Zdravím všechny.
Může mi prosím někdo pomoct zlikvidovat potvůrky z PC?
Už mě nebaví hlášky avasta s nějakým trojanem a Microsoft Antispyware hlásí že byla provedena nějaká změna.....jestli ji chci povolit či ne.
Tady je log z Hijack bude-li mět někdo zájem mi pomoct.
Logfile of HijackThis v1.99.1
Scan saved at 23:43:06, on 13.5.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\csrss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\Program Files\Ahead\InCD\InCDsrv.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
G:\Program Files\Alwil Software\Avast4\ashServ.exe
G:\WINDOWS\System32\cisvc.exe
G:\WINDOWS\System32\CTsvcCDA.exe
G:\WINDOWS\System32\inetsrv\inetinfo.exe
G:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
G:\WINDOWS\System32\msdtc.exe
G:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
G:\WINDOWS\System32\tcpsvcs.exe
G:\WINDOWS\System32\snmp.exe
G:\WINDOWS\system32\wdfmgr.exe
G:\WINDOWS\System32\MsPMSPSv.exe
G:\WINDOWS\System32\mqsvc.exe
G:\WINDOWS\System32\mqtgsvc.exe
G:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
G:\Program Files\Alwil Software\Avast4\ashWebSv.exe
G:\WINDOWS\System32\wbem\wmiprvse.exe
G:\WINDOWS\System32\alg.exe
G:\WINDOWS\system32\cidaemon.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\system32\dcomcfg.exe
G:\Program Files\Gigabyte\ET5\GUI.exe
G:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
G:\PROGRA~1\GENIUS~1\GNETMOUS.EXE
G:\Program Files\SWT2000\HCM.exe
G:\WINDOWS\system32\CTHELPER.EXE
G:\Program Files\Creative\SBLive\AudioHQ\AHQTBU.EXE
G:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
G:\Program Files\D-Tools\daemon.exe
G:\Program Files\Ahead\InCD\InCD.exe
G:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
G:\Program Files\ATI Technologies\ATI HydraVision\HydraMD.exe
G:\Program Files\ATI Technologies\ATI.ACE\cli.exe
G:\Utility\Spybot - Search & Destroy\TeaTimer.exe
G:\Program Files\Everest Labs\Spydefense\sdc.exe
G:\Program Files\iolo\System Mechanic 4\PopupStopper.exe
G:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
G:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
G:\WINDOWS\BricoPacks\Vista Inspirat\UberIcon\UberIcon Manager.exe
G:\WINDOWS\BricoPacks\Vista Inspirat\YzShadow\YzShadow.exe
G:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
G:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
G:\Utility\StatBar\StatBar.exe
G:\Utility\SpeedFan\speedfan.exe
G:\WINDOWS\system32\ntvdm.exe
G:\WINDOWS\System32\dllhost.exe
G:\WINDOWS\system32\inetsrv\DavCData.exe
G:\WINDOWS\System32\svchost.exe
G:\Utility\FREEDO~1\fdm.exe
G:\Program Files\mozilla.org\Mozilla\mozilla.exe
G:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
G:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
G:\Program Files\Microsoft AntiSpyware\gcasServ.exe
G:\Program Files\Skype\Phone\Skype.exe
G:\WINDOWS\system32\cidaemon.exe
G:\Documents and Settings\falko\Plocha\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9999
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - G:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - G:\WINDOWS\system32\hpDB63.tmp
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - G:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [EasyTuneV] G:\Program Files\Gigabyte\ET5\GUI.exe
O4 - HKLM\..\Run: [VGAUtil] G:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
O4 - HKLM\..\Run: [mouseElf] G:\PROGRA~1\GENIUS~1\GNETMOUS.EXE
O4 - HKLM\..\Run: [SDM4500P] G:\Program Files\SWT2000\HCM.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] G:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "G:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [AudioHQU] G:\Program Files\Creative\SBLive\AudioHQ\AHQTBU.EXE
O4 - HKLM\..\Run: [avast!] G:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "G:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] G:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] G:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] G:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
O4 - HKLM\..\Run: [HydraVisionViewPort] G:\Program Files\ATI Technologies\ATI HydraVision\HydraMD.exe
O4 - HKLM\..\Run: [ATIPTA] G:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "G:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [THGuard] "G:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [WinPatrol] G:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [gcasServ] "G:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] G:\Utility\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SpyDefense] G:\Program Files\Everest Labs\Spydefense\sdc.exe /service
O4 - HKCU\..\Run: [System Mechanic Popup Stopper] "G:\Program Files\iolo\System Mechanic 4\PopupStopper.exe"
O4 - Startup: Stardock ObjectDock.lnk = G:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: UberIcon.lnk = G:\WINDOWS\BricoPacks\Vista Inspirat\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = G:\WINDOWS\BricoPacks\Vista Inspirat\YzShadow\YzShadow.exe
O4 - Startup: Y'z ToolBar.lnk = G:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O4 - Global Startup: Hlavní panel ATI CATALYST.lnk = G:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://G:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Stáhnout Free Download Managerem - file://G:\Utility\Free Download Manager\dllink.htm
O8 - Extra context menu item: Stáhnout vybrané Free Download Managerem - file://G:\Utility\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Stáhnout vše Free Download Managerem - file://G:\Utility\Free Download Manager\dlall.htm
O8 - Extra context menu item: Stáhnout webovou stránku Free Download Managerem - file://G:\Utility\Free Download Manager\dlpage.htm
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - G:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - G:\Program Files\ICQLite\ICQLite.exe
O12 - Plugin for .spop: G:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - G:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - G:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - G:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - G:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - G:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - G:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - G:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - G:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - G:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - G:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - G:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: Prime95 Service - Unknown owner - G:\Program Files\Prime95\prime95.exe (file missing)
Předem děkuji.
/změna nadpisu
/mikel
Kontrola logu
Ve Správci úloh zastav toto:
G:\WINDOWS\system32\dcomcfg.exe
G:\Utility\StatBar\StatBar.exe
Červeně označený soubor najdi na disku a smaž. Pozor existuje i dcomcnfg.exe, který nemaž! Je to správný soubor, součást woken. Pak odinstaluj StatBar.
V Hijacku fixni tyto položky:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/
O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - G:\WINDOWS\system32\hpDB63.tmp
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [UpdReg] G:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] G:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] G:\Program Files\Ahead\InCD\InCD.exe
O23 - Service: Prime95 Service - Unknown owner - G:\Program Files\Prime95\prime95.exe (file missing)
G:\WINDOWS\system32\hpDB63.tmp - tento soubor také najdi a smaž.
- Stáhni si CCleaner a s jeho pomocí odstraň všechny nepotřebné soubory. Smaž všechno, co najde.
- Vypni Obnovení systému.
- Máš spuštěných strašně moc rezidentních ochran, které se spolu musí hádat - SpyBot, Spydefense, WinPatrol, MS Antispyware, TrojanHunter. Doporučuji nechat zapnuté jen WinPatrol a MS Antispyware a zbytek vypnout. Tady neplatí "čím více, tím lépe", spíše naopak.
- Restartuj a dej sem nový log, budeme pokračovat.
P.S. Kolik máš GB Ramky? Protože ten log je síla.
G:\WINDOWS\system32\dcomcfg.exe
G:\Utility\StatBar\StatBar.exe
Červeně označený soubor najdi na disku a smaž. Pozor existuje i dcomcnfg.exe, který nemaž! Je to správný soubor, součást woken. Pak odinstaluj StatBar.
V Hijacku fixni tyto položky:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/
O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - G:\WINDOWS\system32\hpDB63.tmp
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [UpdReg] G:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] G:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] G:\Program Files\Ahead\InCD\InCD.exe
O23 - Service: Prime95 Service - Unknown owner - G:\Program Files\Prime95\prime95.exe (file missing)
G:\WINDOWS\system32\hpDB63.tmp - tento soubor také najdi a smaž.
- Stáhni si CCleaner a s jeho pomocí odstraň všechny nepotřebné soubory. Smaž všechno, co najde.
- Vypni Obnovení systému.
- Máš spuštěných strašně moc rezidentních ochran, které se spolu musí hádat - SpyBot, Spydefense, WinPatrol, MS Antispyware, TrojanHunter. Doporučuji nechat zapnuté jen WinPatrol a MS Antispyware a zbytek vypnout. Tady neplatí "čím více, tím lépe", spíše naopak.
- Restartuj a dej sem nový log, budeme pokračovat.
P.S. Kolik máš GB Ramky? Protože ten log je síla.
Znáte pravidla?
Tipy a triky ve Windows XP
Návody: HijackThis, MWAV, CCleaner (THX to mijaja)
Problémy, které chcete vyřešit pište sem do fóra. Neposílejte je emailem ani po ICQ!
Tipy a triky ve Windows XP
Návody: HijackThis, MWAV, CCleaner (THX to mijaja)
Problémy, které chcete vyřešit pište sem do fóra. Neposílejte je emailem ani po ICQ!
tak popradku
tenhle soubor je nejistej na jednu starnu by mohl byt dulezitej a na druhou Trojan.W32.RONTOKBRO mas neco spolecnyho s microsoft server nebo tak?
pak zatav tenhle proces
G:\WINDOWS\system32\dcomcfg.exe
a smaz ten sooubor =Trojan/Backdoor
pouzivas desku od gigabytu? jestli jo tak zatim nic nemaz
G:\Program Files\Gigabyte\ET5\GUI.exe = Adware.W32.Shorty.Gopher
zastav a smaz
G:\Utility\StatBar\StatBar.exe
az tohle udelas hod sem este vypis z hijacku a dokonci se to
tenhle soubor je nejistej na jednu starnu by mohl byt dulezitej a na druhou Trojan.W32.RONTOKBRO mas neco spolecnyho s microsoft server nebo tak?
pak zatav tenhle proces
G:\WINDOWS\system32\dcomcfg.exe
a smaz ten sooubor =Trojan/Backdoor
pouzivas desku od gigabytu? jestli jo tak zatim nic nemaz
G:\Program Files\Gigabyte\ET5\GUI.exe = Adware.W32.Shorty.Gopher
zastav a smaz
G:\Utility\StatBar\StatBar.exe
az tohle udelas hod sem este vypis z hijacku a dokonci se to
:)
prosím o kontrolu
Ten dcomcfg.exe nejde smazat,kdyz ho ukončím,tak se zase spustí.
Mám 1Gram :)
nový log:
Logfile of HijackThis v1.99.1
Scan saved at 11:48:54, on 14.5.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\Program Files\Ahead\InCD\InCDsrv.exe
G:\WINDOWS\system32\spoolsv.exe
G:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
G:\Program Files\Alwil Software\Avast4\ashServ.exe
G:\WINDOWS\System32\cisvc.exe
G:\WINDOWS\System32\CTsvcCDA.exe
G:\WINDOWS\System32\inetsrv\inetinfo.exe
G:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
G:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
G:\WINDOWS\System32\tcpsvcs.exe
G:\WINDOWS\System32\snmp.exe
G:\WINDOWS\System32\MsPMSPSv.exe
G:\WINDOWS\System32\mqsvc.exe
G:\WINDOWS\System32\mqtgsvc.exe
G:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
G:\Program Files\Alwil Software\Avast4\ashWebSv.exe
G:\WINDOWS\system32\cidaemon.exe
G:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\Explorer.EXE
G:\Program Files\Gigabyte\ET5\GUI.exe
G:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
G:\PROGRA~1\GENIUS~1\GNETMOUS.EXE
G:\Program Files\SWT2000\HCM.exe
G:\WINDOWS\system32\CTHELPER.EXE
G:\Program Files\Creative\SBLive\AudioHQ\AHQTBU.EXE
G:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
G:\Program Files\D-Tools\daemon.exe
G:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
G:\Program Files\ATI Technologies\ATI HydraVision\HydraMD.exe
G:\Program Files\ATI Technologies\ATI.ACE\cli.exe
G:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
G:\Program Files\Microsoft AntiSpyware\gcasServ.exe
G:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
G:\Program Files\iolo\System Mechanic 4\PopupStopper.exe
G:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
G:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
G:\WINDOWS\BricoPacks\Vista Inspirat\UberIcon\UberIcon Manager.exe
G:\WINDOWS\BricoPacks\Vista Inspirat\YzShadow\YzShadow.exe
G:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
G:\WINDOWS\system32\cidaemon.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\dcomcfg.exe
G:\Program Files\mozilla.org\Mozilla\mozilla.exe
G:\Documents and Settings\falko\Plocha\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9999
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - G:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - G:\WINDOWS\system32\hp776F.tmp
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - G:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [EasyTuneV] G:\Program Files\Gigabyte\ET5\GUI.exe
O4 - HKLM\..\Run: [VGAUtil] G:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
O4 - HKLM\..\Run: [mouseElf] G:\PROGRA~1\GENIUS~1\GNETMOUS.EXE
O4 - HKLM\..\Run: [SDM4500P] G:\Program Files\SWT2000\HCM.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] "G:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [AudioHQU] G:\Program Files\Creative\SBLive\AudioHQ\AHQTBU.EXE
O4 - HKLM\..\Run: [avast!] G:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "G:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [HydraVisionDesktopManager] G:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
O4 - HKLM\..\Run: [HydraVisionViewPort] G:\Program Files\ATI Technologies\ATI HydraVision\HydraMD.exe
O4 - HKLM\..\Run: [ATIPTA] G:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "G:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [WinPatrol] G:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [gcasServ] "G:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [System Mechanic Popup Stopper] "G:\Program Files\iolo\System Mechanic 4\PopupStopper.exe"
O4 - Startup: Stardock ObjectDock.lnk = G:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: UberIcon.lnk = G:\WINDOWS\BricoPacks\Vista Inspirat\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = G:\WINDOWS\BricoPacks\Vista Inspirat\YzShadow\YzShadow.exe
O4 - Startup: Y'z ToolBar.lnk = G:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O4 - Global Startup: Hlavní panel ATI CATALYST.lnk = G:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://G:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Stáhnout Free Download Managerem - file://G:\Utility\Free Download Manager\dllink.htm
O8 - Extra context menu item: Stáhnout vybrané Free Download Managerem - file://G:\Utility\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Stáhnout vše Free Download Managerem - file://G:\Utility\Free Download Manager\dlall.htm
O8 - Extra context menu item: Stáhnout webovou stránku Free Download Managerem - file://G:\Utility\Free Download Manager\dlpage.htm
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - G:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - G:\Program Files\ICQLite\ICQLite.exe
O12 - Plugin for .spop: G:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - G:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - G:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - G:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - G:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - G:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - G:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - G:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - G:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - G:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - G:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - G:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
Mám 1Gram :)
nový log:
Logfile of HijackThis v1.99.1
Scan saved at 11:48:54, on 14.5.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\Program Files\Ahead\InCD\InCDsrv.exe
G:\WINDOWS\system32\spoolsv.exe
G:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
G:\Program Files\Alwil Software\Avast4\ashServ.exe
G:\WINDOWS\System32\cisvc.exe
G:\WINDOWS\System32\CTsvcCDA.exe
G:\WINDOWS\System32\inetsrv\inetinfo.exe
G:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
G:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
G:\WINDOWS\System32\tcpsvcs.exe
G:\WINDOWS\System32\snmp.exe
G:\WINDOWS\System32\MsPMSPSv.exe
G:\WINDOWS\System32\mqsvc.exe
G:\WINDOWS\System32\mqtgsvc.exe
G:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
G:\Program Files\Alwil Software\Avast4\ashWebSv.exe
G:\WINDOWS\system32\cidaemon.exe
G:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\Explorer.EXE
G:\Program Files\Gigabyte\ET5\GUI.exe
G:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
G:\PROGRA~1\GENIUS~1\GNETMOUS.EXE
G:\Program Files\SWT2000\HCM.exe
G:\WINDOWS\system32\CTHELPER.EXE
G:\Program Files\Creative\SBLive\AudioHQ\AHQTBU.EXE
G:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
G:\Program Files\D-Tools\daemon.exe
G:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
G:\Program Files\ATI Technologies\ATI HydraVision\HydraMD.exe
G:\Program Files\ATI Technologies\ATI.ACE\cli.exe
G:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
G:\Program Files\Microsoft AntiSpyware\gcasServ.exe
G:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
G:\Program Files\iolo\System Mechanic 4\PopupStopper.exe
G:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
G:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
G:\WINDOWS\BricoPacks\Vista Inspirat\UberIcon\UberIcon Manager.exe
G:\WINDOWS\BricoPacks\Vista Inspirat\YzShadow\YzShadow.exe
G:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
G:\WINDOWS\system32\cidaemon.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\dcomcfg.exe
G:\Program Files\mozilla.org\Mozilla\mozilla.exe
G:\Documents and Settings\falko\Plocha\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9999
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - G:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - G:\WINDOWS\system32\hp776F.tmp
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - G:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [EasyTuneV] G:\Program Files\Gigabyte\ET5\GUI.exe
O4 - HKLM\..\Run: [VGAUtil] G:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
O4 - HKLM\..\Run: [mouseElf] G:\PROGRA~1\GENIUS~1\GNETMOUS.EXE
O4 - HKLM\..\Run: [SDM4500P] G:\Program Files\SWT2000\HCM.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] "G:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [AudioHQU] G:\Program Files\Creative\SBLive\AudioHQ\AHQTBU.EXE
O4 - HKLM\..\Run: [avast!] G:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "G:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [HydraVisionDesktopManager] G:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
O4 - HKLM\..\Run: [HydraVisionViewPort] G:\Program Files\ATI Technologies\ATI HydraVision\HydraMD.exe
O4 - HKLM\..\Run: [ATIPTA] G:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "G:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [WinPatrol] G:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [gcasServ] "G:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [System Mechanic Popup Stopper] "G:\Program Files\iolo\System Mechanic 4\PopupStopper.exe"
O4 - Startup: Stardock ObjectDock.lnk = G:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: UberIcon.lnk = G:\WINDOWS\BricoPacks\Vista Inspirat\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = G:\WINDOWS\BricoPacks\Vista Inspirat\YzShadow\YzShadow.exe
O4 - Startup: Y'z ToolBar.lnk = G:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O4 - Global Startup: Hlavní panel ATI CATALYST.lnk = G:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://G:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Stáhnout Free Download Managerem - file://G:\Utility\Free Download Manager\dllink.htm
O8 - Extra context menu item: Stáhnout vybrané Free Download Managerem - file://G:\Utility\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Stáhnout vše Free Download Managerem - file://G:\Utility\Free Download Manager\dlall.htm
O8 - Extra context menu item: Stáhnout webovou stránku Free Download Managerem - file://G:\Utility\Free Download Manager\dlpage.htm
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - G:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - G:\Program Files\ICQLite\ICQLite.exe
O12 - Plugin for .spop: G:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - G:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - G:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - G:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - G:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - G:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - G:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - G:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - G:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - G:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - G:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - G:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
-
mijaja
- Tvůrce článků
-
Level 6.5
- Příspěvky: 4136
- Registrován: září 05
- Bydliště: Zlín
- Pohlaví:
- Stav:
Offline
- Kontakt:
Tak jinak. Stáhni si NnCleaner, a aplikuj jej v NOUZOVÉM režimu. On ti toho šmejda odstraní a komp už se snadněji dočistí.
Potom dej nový log.
Potom dej nový log.
-
mijaja
- Tvůrce článků
-
Level 6.5
- Příspěvky: 4136
- Registrován: září 05
- Bydliště: Zlín
- Pohlaví:
- Stav:
Offline
- Kontakt:
Děláš to v nouzáku? Jsi odpojený od internetu? Nespouštěj žádné prohlížeče stránek!
Vypni před restartem Obnovu systému. Je možné, že se ten šmejd z ní neustále obnovuje.
Až skončíš, mohl bys sem po vyčištění CCleanerem dát upravený log z MWAVu ( už z normálního režimu)
Vypni před restartem Obnovu systému. Je možné, že se ten šmejd z ní neustále obnovuje.
Až skončíš, mohl bys sem po vyčištění CCleanerem dát upravený log z MWAVu ( už z normálního režimu)
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 6 hostů