Nazdar
Vzdy po starte windowsu mi avast hlasi Win32:Small-gen2 najdeny v zlozke TEMP ako subor tmp1.tmp, vzdy ho necham odstranit alebo poslat do truhly ale to nepomaha. Vzdy po starte mi to aj tak zobrazi.
Tu je moj log z hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 21:46:34, on 3.9.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\Program Files\ICQLite\ICQLite.exe
E:\Program Files\Winamp\winampa.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
E:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
E:\Program Files\ACD Systems\ImageFox\ImageFox.exe
E:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Kryha\IManager1_0\imanager.exe
C:\totalcmd\TOTALCMD.EXE
E:\WINDOWS\system32\notepad.exe
C:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - E:\Program
Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat
7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - E:\Program Files\Xi\NetTransport
2\NTIEHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program
Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [yaemu.exe] E:\WINDOWS\system32\yaemu.exe
O4 - HKLM\..\Run: [ICQ Lite] E:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ATICCC] "E:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] E:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] E:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ImageFox.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = E:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: MSWin.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel -
res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save F&lash with FlashCapture - res://E:\Program
Files\FlashCapture\fciext.dll/FCIEXT.htm
O8 - Extra context menu item: Stiahni položku pomocou Net Transport - E:\Program Files\Xi\NetTransport
2\NTAddLink.html
O8 - Extra context menu item: Stiahni všetky položky cez Net Transport - E:\Program Files\Xi\NetTransport
2\NTAddList.html
O9 - Extra button: FlashCapture - {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD} - E:\Program Files\FlashCapture\fciext.dll
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Program
Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (file
missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program
Files\Messenger\msmsgs.exe (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{30746A4B-E720-48B4-8F73-B49F25DA52DD}: NameServer =
85.255.115.52,85.255.112.85
O17 - HKLM\System\CCS\Services\Tcpip\..\{43B95B0D-B90E-489E-A33D-53823C8A3C4B}: NameServer =
85.255.115.52,85.255.112.85
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Program Files\Alwil
Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
(file missing)
O23 - Service: avast! Web Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
(file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common
Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - E:\Program Files\Alcohol
Soft\Alcohol 120\StarWind\StarWindService.exe
vdaka za odpoved
Win32:Small-gen2
Vypadá to, že tam máš adware Wareout.
Pro začátek zafixuj:
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [yaemu.exe] E:\WINDOWS\system32\yaemu.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
Potom aplikuj Fixwareout - návod tady + vlož sem taky jeho log
Pro začátek zafixuj:
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [yaemu.exe] E:\WINDOWS\system32\yaemu.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
Potom aplikuj Fixwareout - návod tady + vlož sem taky jeho log
Nazdar
tu je log z fixwareout:
Fixwareout ver 1.003
Last edited 8/11/2006
Post this report in the forums please
Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\repiwoh
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\putesprpgd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\lavinraCputeS
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ypszr
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\daolnwodi
...
Random Runs removed from HKLM
...
PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
»»»»» Searching by size/names...
»»»»»
Search five digit cs, dm and jb files.
This WILL/CAN also list Legit Files, Submit them at Virustotal
Other suspects.
Directory of E:\WINDOWS\system32
»»»»» Misc files.
»»»»» Checking for older varients covered by the Rem3 tool.
tu je log z fixwareout:
Fixwareout ver 1.003
Last edited 8/11/2006
Post this report in the forums please
Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\repiwoh
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\putesprpgd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\lavinraCputeS
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ypszr
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\daolnwodi
...
Random Runs removed from HKLM
...
PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
»»»»» Searching by size/names...
»»»»»
Search five digit cs, dm and jb files.
This WILL/CAN also list Legit Files, Submit them at Virustotal
Other suspects.
Directory of E:\WINDOWS\system32
»»»»» Misc files.
»»»»» Checking for older varients covered by the Rem3 tool.
tak tu je log z hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 21:34:57, on 6.9.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\Program Files\Winamp\winampa.exe
E:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
E:\Program Files\ACD Systems\ImageFox\ImageFox.exe
E:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
E:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\WINDOWS\System32\svchost.exe
C:\totalcmd\TOTALCMD.EXE
E:\Program Files\ACD Systems\ACDSee\ACDSee.exe
E:\Program Files\ICQLite\ICQLite.exe
E:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - E:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ICQ Lite] E:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ATICCC] "E:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [yaemu.exe] E:\WINDOWS\system32\yaemu.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] E:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] E:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ImageFox.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = E:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: MSWin.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save F&lash with FlashCapture - res://E:\Program Files\FlashCapture\fciext.dll/FCIEXT.htm
O8 - Extra context menu item: Stiahni položku pomocou Net Transport - E:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Stiahni všetky položky cez Net Transport - E:\Program Files\Xi\NetTransport 2\NTAddList.html
O9 - Extra button: FlashCapture - {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD} - E:\Program Files\FlashCapture\fciext.dll
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{30746A4B-E720-48B4-8F73-B49F25DA52DD}: NameServer = 85.255.115.52,85.255.112.85
O17 - HKLM\System\CCS\Services\Tcpip\..\{43B95B0D-B90E-489E-A33D-53823C8A3C4B}: NameServer = 85.255.115.52,85.255.112.85
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
Logfile of HijackThis v1.99.1
Scan saved at 21:34:57, on 6.9.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\Program Files\Winamp\winampa.exe
E:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
E:\Program Files\ACD Systems\ImageFox\ImageFox.exe
E:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
E:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\WINDOWS\System32\svchost.exe
C:\totalcmd\TOTALCMD.EXE
E:\Program Files\ACD Systems\ACDSee\ACDSee.exe
E:\Program Files\ICQLite\ICQLite.exe
E:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - E:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ICQ Lite] E:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ATICCC] "E:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [yaemu.exe] E:\WINDOWS\system32\yaemu.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] E:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] E:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ImageFox.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = E:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: MSWin.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save F&lash with FlashCapture - res://E:\Program Files\FlashCapture\fciext.dll/FCIEXT.htm
O8 - Extra context menu item: Stiahni položku pomocou Net Transport - E:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Stiahni všetky položky cez Net Transport - E:\Program Files\Xi\NetTransport 2\NTAddList.html
O9 - Extra button: FlashCapture - {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD} - E:\Program Files\FlashCapture\fciext.dll
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{30746A4B-E720-48B4-8F73-B49F25DA52DD}: NameServer = 85.255.115.52,85.255.112.85
O17 - HKLM\System\CCS\Services\Tcpip\..\{43B95B0D-B90E-489E-A33D-53823C8A3C4B}: NameServer = 85.255.115.52,85.255.112.85
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
Zafixuj:
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O4 - HKLM\..\Run: [yaemu.exe] E:\WINDOWS\system32\yaemu.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - Global Startup: MSWin.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{30746A4B-E720-48B4-8F73-B49F25DA52DD}: NameServer = 85.255.115.52,85.255.112.85
O17 - HKLM\System\CCS\Services\Tcpip\..\{43B95B0D-B90E-489E-A33D-53823C8A3C4B}: NameServer = 85.255.115.52,85.255.112.85
+ po fixnutí restartni počítač
- Po restartu si nastav internetové připojení skrz Start - Nastavení - Ovládací panely - Síťová připojení - Připojení k místní síti - Vlastnosti - Protokol sítě Internet (TCP/IP) - Vlastnosti
- Tam zvol Získat adresu IP ze serveru DHCP automaticky a Získat adresu serveru DNS automaticky; jestli používáš pevnou IP, tak do těch kolonek zadej údaje od poskytovatele internetu
Postni nový log a napiš, jak počítač běží.
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O4 - HKLM\..\Run: [yaemu.exe] E:\WINDOWS\system32\yaemu.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - Global Startup: MSWin.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{30746A4B-E720-48B4-8F73-B49F25DA52DD}: NameServer = 85.255.115.52,85.255.112.85
O17 - HKLM\System\CCS\Services\Tcpip\..\{43B95B0D-B90E-489E-A33D-53823C8A3C4B}: NameServer = 85.255.115.52,85.255.112.85
+ po fixnutí restartni počítač
- Po restartu si nastav internetové připojení skrz Start - Nastavení - Ovládací panely - Síťová připojení - Připojení k místní síti - Vlastnosti - Protokol sítě Internet (TCP/IP) - Vlastnosti
- Tam zvol Získat adresu IP ze serveru DHCP automaticky a Získat adresu serveru DNS automaticky; jestli používáš pevnou IP, tak do těch kolonek zadej údaje od poskytovatele internetu
Postni nový log a napiš, jak počítač běží.
cau
tu je novy log z hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 14:44:02, on 8.9.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\Program Files\ICQLite\ICQLite.exe
E:\Program Files\Winamp\winampa.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
E:\Program Files\ACD Systems\ImageFox\ImageFox.exe
E:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\Program Files\Winamp\winamp.exe
C:\totalcmd\TOTALCMD.EXE
c:\hijackthis\HijackThis.exe
E:\WINDOWS\system32\NOTEPAD.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - E:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ICQ Lite] E:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ATICCC] "E:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [yaemu.exe] E:\WINDOWS\system32\yaemu.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] E:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ImageFox.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = E:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: MSWin.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save F&lash with FlashCapture - res://E:\Program Files\FlashCapture\fciext.dll/FCIEXT.htm
O8 - Extra context menu item: Stiahni položku pomocou Net Transport - E:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Stiahni všetky položky cez Net Transport - E:\Program Files\Xi\NetTransport 2\NTAddList.html
O9 - Extra button: FlashCapture - {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD} - E:\Program Files\FlashCapture\fciext.dll
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{30746A4B-E720-48B4-8F73-B49F25DA52DD}: NameServer = 85.255.115.52,85.255.112.85
O17 - HKLM\System\CCS\Services\Tcpip\..\{43B95B0D-B90E-489E-A33D-53823C8A3C4B}: NameServer = 85.255.115.52,85.255.112.85
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
po restartovani mi hlasenie o viruse nenabehlo, ale este predtym ako som vobec nieco fixol v hijackthis, mam taku skusenost, ze ak som vymazal cely temp - tak mi hlasenie neukazalo, ale ak tam nieco bolo tak vtedy mi po nabehnuti windowsu vybehlo hlasenie o viruse.
tu je novy log z hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 14:44:02, on 8.9.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\Program Files\ICQLite\ICQLite.exe
E:\Program Files\Winamp\winampa.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
E:\Program Files\ACD Systems\ImageFox\ImageFox.exe
E:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\Program Files\Winamp\winamp.exe
C:\totalcmd\TOTALCMD.EXE
c:\hijackthis\HijackThis.exe
E:\WINDOWS\system32\NOTEPAD.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - E:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ICQ Lite] E:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ATICCC] "E:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [yaemu.exe] E:\WINDOWS\system32\yaemu.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] E:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ImageFox.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = E:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: MSWin.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save F&lash with FlashCapture - res://E:\Program Files\FlashCapture\fciext.dll/FCIEXT.htm
O8 - Extra context menu item: Stiahni položku pomocou Net Transport - E:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Stiahni všetky položky cez Net Transport - E:\Program Files\Xi\NetTransport 2\NTAddList.html
O9 - Extra button: FlashCapture - {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD} - E:\Program Files\FlashCapture\fciext.dll
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{30746A4B-E720-48B4-8F73-B49F25DA52DD}: NameServer = 85.255.115.52,85.255.112.85
O17 - HKLM\System\CCS\Services\Tcpip\..\{43B95B0D-B90E-489E-A33D-53823C8A3C4B}: NameServer = 85.255.115.52,85.255.112.85
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
po restartovani mi hlasenie o viruse nenabehlo, ale este predtym ako som vobec nieco fixol v hijackthis, mam taku skusenost, ze ak som vymazal cely temp - tak mi hlasenie neukazalo, ale ak tam nieco bolo tak vtedy mi po nabehnuti windowsu vybehlo hlasenie o viruse.
Fixni znovu v HijackThis:
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O4 - HKLM\..\Run: [yaemu.exe] E:\WINDOWS\system32\yaemu.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - Global Startup: MSWin.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{30746A4B-E720-48B4-8F73-B49F25DA52DD}: NameServer = 85.255.115.52,85.255.112.85
O17 - HKLM\System\CCS\Services\Tcpip\..\{43B95B0D-B90E-489E-A33D-53823C8A3C4B}: NameServer = 85.255.115.52,85.255.112.85
+ Po fixnutí musí následovat restart počítače
Potom znova nový HijackThis log.
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O4 - HKLM\..\Run: [yaemu.exe] E:\WINDOWS\system32\yaemu.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - Global Startup: MSWin.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{30746A4B-E720-48B4-8F73-B49F25DA52DD}: NameServer = 85.255.115.52,85.255.112.85
O17 - HKLM\System\CCS\Services\Tcpip\..\{43B95B0D-B90E-489E-A33D-53823C8A3C4B}: NameServer = 85.255.115.52,85.255.112.85
+ Po fixnutí musí následovat restart počítače
Potom znova nový HijackThis log.
Pokud se tam některé položky z těch, které mají být fixnuty objeví znovu, ukonči TeaTimer přes správce úloh, zafixuj a zase restartuj počítač. To by to mělo vyřešit. A potom už vlož jen ten HijackThis log.Zpět na “Viry, antiviry, firewally…”
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 11 hostů