prosím o kontrolu logu

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

kokos
nováček
Příspěvky: 2
Registrován: červen 06
Pohlaví: Nespecifikováno
Stav:
Offline

prosím o kontrolu logu

Příspěvekod kokos » 08 čer 2006 13:30

Mám problém, se kterým si nevím rady.
Vždy když chci spustit ikonu Tento počítač, objeví se hláška, že v aplikaci explorer.exe došlo k chybě a aplikace bude ukončena. Poté na cca 5 vteřin zmizí úplně vše a po této době dojde opět k přerovnání ikon na ploše. Nevím si s tím rady, zkoušel jsem kdeco.
Zde je pro kontrolu log z Hijacku.
Pokud budete někdo vědět co s tím, poraďte.
Děkuji

Logfile of HijackThis v1.99.1
Scan saved at 15:19:12, on 7.6.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\Explorer.EXE
C:\WINXP\system32\spoolsv.exe
C:\WINXP\Mixer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Winamp\Winampa.exe
C:\PROGRA~2\ALWILS~1\AVAST32\AvMaiSrv.exe
C:\WINXP\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~2\ALWILS~1\AVAST32\avServer.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~2\ALWILS~1\AVAST32\avupdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINXP\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINXP\system32\wuauclt.exe
F:\SW\systém\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINXP\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [AvMaiSrv] C:\PROGRA~2\ALWILS~1\AVAST32\AvMaiSrv.exe
O4 - HKLM\..\Run: [Avast32] C:\PROGRA~2\ALWILS~1\AVAST32\ASTART32.EXE /keepserver
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINXP\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kaspersky Anti-Virus Monitor.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Lite Pocitac Pro Kazdeho Edition\AvpM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{C411EA81-D9F9-403A-826B-92CE92D47376}: NameServer = 212.158.128.2,212.158.128.3
O20 - Winlogon Notify: WgaLogon - C:\WINXP\SYSTEM32\WgaLogon.dll
O23 - Service: Avast32 Start as Service - ALWIL Software - C:\Program Files\ALWIL Software\AVAST32\avserver.exe
O23 - Service: AvUpdSvc - ALWIL Software - C:\PROGRA~2\ALWILS~1\AVAST32\avupdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KAV Monitor Service (KAVMonitorService) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Lite Pocitac Pro Kazdeho Edition\avpm.exe" /Service (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINXP\system32\HPZipm12.exe

Reklama
Uživatelský avatar
mijaja
Tvůrce článků
Level 6.5
Level 6.5
Příspěvky: 4136
Registrován: září 05
Bydliště: Zlín
Pohlaví: Muž
Stav:
Offline
Kontakt:

Příspěvekod mijaja » 08 čer 2006 15:05

V logu není žádný aktivní šmejd. Zkus sem poslat upravený log z MWAVu podle návodu v mém podpisu. Předtím ale projeď komp CCleanerem.

kokos
nováček
Příspěvky: 2
Registrován: červen 06
Pohlaví: Nespecifikováno
Stav:
Offline

log z MWAV

Příspěvekod kokos » 13 čer 2006 07:44

Zasílám podle návodu upravený log z MWAV. Před jeho vytvořením jsem projel PC CCleanerem.
Problém s padáním explorer.exe stále přetrvává, nicméně PC se mírně zrychlilo.

Mon Jun 12 15:47:26 2006 => System found infected with whenu.ucontrol Spyware/Adware

({cb8acef9-1085-4b47-b969-963e56aa9543})! Action taken: No Action Taken.

Mon Jun 12 15:47:26 2006 => System found infected with yoursitebar Spyware/Adware ({86227d9c-0efe-4f8a-aa55-30386a3f5686})!

Action taken: No Action Taken.

Mon Jun 12 15:48:19 2006 => System found infected with yoursitebar Spyware/Adware ({4ee12b71-aa5e-45ec-8666-2db3ad3fdf44})!

Action taken: No Action Taken.

Mon Jun 12 15:48:19 2006 => System found infected with yoursitebar Spyware/Adware ({03b800f9-2536-4441-8cda-2a3e6d15b4f8})!

Action taken: No Action Taken.

Mon Jun 12 15:48:20 2006 => System found infected with yoursitebar Spyware/Adware ({dfbcc1eb-b149-487e-80c1-cc1562021542})!

Action taken: No Action Taken.

Mon Jun 12 15:48:21 2006 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\uninstall\instant access !!!
Mon Jun 12 15:48:21 2006 => Object "egroup Spyware/Adware" found in File System! Action Taken: No Action Taken.

Mon Jun 12 15:48:21 2006 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\uninstall\yoursitebar !!!
Mon Jun 12 15:48:21 2006 => Object "yoursitebar Spyware/Adware" found in File System! Action Taken: No Action Taken.

Mon Jun 12 15:48:21 2006 => Offending Key found: HKLM\Software\ucontrol !!!
Mon Jun 12 15:48:21 2006 => Object "whenu.ucontrol Spyware/Adware" found in File System! Action Taken: No Action Taken.

Mon Jun 12 15:48:21 2006 => Offending Key found: HKLM\Software\whenusearch !!!
Mon Jun 12 15:48:21 2006 => Object "whenu/search Spyware/Adware" found in File System! Action Taken: No Action Taken.

Mon Jun 12 15:48:21 2006 => Offending Key found: HKLM\Software\yoursitebar !!!
Mon Jun 12 15:48:21 2006 => Object "yoursitebar Spyware/Adware" found in File System! Action Taken: No Action Taken.

Mon Jun 12 15:48:21 2006 => Offending Key found: HKCU\Software\egdhtml !!!
Mon Jun 12 15:48:21 2006 => Object "egroup Spyware/Adware" found in File System! Action Taken: No Action Taken.

Mon Jun 12 15:48:21 2006 => Offending Key found: HKCU\Software\ist !!!
Mon Jun 12 15:48:21 2006 => Object "istbar Spyware/Adware" found in File System! Action Taken: No Action Taken.

Mon Jun 12 15:48:21 2006 => Offending Key found: HKCU\software\microsoft\windows\currentversion\explorer\menuorder\start

menu\programs\whenusearch !!!
Mon Jun 12 15:48:21 2006 => Object "whenu/search Spyware/Adware" found in File System! Action Taken: No Action Taken.

Mon Jun 12 15:48:21 2006 => Offending Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start

Menu\Programs\whenusearch !!!
Mon Jun 12 15:48:21 2006 => Object "whenu/search Spyware/Adware" found in File System! Action Taken: No Action Taken.

Mon Jun 12 15:48:22 2006 => Offending Folder found: C:\Program Files\instant access
Mon Jun 12 15:48:22 2006 => Object "egroup Spyware/Adware" found in File System! Action Taken: No Action Taken.

Mon Jun 12 15:48:22 2006 => Offending Folder found: C:\Program Files\istsvc
Mon Jun 12 15:48:22 2006 => Object "istbar Spyware/Adware" found in File System! Action Taken: No Action Taken.

Mon Jun 12 15:48:22 2006 => Offending Folder found: C:\Program Files\whenusearch
Mon Jun 12 15:48:22 2006 => Object "whenu/search Spyware/Adware" found in File System! Action Taken: No Action Taken.

Mon Jun 12 15:48:22 2006 => Offending Folder found: C:\Program Files\yoursitebar
Mon Jun 12 15:48:22 2006 => Object "yoursitebar Spyware/Adware" found in File System! Action Taken: No Action Taken.

Mon Jun 12 15:48:22 2006 => Offending Folder found: C:\Program Files\Common Files\ucontrol
Mon Jun 12 15:48:22 2006 => Object "whenu.ucontrol Spyware/Adware" found in File System! Action Taken: No Action Taken.

Mon Jun 12 15:48:22 2006 => Offending Folder found: C:\Program Files\Common Files\whenu
Mon Jun 12 15:48:22 2006 => Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.

Mon Jun 12 15:48:23 2006 => Offending file found: C:\Documents and Settings\user\Oblíbené položky\fun & games\betting.lnk
Mon Jun 12 15:48:23 2006 => System found infected with isearchtech.sidefind Adware (betting.lnk)! Action taken: No Action

Taken.

Mon Jun 12 15:48:23 2006 => Offending file found: C:\Documents and Settings\user\Oblíbené položky\fun & games\casino

palace.lnk
Mon Jun 12 15:48:23 2006 => System found infected with isearchtech.sidefind Adware (casino palace.lnk)! Action taken: No

Action Taken.

Mon Jun 12 15:48:23 2006 => Offending file found: C:\Documents and Settings\user\Oblíbené položky\fun & games\casino.lnk
Mon Jun 12 15:48:23 2006 => System found infected with isearchtech.sidefind Adware (casino.lnk)! Action taken: No Action

Taken.

Mon Jun 12 15:48:23 2006 => Offending file found: C:\Documents and Settings\user\Oblíbené položky\fun & games\games.lnk
Mon Jun 12 15:48:23 2006 => System found infected with hotbar Spyware/Adware (games.lnk)! Action taken: No Action Taken.

Mon Jun 12 15:48:23 2006 => Offending file found: C:\Documents and Settings\user\Oblíbené položky\fun & games\horoscope.lnk
Mon Jun 12 15:48:23 2006 => System found infected with isearchtech.sidefind Adware (horoscope.lnk)! Action taken: No Action

Taken.

Mon Jun 12 15:48:23 2006 => Offending Folder found: C:\Documents and Settings\user\Oblíbené položky\going places
Mon Jun 12 15:48:23 2006 => Object "yoursitebar Spyware/Adware" found in File System! Action Taken: No Action Taken.

Mon Jun 12 15:48:23 2006 => Offending file found: C:\Documents and Settings\user\Oblíbené položky\shop\auctions.lnk
Mon Jun 12 15:48:23 2006 => System found infected with isearchtech.sidefind Adware (auctions.lnk)! Action taken: No Action

Taken.

Mon Jun 12 15:48:23 2006 => Offending file found: C:\Documents and Settings\user\Oblíbené položky\shop\online store.lnk
Mon Jun 12 15:48:23 2006 => System found infected with isearchtech.sidefind Adware (online store.lnk)! Action taken: No

Action Taken.

Mon Jun 12 15:48:23 2006 => Offending file found: C:\Documents and Settings\user\Oblíbené položky\shop\perfume.lnk
Mon Jun 12 15:48:23 2006 => System found infected with isearchtech.sidefind Adware (perfume.lnk)! Action taken: No Action

Taken.

Mon Jun 12 15:48:23 2006 => Offending file found: C:\Documents and Settings\user\Oblíbené položky\shop\sleepwear.lnk
Mon Jun 12 15:48:23 2006 => System found infected with isearchtech.sidefind Adware (sleepwear.lnk)! Action taken: No Action

Taken.

Mon Jun 12 15:48:25 2006 => Offending file found: C:\Documents and Settings\user\Dokumenty\ládík\hry\icytower\uninstal.exe
Mon Jun 12 15:48:25 2006 => System found infected with thelocalsearch Spyware/Adware (uninstal.exe)! Action taken: No Action

Taken.

Mon Jun 12 15:48:27 2006 => Offending file found: C:\Documents and Settings\user\Dokumenty\ládík\hry\xo\xo.exe
Mon Jun 12 15:48:27 2006 => System found infected with media pass Spyware/Adware (xo.exe)! Action taken: No Action Taken.

Mon Jun 12 15:48:29 2006 => Offending Folder found: C:\Documents and Settings\user\Nabídka Start\programy\whenusearch
Mon Jun 12 15:48:29 2006 => Object "whenu/search Spyware/Adware" found in File System! Action Taken: No Action Taken.

Mon Jun 12 15:48:29 2006 => Offending Folder found: C:\Documents and Settings\user\Nabídka Start\Programy\whenusearch
Mon Jun 12 15:48:29 2006 => Object "whenu/search Spyware/Adware" found in File System! Action Taken: No Action Taken.

Mon Jun 12 15:48:30 2006 => Offending Folder found: C:\Documents and Settings\All Users\Data

aplikací\cyberlink\powerdvd\ipower\images\hd
Mon Jun 12 15:48:30 2006 => Object "wareout Adware" found in File System! Action Taken: No Action Taken.

Mon Jun 12 15:48:33 2006 => Offending file found: C:\Documents and Settings\user\Dokumenty\ládík\hry\icytower\uninstal.exe
Mon Jun 12 15:48:33 2006 => System found infected with thelocalsearch Spyware/Adware (uninstal.exe)! Action taken: No Action

Taken.

Mon Jun 12 15:48:33 2006 => Offending file found: C:\Documents and Settings\user\Dokumenty\ládík\hry\xo\xo.exe
Mon Jun 12 15:48:33 2006 => System found infected with media pass Spyware/Adware (xo.exe)! Action taken: No Action Taken.

Mon Jun 12 15:54:10 2006 => File C:\Documents and Settings\user\Dokumenty\ládík\Filmy\volcanofree.exe tagged as

"not-a-virus:AdWare.Win32.SaveNow.z". Action Taken: No Action Taken.

Mon Jun 12 15:59:37 2006 => File C:\profily\oem\Local Settings\Temp\djtopr1150.exe tagged as

"not-a-virus:AdWare.Win32.WebRebates.g". Action Taken: No Action Taken.

Mon Jun 12 16:51:25 2006 => File C:\Program Files_old\NewDotNet\newdotnet6_38.dll tagged as

"not-a-virus:AdWare.Win32.NewDotNet". Action Taken: No Action Taken.

Mon Jun 12 16:51:25 2006 => File C:\Program Files_old\NewDotNet\uninstall6_38.exe tagged as

"not-a-virus:AdWare.Win32.NewDotNet". Action Taken: No Action Taken.

Mon Jun 12 16:52:26 2006 => File C:\temp\WebRebates_Auto_InstallSilent_Euro.exe tagged as

"not-a-virus:AdWare.Win32.WebRebates.g". Action Taken: No Action Taken.

Mon Jun 12 17:03:17 2006 => File C:\WINXP\NDNuninstall6_38.exe tagged as "not-a-virus:AdWare.Win32.NewDotNet". Action Taken:

No Action Taken.

Mon Jun 12 17:03:17 2006 => Scanning File C:\WINXP\NDNuninstall6_90.exe
Mon Jun 12 17:03:17 2006 => File C:\WINXP\NDNuninstall6_90.exe tagged as "not-a-virus:AdWare.Win32.NewDotNet.e". Action

Taken: No Action Taken.

Mon Jun 12 17:03:18 2006 => Scanning File C:\WINXP\NDNuninstall6_98.exe
Mon Jun 12 17:03:18 2006 => File C:\WINXP\NDNuninstall6_98.exe tagged as "not-a-virus:AdWare.Win32.NewDotNet.e". Action

Taken: No Action Taken.

Mon Jun 12 17:03:18 2006 => Scanning File C:\WINXP\NDNuninstall7_14.exe
Mon Jun 12 17:03:18 2006 => File C:\WINXP\NDNuninstall7_14.exe tagged as "not-a-virus:AdWare.Win32.NewDotNet.e". Action

Taken: No Action Taken.

Mon Jun 12 17:03:18 2006 => Scanning File C:\WINXP\NDNuninstall7_22.exe
Mon Jun 12 17:03:18 2006 => File C:\WINXP\NDNuninstall7_22.exe tagged as "not-a-virus:AdWare.Win32.NewDotNet.e". Action

Taken: No Action Taken.

Mon Jun 12 17:12:15 2006 => File C:\WINXP\system32\rlls.dll tagged as "not-a-virus:AdWare.Win32.RK.a". Action Taken: No

Action Taken.

Mon Jun 12 15:48:38 2006 => File C:\WINXP\iaccess32.exe tagged as "not-a-virus:Porn-Dialer.Win32.EgroupDial.w". Action Taken:

No Action Taken.

Mon Jun 12 15:48:39 2006 => File C:\WINXP\NDNuninstall6_38.exe tagged as "not-a-virus:AdWare.Win32.NewDotNet". Action Taken:

No Action Taken.

Mon Jun 12 15:48:39 2006 => Scanning File C:\WINXP\NDNuninstall6_90.exe
Mon Jun 12 15:48:39 2006 => File C:\WINXP\NDNuninstall6_90.exe tagged as "not-a-virus:AdWare.Win32.NewDotNet.e". Action

Taken: No Action Taken.

Mon Jun 12 15:48:39 2006 => Scanning File C:\WINXP\NDNuninstall6_98.exe
Mon Jun 12 15:48:39 2006 => File C:\WINXP\NDNuninstall6_98.exe tagged as "not-a-virus:AdWare.Win32.NewDotNet.e". Action

Taken: No Action Taken.

Mon Jun 12 15:48:39 2006 => Scanning File C:\WINXP\NDNuninstall7_14.exe
Mon Jun 12 15:48:39 2006 => File C:\WINXP\NDNuninstall7_14.exe tagged as "not-a-virus:AdWare.Win32.NewDotNet.e". Action

Taken: No Action Taken.

Mon Jun 12 15:48:39 2006 => Scanning File C:\WINXP\NDNuninstall7_22.exe
Mon Jun 12 15:48:39 2006 => File C:\WINXP\NDNuninstall7_22.exe tagged as "not-a-virus:AdWare.Win32.NewDotNet.e". Action

Taken: No Action Taken.

Mon Jun 12 15:49:13 2006 => File C:\WINXP\system32\egaccess4_1062.dll tagged as "not-a-virus:Porn-Dialer.Win32.EgroupDial.w".

Action Taken: No Action Taken.

Mon Jun 12 15:50:20 2006 => File C:\WINXP\system32\rlls.dll tagged as "not-a-virus:AdWare.Win32.RK.a". Action Taken: No

Action Taken.

Mon Jun 12 15:59:27 2006 => File C:\profily\oem\Dokumenty\install.exe infected by "Backdoor.Win32.Robobot.a" Virus! Action

Taken: No Action Taken.

Mon Jun 12 15:59:37 2006 => File C:\profily\oem\Local Settings\Temp\djtopr1150.exe tagged as

"not-a-virus:AdWare.Win32.WebRebates.g". Action Taken: No Action Taken.

Mon Jun 12 16:01:03 2006 => File C:\profily\oem\Local Settings\Temporary Internet Files\Content.IE5\0LY7C96N\prf[1].htm

infected by "Exploit.VBS.Phel" Virus! Action Taken: No Action Taken.

Mon Jun 12 16:03:46 2006 => File C:\profily\oem\Local Settings\Temporary Internet Files\Content.IE5\6HH6NU1W\1[1].htm

infected by "Exploit.VBS.Phel.f" Virus! Action Taken: No Action Taken.

Mon Jun 12 16:20:28 2006 => File C:\profily\oem\Local Settings\Temporary Internet Files\Content.IE5\WEK7Z5SX\strsp2[1].js

infected by "Trojan-Downloader.JS.Psyme.bh" Virus! Action Taken: No Action Taken.

Mon Jun 12 16:33:31 2006 => File C:\Program Files\Instant Access\Multi\20060527120555\instant access.exe tagged as

"not-a-virus:Porn-Dialer.Win32.EgroupDial.w". Action Taken: No Action Taken.

Mon Jun 12 17:01:37 2006 => File C:\WINXP\iaccess32.exe tagged as "not-a-virus:Porn-Dialer.Win32.EgroupDial.w". Action Taken:

No Action Taken.

Mon Jun 12 17:10:54 2006 => File C:\WINXP\system32\egaccess4_1062.dll tagged as "not-a-virus:Porn-Dialer.Win32.EgroupDial.w".

Action Taken: No Action Taken.



Mon Jun 12 17:13:27 2006 => ***** Scanning complete. *****

Mon Jun 12 17:13:27 2006 => Total Objects Scanned: 82803
Mon Jun 12 17:13:27 2006 => Total Critical Objects: 64
Mon Jun 12 17:13:27 2006 => Total Disinfected Objects: 0
Mon Jun 12 17:13:27 2006 => Total Objects Renamed: 0
Mon Jun 12 17:13:27 2006 => Total Deleted Objects: 0
Mon Jun 12 17:13:27 2006 => Total Errors: 8
Mon Jun 12 17:13:27 2006 => Time Elapsed: 01:26:53
Mon Jun 12 17:13:27 2006 => Virus Database Date: 6/12/2006
Mon Jun 12 17:13:27 2006 => Virus Database Count: 199975

Mon Jun 12 17:13:27 2006 => Scan Completed.

Uživatelský avatar
mikel
Level 5
Level 5
Příspěvky: 2298
Registrován: květen 05
Bydliště: Karviná
Pohlaví: Muž
Stav:
Offline

Příspěvekod mikel » 13 čer 2006 09:05

No máš tam toho požehnaně. Nejdříve si to zkopíruj do textového souboru nebo vytiskni a odpoj internet (nejlépe i kabel). Pak postupuj takto:

1. Odinstaluj přes Přidat/Odebrat programy toto:
C:\Program Files\instant access
C:\Program Files\istsvc
C:\Program Files\whenusearch
C:\Program Files\yoursitebar
C:\Program Files_old\NewDotNet - jestli tam bude, protože to je v Program Files_old ???

2. Najdi a smaž na disku tyto soubory:
C:\Documents and Settings\user\Oblíbené položky\fun & games\betting.lnk
C:\Documents and Settings\user\Oblíbené položky\fun & games\casino palace.lnk
C:\Documents and Settings\user\Oblíbené položky\fun & games\casino.lnk
C:\Documents and Settings\user\Oblíbené položky\fun & games\games.lnk
C:\Documents and Settings\user\Oblíbené položky\fun & games\horoscope.lnk
- zřejmě celý adresář fun & games je plný adwaru, takže nejlepší by bylo smazat celý adresář.
C:\Documents and Settings\user\Oblíbené položky\going places
C:\Documents and Settings\user\Oblíbené položky\shop\auctions.lnk
C:\Documents and Settings\user\Oblíbené položky\shop\online store.lnk
C:\Documents and Settings\user\Oblíbené položky\shop\perfume.lnk
C:\Documents and Settings\user\Oblíbené položky\shop\sleepwear.lnk
- zase zřejmě celý adresář shop je plný adwarových linků, takže nejlepší by bylo smazat celý adresář.
C:\Documents and Settings\user\Dokumenty\ládík\Filmy\volcanofree.exe
C:\temp\WebRebates_Auto_InstallSilent_Euro.exe
C:\WINXP\system32\rlls.dll
C:\WINXP\iaccess32.exe
C:\WINXP\system32\egaccess4_1062.dll
C:\profily\oem\Dokumenty\install.exe

3. V adresáři C:\Documents and Settings\user\Dokumenty\ládík\hry\ máš nainstalovány zřejmě hry, které bys měl odinstalovat:
icytower
xo


4. Jestli se ti předtím podařilo odinstalovat NewDotNet, tak ještě smaž všechny podobné soubory:
C:\WINXP\NDNuninstallXXXX.exe


Pak musíš použít znova CCleaner, Vyčištění disku a nakonec ručně smazat veškerý obsah těchto adresářů:
C:\profily\oem\Local Settings\Temp\
C:\profily\oem\Local Settings\Temporary Internet Files\

Vypni Obnovení systému a restartuj.

Vygeneruj nový log z MWAV a dej ho sem, podíváme se, co věechno tam zbylo po odinstalaci.

P.S. Kriticky musím říct, že máš špatnou ochranu a zmatek v systému (Program Files vs. Program Files_old, C:\Documents and Settings vs. C:\profily), ale to budeme řešit až poté.
Znáte pravidla?
Tipy a triky ve Windows XP
Návody: HijackThis, MWAV, CCleaner (THX to mijaja)
Problémy, které chcete vyřešit pište sem do fóra. Neposílejte je emailem ani po ICQ!


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 9 hostů