PC-HELP.CZ

České diskuzní fórum o počítačích
https://pc-help.cnews.cz/

Win32:Small-gen2

https://pc-help.cnews.cz/viewtopic.php?f=47&t=7406

Stránka 1 z 2

Win32:Small-gen2

Napsal: 03 zář 2006 21:57
od mato
Nazdar

Vzdy po starte windowsu mi avast hlasi Win32:Small-gen2 najdeny v zlozke TEMP ako subor tmp1.tmp, vzdy ho necham odstranit alebo poslat do truhly ale to nepomaha. Vzdy po starte mi to aj tak zobrazi.

Tu je moj log z hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 21:46:34, on 3.9.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\Program Files\ICQLite\ICQLite.exe
E:\Program Files\Winamp\winampa.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
E:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
E:\Program Files\ACD Systems\ImageFox\ImageFox.exe
E:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Kryha\IManager1_0\imanager.exe
C:\totalcmd\TOTALCMD.EXE
E:\WINDOWS\system32\notepad.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - E:\Program

Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat

7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - E:\Program Files\Xi\NetTransport

2\NTIEHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program

Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [yaemu.exe] E:\WINDOWS\system32\yaemu.exe
O4 - HKLM\..\Run: [ICQ Lite] E:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ATICCC] "E:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] E:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] E:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ImageFox.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = E:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: MSWin.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel -

res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save F&lash with FlashCapture - res://E:\Program

Files\FlashCapture\fciext.dll/FCIEXT.htm
O8 - Extra context menu item: Stiahni položku pomocou Net Transport - E:\Program Files\Xi\NetTransport

2\NTAddLink.html
O8 - Extra context menu item: Stiahni všetky položky cez Net Transport - E:\Program Files\Xi\NetTransport

2\NTAddList.html
O9 - Extra button: FlashCapture - {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD} - E:\Program Files\FlashCapture\fciext.dll
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Program

Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (file

missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program

Files\Messenger\msmsgs.exe (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{30746A4B-E720-48B4-8F73-B49F25DA52DD}: NameServer =

85.255.115.52,85.255.112.85
O17 - HKLM\System\CCS\Services\Tcpip\..\{43B95B0D-B90E-489E-A33D-53823C8A3C4B}: NameServer =

85.255.115.52,85.255.112.85
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Program Files\Alwil

Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service

(file missing)
O23 - Service: avast! Web Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service

(file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common

Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - E:\Program Files\Alcohol

Soft\Alcohol 120\StarWind\StarWindService.exe


vdaka za odpoved

Napsal: 04 zář 2006 13:22
od Marinus
Vypadá to, že tam máš adware Wareout.

Pro začátek zafixuj:

O1 - Hosts: localhost 127.0.0.1
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [yaemu.exe] E:\WINDOWS\system32\yaemu.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

Potom aplikuj Fixwareout - návod tady + vlož sem taky jeho log

Napsal: 06 zář 2006 16:12
od mato
Nazdar

tu je log z fixwareout:


Fixwareout ver 1.003
Last edited 8/11/2006
Post this report in the forums please

Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\repiwoh
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\putesprpgd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\lavinraCputeS
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ypszr
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\daolnwodi
...

Random Runs removed from HKLM
...

PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»» Searching by size/names...

»»»»»
Search five digit cs, dm and jb files.
This WILL/CAN also list Legit Files, Submit them at Virustotal

Other suspects.
Directory of E:\WINDOWS\system32

»»»»» Misc files.

»»»»» Checking for older varients covered by the Rem3 tool.

Napsal: 06 zář 2006 19:41
od Marinus
Ten log vypadá dobře, ještě sem vlož nový log z HijackThis.

Napsal: 06 zář 2006 21:36
od mato
tak tu je log z hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 21:34:57, on 6.9.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\Program Files\Winamp\winampa.exe
E:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
E:\Program Files\ACD Systems\ImageFox\ImageFox.exe
E:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
E:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\WINDOWS\System32\svchost.exe
C:\totalcmd\TOTALCMD.EXE
E:\Program Files\ACD Systems\ACDSee\ACDSee.exe
E:\Program Files\ICQLite\ICQLite.exe
E:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - E:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ICQ Lite] E:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ATICCC] "E:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [yaemu.exe] E:\WINDOWS\system32\yaemu.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] E:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] E:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ImageFox.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = E:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: MSWin.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save F&lash with FlashCapture - res://E:\Program Files\FlashCapture\fciext.dll/FCIEXT.htm
O8 - Extra context menu item: Stiahni položku pomocou Net Transport - E:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Stiahni všetky položky cez Net Transport - E:\Program Files\Xi\NetTransport 2\NTAddList.html
O9 - Extra button: FlashCapture - {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD} - E:\Program Files\FlashCapture\fciext.dll
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{30746A4B-E720-48B4-8F73-B49F25DA52DD}: NameServer = 85.255.115.52,85.255.112.85
O17 - HKLM\System\CCS\Services\Tcpip\..\{43B95B0D-B90E-489E-A33D-53823C8A3C4B}: NameServer = 85.255.115.52,85.255.112.85
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Napsal: 06 zář 2006 21:59
od Marinus
Zafixuj:

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O4 - HKLM\..\Run: [yaemu.exe] E:\WINDOWS\system32\yaemu.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - Global Startup: MSWin.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{30746A4B-E720-48B4-8F73-B49F25DA52DD}: NameServer = 85.255.115.52,85.255.112.85
O17 - HKLM\System\CCS\Services\Tcpip\..\{43B95B0D-B90E-489E-A33D-53823C8A3C4B}: NameServer = 85.255.115.52,85.255.112.85

+ po fixnutí restartni počítač

- Po restartu si nastav internetové připojení skrz Start - Nastavení - Ovládací panely - Síťová připojení - Připojení k místní síti - Vlastnosti - Protokol sítě Internet (TCP/IP) - Vlastnosti
- Tam zvol Získat adresu IP ze serveru DHCP automaticky a Získat adresu serveru DNS automaticky; jestli používáš pevnou IP, tak do těch kolonek zadej údaje od poskytovatele internetu

Postni nový log a napiš, jak počítač běží.

Napsal: 07 zář 2006 22:26
od mato
cau

IP adresu a DNS mam nastavit nanovo (aj ked ich mam nastavene) - mam ich vymazat a napisat znovu?

Nestaci iba fixnut a restartnut?

Napsal: 08 zář 2006 06:24
od Marinus
Podle posledního HijackThis logu bys tam měl mít nastavené 85.255.115.52 a 85.255.112.85. Jestli používáš přednastavenou, budeš jí tam muset doplnit, pokud automatickou, stačí fixnout a restartovat počítač.

Napsal: 08 zář 2006 14:57
od mato
cau

tu je novy log z hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 14:44:02, on 8.9.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\Program Files\ICQLite\ICQLite.exe
E:\Program Files\Winamp\winampa.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
E:\Program Files\ACD Systems\ImageFox\ImageFox.exe
E:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\Program Files\Winamp\winamp.exe
C:\totalcmd\TOTALCMD.EXE
c:\hijackthis\HijackThis.exe
E:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - E:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ICQ Lite] E:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ATICCC] "E:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [yaemu.exe] E:\WINDOWS\system32\yaemu.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] E:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ImageFox.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = E:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: MSWin.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save F&lash with FlashCapture - res://E:\Program Files\FlashCapture\fciext.dll/FCIEXT.htm
O8 - Extra context menu item: Stiahni položku pomocou Net Transport - E:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Stiahni všetky položky cez Net Transport - E:\Program Files\Xi\NetTransport 2\NTAddList.html
O9 - Extra button: FlashCapture - {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD} - E:\Program Files\FlashCapture\fciext.dll
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{30746A4B-E720-48B4-8F73-B49F25DA52DD}: NameServer = 85.255.115.52,85.255.112.85
O17 - HKLM\System\CCS\Services\Tcpip\..\{43B95B0D-B90E-489E-A33D-53823C8A3C4B}: NameServer = 85.255.115.52,85.255.112.85
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

po restartovani mi hlasenie o viruse nenabehlo, ale este predtym ako som vobec nieco fixol v hijackthis, mam taku skusenost, ze ak som vymazal cely temp - tak mi hlasenie neukazalo, ale ak tam nieco bolo tak vtedy mi po nabehnuti windowsu vybehlo hlasenie o viruse.

Napsal: 08 zář 2006 15:43
od Marinus
Fixni znovu v HijackThis:

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O4 - HKLM\..\Run: [yaemu.exe] E:\WINDOWS\system32\yaemu.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - Global Startup: MSWin.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{30746A4B-E720-48B4-8F73-B49F25DA52DD}: NameServer = 85.255.115.52,85.255.112.85
O17 - HKLM\System\CCS\Services\Tcpip\..\{43B95B0D-B90E-489E-A33D-53823C8A3C4B}: NameServer = 85.255.115.52,85.255.112.85

+ Po fixnutí musí následovat restart počítače

Potom znova nový HijackThis log.

Napsal: 08 zář 2006 19:35
od mato
ja som po fixnuti pocitac restartoval.

Po fixnuti mi po nabehnuti windowsu spybot hlasi ze nastala dolezita zmena v registroch a ci chcem povolit zmenu - vypisujeme mi to pri kernel a yaemu.exe. Mam to povolit alebo nie?

Napsal: 08 zář 2006 20:12
od Marinus
Omlouvám se Ti - ano, povol změnu :oops: Pokud se tam některé položky z těch, které mají být fixnuty objeví znovu, ukonči TeaTimer přes správce úloh, zafixuj a zase restartuj počítač. To by to mělo vyřešit. A potom už vlož jen ten HijackThis log.
Časové pásmo: UTC+02:00
Stránka 1 z 2
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/