 134 | 134
NapísalOffline McDog: 23.12.2009 16:25 | Avira...

No ja tam vidim stale spusteny As-Aware a spyboot....tie by som dal doprec....hm?


Offline pitimir

Skúsený užívateľ
Skúsený užívateľ
Obrázok užívateľa

Registrovaný: 15.08.09
Prihlásený: 05.02.10
Príspevky: 355
Témy: 0 | 0
NapísalOffline pitimir: 23.12.2009 22:41 | Avira...

A ja tam vidim haved a aj toho smejda, ktory sa ti naviazal na ServiceHost a taha ti CPU do vysok.

Stiahni ComboFix, najlepsie na plochu. Vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall. Spust program cez ucet s administratorskymi pravami a postupuj podla instrukcii. Cely sken bude trvat cca 10 minut. Pocas neho moze byt PC restartovane. Log, ktory ComboFix vytvori, najdes na adrese "C:\ComboFix.txt".
Ten vloz sem.

Pozor: Kym ComboFix nevytvori log, na nic neklikat, nic nestlacat !!


Offline McDog

Užívateľ
Užívateľ
Avira...

Registrovaný: 06.07.08
Prihlásený: 13.01.24
Príspevky: 2369
Témy: 134 | 134
NapísalOffline McDog: 23.12.2009 22:48 | Avira...

vidis aka krasna spolupraca?A co keby si napisal co a kde je a ako je?Nech viem aj ja?


Offline booom

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 14.01.09
Prihlásený: 12.07.21
Príspevky: 282
Témy: 34 | 34
Bydlisko: Košice
Napísal autor témyOffline booom: 24.12.2009 13:48 | Avira...

Mne ten combofix išiel asi hodinu a trištvrť, ja som dal len demo lebo odo mňa pýtalo licenčný kľúč. Mne vytvorilo akýsi aaw7boot.txt.

================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2009-12-19 14:46


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2009-12-19 21:50


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2009-12-20 09:34


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2009-12-20 10:15


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2009-12-21 13:38


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2009-12-21 13:50


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2009-12-21 15:08


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2009-12-21 15:19


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2009-12-21 15:26


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2009-12-21 19:11


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2009-12-22 14:42


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2009-12-23 14:50


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2009-12-23 19:51


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2009-12-24 10:14


??????????


Offline Jeffo

Užívateľ
Užívateľ
Avira...

Registrovaný: 14.11.08
Prihlásený: 02.07.20
Príspevky: 8758
Témy: 197 | 197
Bydlisko: Moldava nad...
NapísalOffline Jeffo: 24.12.2009 20:11 | Avira...

Ako sa vypínajú tie vyskakovacie reklami v avire?pls poradte,dik


_________________
NoteBook: Toshiba Satellite c855-212
Car:Škoda Superb 2 Combi Phone: Xiaomi Redmi 5
Offline pitimir

Skúsený užívateľ
Skúsený užívateľ
Obrázok užívateľa

Registrovaný: 15.08.09
Prihlásený: 05.02.10
Príspevky: 355
Témy: 0 | 0
NapísalOffline pitimir: 24.12.2009 20:36 | Avira...

Toto urcite nie je log z ComboFixu. Pokial chces pomoct od toho bordelu, hore mas navod. Ak nie, je mi luto.

@Jeffo696: Zakupenim full verzie :)
Ber to ako malu dan za free pouzivanie v podstate spickoveho AV.


Offline Jeffo

Užívateľ
Užívateľ
Avira...

Registrovaný: 14.11.08
Prihlásený: 02.07.20
Príspevky: 8758
Témy: 197 | 197
Bydlisko: Moldava nad...
NapísalOffline Jeffo: 24.12.2009 21:47 | Avira...

Nie nie,dá sa to vypnúť niekde cez log,niekde to tu už bolo,ale neviem to nájsť


_________________
NoteBook: Toshiba Satellite c855-212
Car:Škoda Superb 2 Combi Phone: Xiaomi Redmi 5
Offline booom

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 14.01.09
Prihlásený: 12.07.21
Príspevky: 282
Témy: 34 | 34
Bydlisko: Košice
Napísal autor témyOffline booom: 25.12.2009 10:14 | Avira...

Log je tu. Som to robil narýchlo a bola to blbosť. Combofix log:

ComboFix 09-12-23.02 - Biker 25.12.2009 9:55.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.2046.1596 [GMT 1:00]
Running from: D:\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Biker\Application Data\avdrn.dat
c:\documents and settings\Biker\Start Menu\Programs\Startup\siszyd32.exe
c:\windows\system32\Data
c:\windows\system32\vidx16.dll

.
((((((((((((((((((((((((( Files Created from 2009-11-25 to 2009-12-25 )))))))))))))))))))))))))))))))
.

2009-12-24 10:34 . 2009-12-24 10:34 -------- d-----w- c:\program files\R-Studio
2009-12-24 10:20 . 2006-12-19 15:53 24072 ----a-w- c:\windows\system32\uxtuneup.dll
2009-12-24 10:20 . 2009-12-24 10:21 -------- d-----w- c:\program files\TuneUp Utilities 2007
2009-12-23 15:03 . 2009-12-23 15:03 -------- d-----w- c:\program files\Trend Micro
2009-12-21 15:31 . 2009-12-22 15:35 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-21 15:31 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-12-21 15:31 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-12-21 15:31 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-12-21 15:31 . 2009-12-21 15:31 -------- d-----w- c:\program files\Avira
2009-12-21 15:31 . 2009-12-21 15:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-12-21 13:58 . 2009-12-21 13:58 61440 ----a-r- c:\documents and settings\Biker\Application Data\Microsoft\Installer\{750B9AD1-4C63-4143-94C5-6FB304199BAD}\ARPPRODUCTICON.exe
2009-12-21 13:39 . 2009-12-25 09:08 704512 ----a-w- c:\windows\system32\drivers\iwuxav.sys
2009-12-20 13:56 . 2009-12-20 13:56 -------- d-----w- c:\documents and settings\Biker\Application Data\dvdcss
2009-12-20 12:36 . 2009-12-20 12:39 -------- d-----w- c:\program files\Doom 3
2009-12-20 11:19 . 2009-12-20 12:16 967 ----a-w- c:\windows\ScUnin.pif
2009-12-20 11:19 . 2009-12-20 12:16 94208 ----a-w- c:\windows\ScUnin.exe
2009-12-20 11:19 . 2009-12-20 12:16 35382 ----a-w- c:\windows\scunin.dat
2009-12-20 11:16 . 2009-12-20 12:16 -------- d-----w- c:\program files\Starcraft
2009-12-19 13:41 . 2009-10-29 10:48 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-12-17 16:10 . 2009-12-17 16:10 -------- d-----w- C:\DriveKey
2009-12-15 18:52 . 1998-09-02 08:28 38160 ----a-w- c:\windows\system32\LMRTREND.dll
2009-12-15 18:52 . 1998-08-27 04:51 182032 ----a-w- c:\windows\system32\dxtmsft3.dll
2009-12-15 18:52 . 1998-09-02 08:28 63488 ----a-w- c:\windows\system32\unam4ie.exe
2009-12-15 18:52 . 1998-09-02 08:02 194320 ----a-w- c:\windows\system32\qcut.dll
2009-12-15 18:52 . 1998-08-17 09:21 11776 ----a-w- c:\windows\system32\mciqtz.drv
2009-12-15 18:52 . 2009-12-15 18:52 4608 ----a-w- c:\windows\system32\w95inf32.dll
2009-12-15 18:52 . 2009-12-15 18:52 2272 ----a-w- c:\windows\system32\w95inf16.dll
2009-12-15 18:49 . 2009-12-15 18:57 -------- d-----w- C:\Truckrace
2009-12-15 18:48 . 1998-07-30 11:51 305152 ----a-w- c:\windows\IsUninst.exe
2009-12-15 18:48 . 2009-12-15 18:48 -------- d-----w- c:\documents and settings\Biker\WINDOWS
2009-12-12 22:07 . 2009-12-12 22:07 -------- d--h--w- c:\windows\PIF
2009-12-11 09:58 . 2009-12-11 09:58 -------- d-----w- c:\program files\Common Files\Skype
2009-12-04 16:48 . 2009-12-24 10:23 -------- d-----w- c:\program files\SpeedFan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-24 23:30 . 2009-10-29 10:13 -------- d-----w- c:\documents and settings\Biker\Application Data\Skype
2009-12-24 23:09 . 2009-10-29 10:14 -------- d-----w- c:\documents and settings\Biker\Application Data\skypePM
2009-12-24 10:49 . 2009-10-29 10:06 862040 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-12-24 10:49 . 2009-10-29 10:06 206944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-12-24 10:49 . 2009-10-29 10:06 390288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-12-24 10:49 . 2009-10-29 10:48 537576 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2009-12-24 10:49 . 2009-10-29 10:06 194104 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2009-12-24 10:49 . 2009-10-29 10:06 370744 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-12-24 10:48 . 2009-10-29 10:06 6296864 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-12-24 10:48 . 2009-10-29 10:06 933120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-12-24 10:48 . 2009-10-29 10:06 816272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-12-24 10:48 . 2009-10-29 10:06 822904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-12-24 10:48 . 2009-10-29 10:06 1643272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-12-24 10:48 . 2009-10-29 10:06 788880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-12-24 10:48 . 2009-10-29 10:06 1181328 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-12-24 10:20 . 2009-10-28 09:11 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-23 17:17 . 2009-10-28 09:50 -------- d-----w- c:\program files\Opera
2009-12-21 13:39 . 2009-12-21 13:39 16 ----a-w- c:\documents and settings\Biker\Application Data\fvgqad.dat
2009-12-20 14:02 . 2009-11-24 10:17 -------- d-----w- c:\documents and settings\Biker\Application Data\vlc
2009-12-19 22:59 . 2009-10-31 23:20 -------- d-----w- c:\program files\HappyFoto
2009-12-19 08:36 . 2009-10-29 09:53 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-19 08:35 . 2009-10-29 09:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-17 16:10 . 2009-10-28 08:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-12 15:28 . 2009-12-12 15:28 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-12-11 09:58 . 2009-10-29 10:13 -------- d-----r- c:\program files\Skype
2009-12-11 09:58 . 2009-10-29 10:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-12-09 08:13 . 2009-10-28 09:32 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-05 16:23 . 2009-10-31 18:25 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2009-12-03 17:30 . 2009-10-28 09:27 521376 ----a-w- c:\documents and settings\Biker\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-03 16:50 . 2009-10-28 10:27 -------- d-----w- c:\program files\TuneUp Utilities 2006
2009-12-03 16:38 . 2009-10-29 10:47 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-12-03 16:38 . 2009-10-31 15:52 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}
2009-11-26 10:48 . 2009-10-29 10:06 163728 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-11-26 10:48 . 2009-10-29 10:06 327000 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-11-26 10:48 . 2009-10-29 10:06 87496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-11-26 10:48 . 2009-10-29 10:06 641632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-11-24 10:17 . 2009-11-24 10:17 -------- d-----w- c:\program files\VideoLAN
2009-11-24 09:56 . 2009-11-24 09:56 -------- d-----w- c:\program files\MSECache
2009-11-22 12:02 . 2009-11-22 12:00 -------- d-----w- c:\program files\Software Informer
2009-11-22 11:07 . 2009-11-01 10:45 -------- d-----w- c:\documents and settings\Biker\Application Data\PC Suite
2009-11-12 09:23 . 2009-10-28 09:07 -------- d-----w- c:\program files\Creative
2009-11-12 09:22 . 2009-11-12 09:22 -------- d-----w- c:\program files\Common Files\Creative
2009-11-12 09:22 . 2009-10-28 10:08 -------- d--h--w- c:\program files\Creative Installation Information
2009-11-11 20:27 . 2009-11-11 20:27 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ
2009-11-06 16:16 . 2009-11-06 16:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-06 16:15 . 2009-11-01 10:42 -------- d-----w- c:\program files\MSBuild
2009-11-05 17:59 . 2009-11-05 17:59 -------- d-----w- c:\documents and settings\Biker\Application Data\CyberLink
2009-11-05 17:58 . 2009-11-05 17:58 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-11-05 17:57 . 2009-11-05 17:57 -------- d-----w- c:\program files\CyberLink
2009-11-02 18:56 . 2009-11-02 18:56 -------- d-----w- c:\program files\Common Files\Futuremark Shared
2009-11-02 16:09 . 2009-10-28 08:57 -------- d-----w- c:\program files\Common Files\InstallShield
2009-11-01 12:16 . 2009-11-01 11:23 -------- d-----w- c:\program files\Common Files\Nokia
2009-11-01 12:15 . 2009-11-01 10:45 -------- d-----w- c:\program files\Nokia
2009-11-01 12:15 . 2009-11-01 11:23 -------- d-----w- c:\program files\Common Files\PCSuite
2009-11-01 11:41 . 2009-11-01 10:46 -------- d-----w- c:\documents and settings\Biker\Application Data\Nokia
2009-11-01 11:41 . 2009-11-01 11:41 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-11-01 11:41 . 2009-11-01 11:41 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-11-01 11:40 . 2009-11-01 11:40 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-11-01 11:40 . 2009-11-01 11:40 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-11-01 11:36 . 2009-11-01 10:45 -------- d-----w- c:\program files\DIFX
2009-11-01 11:36 . 2009-11-01 11:36 -------- d-----w- c:\program files\PC Connectivity Solution
2009-11-01 11:36 . 2009-11-01 11:36 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe
2009-11-01 11:36 . 2009-11-01 11:36 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe
2009-11-01 11:36 . 2009-11-01 11:36 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-11-01 11:36 . 2009-11-01 11:36 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe
2009-11-01 11:35 . 2009-11-01 10:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-11-01 11:34 . 2009-11-01 11:36 33773208 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_eng_web.exe
2009-11-01 11:03 . 2009-11-01 11:01 -------- d-----w- c:\documents and settings\Biker\Application Data\NSeries
2009-11-01 11:02 . 2009-11-01 10:46 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2009-11-01 11:00 . 2009-11-01 11:00 -------- d-----w- c:\program files\Windows Media Connect 2
2009-11-01 10:40 . 2009-11-01 10:40 -------- d-----w- c:\program files\Reference Assemblies
2009-10-31 23:20 . 2009-10-31 23:20 -------- d-----w- c:\documents and settings\Biker\Application Data\Happy Foto
2009-10-31 18:29 . 2003-03-28 03:24 86016 ----a-w- c:\windows\system32\OpenAL32.dll
2009-10-31 18:28 . 2009-10-31 18:28 -------- d-----w- c:\program files\Futuremark
2009-10-31 18:19 . 2009-10-31 15:47 -------- d-----w- c:\program files\Uniblue
2009-10-31 18:06 . 2009-10-28 09:11 -------- d-----w- c:\program files\AGEIA Technologies
2009-10-31 17:51 . 2009-10-31 17:51 -------- d-----w- c:\program files\oZone3D
2009-10-31 16:50 . 2009-10-31 16:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Codemasters
2009-10-31 16:48 . 2009-10-31 16:48 -------- d-----w- c:\program files\OpenAL
2009-10-31 16:48 . 2009-10-31 16:48 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-10-31 16:36 . 2009-10-31 16:36 -------- d-----w- c:\program files\Codemasters
2009-10-31 15:53 . 2009-10-31 15:52 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner
2009-10-31 15:52 . 2009-10-31 15:47 -------- d-----w- c:\documents and settings\Biker\Application Data\Uniblue
2009-10-30 18:28 . 2009-10-29 10:11 -------- d-----w- c:\documents and settings\Biker\Application Data\ICQ
2009-10-30 09:39 . 2009-10-29 10:10 -------- d-----w- c:\program files\ICQ6.5
2009-10-29 20:26 . 2009-10-29 20:26 -------- d-----w- c:\documents and settings\Biker\Application Data\Apple Computer
2009-10-29 11:12 . 2009-10-29 11:09 54743966 ----a-w- c:\documents and settings\All Users\Application Data\Creative\Software Update\cache\Creative MediaSource Player_Organizer 3.30.21__\CMS_PCAPP_LB_3_30_21.exe
2009-10-29 11:09 . 2009-10-29 11:07 37406376 ----a-w- c:\documents and settings\All Users\Application Data\Creative\Software Update\cache\Creative MediaSource 5 Player_Organizer 5.25.02__\CMS5_PCAPP_LB_5_25_02.exe
2009-10-29 11:02 . 2009-10-29 11:01 12846328 ----a-w- c:\documents and settings\All Users\Application Data\Creative\Software Update\cache\Creative WaveStudio 7.11.00__\WAVESTD_PCAPP_LB_7_11_00.exe
2009-10-29 10:48 . 2009-10-29 10:48 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-29 10:48 . 2009-10-29 10:48 93360 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2009-10-29 10:48 . 2009-10-29 10:48 554280 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll
2009-10-29 10:48 . 2009-10-29 10:06 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-10-29 10:48 . 2009-10-29 10:48 212480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\VipreBridge.dll
2009-10-29 10:48 . 2009-10-29 10:48 283944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Vipre.dll
2009-10-29 10:48 . 2009-10-29 10:48 1223976 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll
2009-10-29 10:48 . 2009-10-29 10:48 242984 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll
2009-10-29 10:34 . 2009-10-28 08:40 5938 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-10-29 10:34 . 2009-10-28 08:40 166455 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-10-29 10:17 . 2009-10-29 10:17 -------- d-----w- c:\program files\MSXML 4.0
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"P17Helper"="P17.dll" [2005-05-03 64512]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-25 13680640]
"nwiz"="nwiz.exe" [2008-12-25 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-25 86016]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-12-24 788880]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.24\RivaTuner.exe" [2009-02-25 2781184]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 30208]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-10-30 113664]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Codemasters\\GRID\\GRID.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [28.10.2009 10:42 64288]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [21.12.2009 16:31 108289]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [29.10.2009 11:11 222456]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28.10.2009 10:35 717296]
S3 cpuz130;cpuz130;\??\c:\docume~1\Biker\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Biker\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24.9.2009 12:17 1181328]

--- Other Services/Drivers In Memory ---

*Deregistered* - iwuxav

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-07-18 16:53 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

AddRemove-{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F} - c:\documents and settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}\DriverScanner_Setup.exe
AddRemove-{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} - c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-25 10:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iwuxav]

.
Completion time: 2009-12-25 10:09:13
ComboFix-quarantined-files.txt 2009-12-25 09:09

Pre-Run: 90 800 398 336 bytes free
Post-Run: 12 adresárov, 90 875 883 520 voľných bajtov

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - 553F7A541EDCF93E8D843D021C169CDD


Offline booom

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 14.01.09
Prihlásený: 12.07.21
Príspevky: 282
Témy: 34 | 34
Bydlisko: Košice
Napísal autor témyOffline booom: 25.12.2009 10:57 | Avira...

Po tejto očiste mi nezaťažuje CPU-čko na 50% ten proces. Zmizol po combofixe!!! :D Paráda aj teplota CPU mi z 48-50°C klesla na 35-38°C. Terazky mám CPU vyťažený cca na 3% ako predtým.
Vtedy mi aj hry sekali, teraz je to lajtka.

Dakujem "pitimir" za pomoc.

P.S. čo si vyčítal z toho fogu??? Ak začínal ComboFix, tak mi tam vyhodilo 2 tabuľky, niečo ohľadom Aviry... Postupoval som podľa toho čo tam bolo napísané.
???


Offline pitimir

Skúsený užívateľ
Skúsený užívateľ
Obrázok užívateľa

Registrovaný: 15.08.09
Prihlásený: 05.02.10
Príspevky: 355
Témy: 0 | 0
NapísalOffline pitimir: 25.12.2009 11:28 | Avira...

1) Co bola blbost?

A treba citat navody poriadne, CF mal byt na ploche.


2) Zostal ti tam este rootkit:

Presun ikonu CF na plochu, vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall a otvor poznamkovy blok. Donho skopiruj:

Kód:
KillAll::
Rootkit::
c:\windows\system32\drivers\iwuxav.sys

Driver::
iwuxav
ICQ Service

Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iwuxav]

Folder::
c:\program files\ICQ6Toolbar

Uloz na plochu ako CFScript.txt a mysou pretiahni nad ikonou CF.

Avira...

Program script spracuje a spravi novy log.


Pozor: Ak po aplikacii skriptu nenabehne Windows, restartuj PC, stlac F8 a zvol Poslednu znamu funkcnu konfiguraciu.


Offline booom

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 14.01.09
Prihlásený: 12.07.21
Príspevky: 282
Témy: 34 | 34
Bydlisko: Košice
Napísal autor témyOffline booom: 25.12.2009 19:28 | Avira...

Tak hádam do tretice všetko dobré...

ComboFix 09-12-23.02 - Biker 25.12.2009 19:15:45.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.2046.1698 [GMT 1:00]
Running from: D:\ComboFix.exe
Command switches used :: c:\documents and settings\Biker\Desktop\CFScript.txt.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\ICQ6Toolbar
c:\program files\ICQ6Toolbar\Icons.bmp
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\ICQ6Toolbar\icq6Toolbar.ico
c:\program files\ICQ6Toolbar\ICQToolBar.dll
c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
c:\program files\ICQ6Toolbar\logo_small.gif
c:\program files\ICQ6Toolbar\ServiceStarter.exe
c:\program files\ICQ6Toolbar\short.wav
c:\program files\ICQ6Toolbar\Version.txt

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ICQ_SERVICE
-------\Legacy_IWUXAV
-------\Service_ICQ Service
-------\Service_iwuxav


((((((((((((((((((((((((( Files Created from 2009-11-25 to 2009-12-25 )))))))))))))))))))))))))))))))
.

2009-12-24 10:34 . 2009-12-24 10:34 -------- d-----w- c:\program files\R-Studio
2009-12-24 10:20 . 2006-12-19 15:53 24072 ----a-w- c:\windows\system32\uxtuneup.dll
2009-12-24 10:20 . 2009-12-24 10:21 -------- d-----w- c:\program files\TuneUp Utilities 2007
2009-12-23 15:03 . 2009-12-23 15:03 -------- d-----w- c:\program files\Trend Micro
2009-12-21 15:31 . 2009-12-22 15:35 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-21 15:31 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-12-21 15:31 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-12-21 15:31 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-12-21 15:31 . 2009-12-21 15:31 -------- d-----w- c:\program files\Avira
2009-12-21 15:31 . 2009-12-21 15:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-12-21 13:58 . 2009-12-21 13:58 61440 ----a-r- c:\documents and settings\Biker\Application Data\Microsoft\Installer\{750B9AD1-4C63-4143-94C5-6FB304199BAD}\ARPPRODUCTICON.exe
2009-12-20 13:56 . 2009-12-20 13:56 -------- d-----w- c:\documents and settings\Biker\Application Data\dvdcss
2009-12-20 12:36 . 2009-12-20 12:39 -------- d-----w- c:\program files\Doom 3
2009-12-20 11:19 . 2009-12-20 12:16 967 ----a-w- c:\windows\ScUnin.pif
2009-12-20 11:19 . 2009-12-20 12:16 94208 ----a-w- c:\windows\ScUnin.exe
2009-12-20 11:19 . 2009-12-20 12:16 35382 ----a-w- c:\windows\scunin.dat
2009-12-20 11:16 . 2009-12-20 12:16 -------- d-----w- c:\program files\Starcraft
2009-12-19 13:41 . 2009-10-29 10:48 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-12-17 16:10 . 2009-12-17 16:10 -------- d-----w- C:\DriveKey
2009-12-15 18:52 . 1998-09-02 08:28 38160 ----a-w- c:\windows\system32\LMRTREND.dll
2009-12-15 18:52 . 1998-08-27 04:51 182032 ----a-w- c:\windows\system32\dxtmsft3.dll
2009-12-15 18:52 . 1998-09-02 08:28 63488 ----a-w- c:\windows\system32\unam4ie.exe
2009-12-15 18:52 . 1998-09-02 08:02 194320 ----a-w- c:\windows\system32\qcut.dll
2009-12-15 18:52 . 1998-08-17 09:21 11776 ----a-w- c:\windows\system32\mciqtz.drv
2009-12-15 18:52 . 2009-12-15 18:52 4608 ----a-w- c:\windows\system32\w95inf32.dll
2009-12-15 18:52 . 2009-12-15 18:52 2272 ----a-w- c:\windows\system32\w95inf16.dll
2009-12-15 18:49 . 2009-12-15 18:57 -------- d-----w- C:\Truckrace
2009-12-15 18:48 . 1998-07-30 11:51 305152 ----a-w- c:\windows\IsUninst.exe
2009-12-15 18:48 . 2009-12-15 18:48 -------- d-----w- c:\documents and settings\Biker\WINDOWS
2009-12-12 22:07 . 2009-12-12 22:07 -------- d--h--w- c:\windows\PIF
2009-12-11 09:58 . 2009-12-11 09:58 -------- d-----w- c:\program files\Common Files\Skype
2009-12-04 16:48 . 2009-12-25 16:44 -------- d-----w- c:\program files\SpeedFan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-25 13:47 . 2009-10-29 10:13 -------- d-----w- c:\documents and settings\Biker\Application Data\Skype
2009-12-25 11:11 . 2009-10-29 10:14 -------- d-----w- c:\documents and settings\Biker\Application Data\skypePM
2009-12-24 10:49 . 2009-10-29 10:06 862040 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-12-24 10:49 . 2009-10-29 10:06 206944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-12-24 10:49 . 2009-10-29 10:06 390288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-12-24 10:49 . 2009-10-29 10:48 537576 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2009-12-24 10:49 . 2009-10-29 10:06 194104 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2009-12-24 10:49 . 2009-10-29 10:06 370744 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-12-24 10:48 . 2009-10-29 10:06 6296864 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-12-24 10:48 . 2009-10-29 10:06 933120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-12-24 10:48 . 2009-10-29 10:06 816272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-12-24 10:48 . 2009-10-29 10:06 822904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-12-24 10:48 . 2009-10-29 10:06 1643272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-12-24 10:48 . 2009-10-29 10:06 788880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-12-24 10:48 . 2009-10-29 10:06 1181328 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-12-24 10:20 . 2009-10-28 09:11 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-23 17:17 . 2009-10-28 09:50 -------- d-----w- c:\program files\Opera
2009-12-21 13:39 . 2009-12-21 13:39 16 ----a-w- c:\documents and settings\Biker\Application Data\fvgqad.dat
2009-12-20 14:02 . 2009-11-24 10:17 -------- d-----w- c:\documents and settings\Biker\Application Data\vlc
2009-12-19 22:59 . 2009-10-31 23:20 -------- d-----w- c:\program files\HappyFoto
2009-12-19 08:36 . 2009-10-29 09:53 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-19 08:35 . 2009-10-29 09:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-17 16:10 . 2009-10-28 08:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-12 15:28 . 2009-12-12 15:28 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-12-11 09:58 . 2009-10-29 10:13 -------- d-----r- c:\program files\Skype
2009-12-11 09:58 . 2009-10-29 10:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-12-09 08:13 . 2009-10-28 09:32 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-05 16:23 . 2009-10-31 18:25 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2009-12-03 17:30 . 2009-10-28 09:27 521376 ----a-w- c:\documents and settings\Biker\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-03 16:50 . 2009-10-28 10:27 -------- d-----w- c:\program files\TuneUp Utilities 2006
2009-12-03 16:38 . 2009-10-29 10:47 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-12-03 16:38 . 2009-10-31 15:52 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}
2009-11-26 10:48 . 2009-10-29 10:06 163728 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-11-26 10:48 . 2009-10-29 10:06 327000 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-11-26 10:48 . 2009-10-29 10:06 87496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-11-26 10:48 . 2009-10-29 10:06 641632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-11-24 10:17 . 2009-11-24 10:17 -------- d-----w- c:\program files\VideoLAN
2009-11-24 09:56 . 2009-11-24 09:56 -------- d-----w- c:\program files\MSECache
2009-11-22 12:02 . 2009-11-22 12:00 -------- d-----w- c:\program files\Software Informer
2009-11-22 11:07 . 2009-11-01 10:45 -------- d-----w- c:\documents and settings\Biker\Application Data\PC Suite
2009-11-12 09:23 . 2009-10-28 09:07 -------- d-----w- c:\program files\Creative
2009-11-12 09:22 . 2009-11-12 09:22 -------- d-----w- c:\program files\Common Files\Creative
2009-11-12 09:22 . 2009-10-28 10:08 -------- d--h--w- c:\program files\Creative Installation Information
2009-11-11 20:27 . 2009-11-11 20:27 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ
2009-11-06 16:16 . 2009-11-06 16:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-06 16:15 . 2009-11-01 10:42 -------- d-----w- c:\program files\MSBuild
2009-11-05 17:59 . 2009-11-05 17:59 -------- d-----w- c:\documents and settings\Biker\Application Data\CyberLink
2009-11-05 17:58 . 2009-11-05 17:58 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-11-05 17:57 . 2009-11-05 17:57 -------- d-----w- c:\program files\CyberLink
2009-11-02 18:56 . 2009-11-02 18:56 -------- d-----w- c:\program files\Common Files\Futuremark Shared
2009-11-02 16:09 . 2009-10-28 08:57 -------- d-----w- c:\program files\Common Files\InstallShield
2009-11-01 12:16 . 2009-11-01 11:23 -------- d-----w- c:\program files\Common Files\Nokia
2009-11-01 12:15 . 2009-11-01 10:45 -------- d-----w- c:\program files\Nokia
2009-11-01 12:15 . 2009-11-01 11:23 -------- d-----w- c:\program files\Common Files\PCSuite
2009-11-01 11:41 . 2009-11-01 10:46 -------- d-----w- c:\documents and settings\Biker\Application Data\Nokia
2009-11-01 11:41 . 2009-11-01 11:41 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-11-01 11:41 . 2009-11-01 11:41 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-11-01 11:40 . 2009-11-01 11:40 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-11-01 11:40 . 2009-11-01 11:40 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-11-01 11:36 . 2009-11-01 10:45 -------- d-----w- c:\program files\DIFX
2009-11-01 11:36 . 2009-11-01 11:36 -------- d-----w- c:\program files\PC Connectivity Solution
2009-11-01 11:36 . 2009-11-01 11:36 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe
2009-11-01 11:36 . 2009-11-01 11:36 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe
2009-11-01 11:36 . 2009-11-01 11:36 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-11-01 11:36 . 2009-11-01 11:36 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe
2009-11-01 11:35 . 2009-11-01 10:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-11-01 11:34 . 2009-11-01 11:36 33773208 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_eng_web.exe
2009-11-01 11:03 . 2009-11-01 11:01 -------- d-----w- c:\documents and settings\Biker\Application Data\NSeries
2009-11-01 11:02 . 2009-11-01 10:46 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2009-11-01 11:00 . 2009-11-01 11:00 -------- d-----w- c:\program files\Windows Media Connect 2
2009-11-01 10:40 . 2009-11-01 10:40 -------- d-----w- c:\program files\Reference Assemblies
2009-10-31 23:20 . 2009-10-31 23:20 -------- d-----w- c:\documents and settings\Biker\Application Data\Happy Foto
2009-10-31 18:29 . 2003-03-28 03:24 86016 ----a-w- c:\windows\system32\OpenAL32.dll
2009-10-31 18:28 . 2009-10-31 18:28 -------- d-----w- c:\program files\Futuremark
2009-10-31 18:19 . 2009-10-31 15:47 -------- d-----w- c:\program files\Uniblue
2009-10-31 18:06 . 2009-10-28 09:11 -------- d-----w- c:\program files\AGEIA Technologies
2009-10-31 17:51 . 2009-10-31 17:51 -------- d-----w- c:\program files\oZone3D
2009-10-31 16:50 . 2009-10-31 16:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Codemasters
2009-10-31 16:48 . 2009-10-31 16:48 -------- d-----w- c:\program files\OpenAL
2009-10-31 16:48 . 2009-10-31 16:48 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-10-31 16:36 . 2009-10-31 16:36 -------- d-----w- c:\program files\Codemasters
2009-10-31 15:53 . 2009-10-31 15:52 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner
2009-10-31 15:52 . 2009-10-31 15:47 -------- d-----w- c:\documents and settings\Biker\Application Data\Uniblue
2009-10-30 18:28 . 2009-10-29 10:11 -------- d-----w- c:\documents and settings\Biker\Application Data\ICQ
2009-10-30 09:39 . 2009-10-29 10:10 -------- d-----w- c:\program files\ICQ6.5
2009-10-29 20:26 . 2009-10-29 20:26 -------- d-----w- c:\documents and settings\Biker\Application Data\Apple Computer
2009-10-29 11:12 . 2009-10-29 11:09 54743966 ----a-w- c:\documents and settings\All Users\Application Data\Creative\Software Update\cache\Creative MediaSource Player_Organizer 3.30.21__\CMS_PCAPP_LB_3_30_21.exe
2009-10-29 11:09 . 2009-10-29 11:07 37406376 ----a-w- c:\documents and settings\All Users\Application Data\Creative\Software Update\cache\Creative MediaSource 5 Player_Organizer 5.25.02__\CMS5_PCAPP_LB_5_25_02.exe
2009-10-29 11:02 . 2009-10-29 11:01 12846328 ----a-w- c:\documents and settings\All Users\Application Data\Creative\Software Update\cache\Creative WaveStudio 7.11.00__\WAVESTD_PCAPP_LB_7_11_00.exe
2009-10-29 10:48 . 2009-10-29 10:48 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-29 10:48 . 2009-10-29 10:48 93360 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2009-10-29 10:48 . 2009-10-29 10:48 554280 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll
2009-10-29 10:48 . 2009-10-29 10:06 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-10-29 10:48 . 2009-10-29 10:48 212480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\VipreBridge.dll
2009-10-29 10:48 . 2009-10-29 10:48 283944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Vipre.dll
2009-10-29 10:48 . 2009-10-29 10:48 1223976 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll
2009-10-29 10:48 . 2009-10-29 10:48 242984 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll
2009-10-29 10:34 . 2009-10-28 08:40 5938 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-10-29 10:34 . 2009-10-28 08:40 166455 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-10-29 10:17 . 2009-10-29 10:17 -------- d-----w- c:\program files\MSXML 4.0
.

((((((((((((((((((((((((((((( SnapShot@2009-12-25_09.08.18 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-07-27 12:00 . 2009-12-25 08:56 67312 c:\windows\system32\perfc009.dat
+ 2007-07-27 12:00 . 2009-12-25 18:18 67312 c:\windows\system32\perfc009.dat
+ 2007-07-27 12:00 . 2009-12-25 18:18 432356 c:\windows\system32\perfh009.dat
- 2007-07-27 12:00 . 2009-12-25 08:56 432356 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"P17Helper"="P17.dll" [2005-05-03 64512]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-25 13680640]
"nwiz"="nwiz.exe" [2008-12-25 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-25 86016]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-12-24 788880]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.24\RivaTuner.exe" [2009-02-25 2781184]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 30208]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-10-30 113664]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Codemasters\\GRID\\GRID.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [28.10.2009 10:42 64288]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28.10.2009 10:35 717296]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [21.12.2009 16:31 108289]
S3 cpuz130;cpuz130;\??\c:\docume~1\Biker\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Biker\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24.9.2009 12:17 1181328]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-07-18 16:53 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

AddRemove-ICQToolbar - c:\program files\ICQ6Toolbar\ICQUnToolbar.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-25 19:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spsh.sys >>UNKNOWN [0x8A3FE938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba10cf28
\Driver\ACPI -> ACPI.sys @ 0xb9e67cb8
\Driver\atapi -> atapi.sys @ 0xb9ce8b40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xb9bdebb0
PacketIndicateHandler -> NDIS.sys @ 0xb9bcda0d
SendHandler -> NDIS.sys @ 0xb9be1b40
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2452)
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Rundll32.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Completion time: 2009-12-25 19:23:09 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-25 18:23
ComboFix2.txt 2009-12-25 09:09

Pre-Run: 90 696 183 808 bytes free
Post-Run: 12 adresárov, 90 609 512 448 voľných bajtov

- - End Of File - - 78224814943D60D673EAB5B0D81C7DC8


Je to už v poriadku?????


Offline pitimir

Skúsený užívateľ
Skúsený užívateľ
Obrázok užívateľa

Registrovaný: 15.08.09
Prihlásený: 05.02.10
Príspevky: 355
Témy: 0 | 0
NapísalOffline pitimir: 26.12.2009 19:08 | Avira...

Este cosi :)

1) Stiahni Defogger. Spust, klik na "Disable" -> "OK". V mieste spustenia by sa mal zjavit log, ten sem vloz.


2) Start -> Spustit -> (napis) cmd /c mbr.exe -t >log.txt&start log.txt
Otvori sa textak (log.txt), aj jeho obsah sem skopiruj.


Offline booom

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 14.01.09
Prihlásený: 12.07.21
Príspevky: 282
Témy: 34 | 34
Bydlisko: Košice
Napísal autor témyOffline booom: 27.12.2009 12:38 | Avira...

1)
defogger_disable by jpshortstuff (28.11.09.2)
Log created at 12:27 on 27/12/2009 (Biker)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed

Checking for services/drivers...
Unable to read sptd.sys
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-

2)
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK


Už mám PC v poriadku??? Som zbavený rootkitu alebo čo vlastne som mal v nevporiadku, pripadne napadnuté a čím??? :)


Offline pitimir

Skúsený užívateľ
Skúsený užívateľ
Obrázok užívateľa

Registrovaný: 15.08.09
Prihlásený: 05.02.10
Príspevky: 355
Témy: 0 | 0
NapísalOffline pitimir: 27.12.2009 13:41 | Avira...

Uz je to OK.

1) Docistime to:

  • Odinstaluj Combofix:
    Start -> Spustit -> (napis) combofix /uninstall

  • Pouzi T-Cleaner (ak by ho antivirus hlasil ako smejda, nic sa netreba bat, ide len o paranoju AV programu).
  • Pouzi TFC (spust program a klikni na "Start". Pozor, PC moze byt restartovane).



2) Vloz log z HJT.

V pripade nezrovnalosti sa >>tu<< nachadza navod.


 Stránka: 1 z 2
 [ Príspevkov: 47 ] 1, 2


Avira...


Obsah fóra » Software » Antivíry, bezpečnosť a sieť » Antivíry a antispywary » Avira...


Podobné témy

 Témy  Odpovede  Zobrazenia  Posledný príspevok 
V tomto fóre nie sú ďalšie neprečítané témy.

Avira Professional vs Avira premium suite - rozdiely

v Antivíry a antispywary

1

697

20.05.2010 18:04

Nanosonda

Táto téma je zamknutá, nemôžete posielať nové príspevky alebo odpovedať na staršie.

AVIRA?

v Antivíry a antispywary

1

584

08.01.2010 17:14

ac.milan

V tomto fóre nie sú ďalšie neprečítané témy.

aVIRA

v Antivíry a antispywary

18

1479

17.09.2010 15:32

riki137

V tomto fóre nie sú ďalšie neprečítané témy.

Avira

[ Choď na stránku:Choď na stránku: 1, 2, 3 ]

v Antivíry a antispywary

89

9745

19.11.2009 13:09

pitimir

V tomto fóre nie sú ďalšie neprečítané témy.

Avira

v Ostatné programy

8

460

29.10.2014 22:01

mirom

V tomto fóre nie sú ďalšie neprečítané témy.

AVIRA

v Antivíry a antispywary

13

1054

17.07.2012 19:01

cezet

V tomto fóre nie sú ďalšie neprečítané témy.

avira

v Antivíry a antispywary

14

1292

19.05.2010 7:01

dreadberserker5

V tomto fóre nie sú ďalšie neprečítané témy.

Avira proxy

v Antivíry a antispywary

5

925

10.02.2011 12:34

shiro

V tomto fóre nie sú ďalšie neprečítané témy.

Avira nastavenia

v Antivíry a antispywary

5

915

03.04.2008 14:54

br4n0

V tomto fóre nie sú ďalšie neprečítané témy.

avira 2010

v Antivíry a antispywary

1

571

25.03.2010 14:44

ac.milan

V tomto fóre nie sú ďalšie neprečítané témy.

Problem Avira premium

v Antivíry a antispywary

2

579

04.03.2011 13:56

pituch

V tomto fóre nie sú ďalšie neprečítané témy.

Avira vs Defender

v Antivíry a antispywary

1

632

26.01.2011 17:41

44mato44

V tomto fóre nie sú ďalšie neprečítané témy.

Problém AVIRA 10

v Antivíry a antispywary

8

1214

20.04.2010 9:59

Fry

V tomto fóre nie sú ďalšie neprečítané témy.

Vydaná Avira 10

v Novinky

11

1188

28.03.2010 12:51

shiro

V tomto fóre nie sú ďalšie neprečítané témy.

avira a comodo

v Antivíry a antispywary

10

845

16.02.2010 18:36

Bluedragon12

V tomto fóre nie sú ďalšie neprečítané témy.

plany poplach avira

v Antivíry a antispywary

6

668

24.07.2009 22:38

Tech



© 2005 - 2024 PCforum, edited by JanoF