kontrola logu. dik

[AlCapone03]

mam tam nejakou havet!:( a posila se mi to kontaktum na icq!:(

Logfile of HijackThis v1.99.1
Scan saved at 19:09:07, on 14.3.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Programs\Avast\aswUpdSv.exe
D:\Programs\Avast\ashServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
D:\Programs\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
D:\Programs\Avast\ashWebSv.exe
D:\Programs\Avast\ashMaiSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
D:\Programs\Avast\ashDisp.exe
D:\Programs\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
D:\Programs\miranda\miranda32.exe
D:\Programs\opera\Opera.exe
D:\Programs\Spyware Terminator\SpywareTerminator.exe
D:\Programs\ICQLite\ICQLite.exe
C:\Documents and Settings\Tommas\Dokumenty\ICQ Lite\490517297\lcpd_292686120\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/?from=icqhp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Programs\ICQToolbar\toolbaru.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - D:\Programs\ICQToolbar\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Programs\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [avast!] D:\Programs\Avast\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SpywareTerminator] "D:\Programs\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\RunOnce: [ICQ Lite] D:\Programs\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Reader Synchronizer.lnk = D:\Programs\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Programs\Reader 8.0\Reader\reader_sl.exe
O10 - Broken Internet access because of LSP provider 'rsvp32_2.dll' missing
O20 - AppInit_DLLs: e1.dll
O20 - Winlogon Notify: winmyy32 - winmyy32.dll (file missing)
O20 - Winlogon Notify: wmvmgr - wmvmgr32.dll (file missing)
O20 - Winlogon Notify: wstdactx - C:\WINDOWS\System32\wstdactx.dll (file missing)
O20 - Winlogon Notify: xpspqdvd - C:\WINDOWS\System32\xpspqdvd.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Programs\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Programs\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Programs\Avast\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Programs\Avast\ashWebSv.exe" /service (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Programs\Alcohol 120\StarWind\StarWindService.exe

[Reklama]

[fredik]

Stáhni si LSPFix a spusť jej.

V okně zatrhni čtvereček u volby I know what i'm doing a zaktivují se ti šipečky mezi okny. Potom dole v levém okně označ (zamodři ) to, co bude mít název rsvp32_2.dll a šipkama >> jej přesuň do pravého okna. Až to budeš mít, klikni dole na tlačítko Finish. Ale pozor nesmíš přesunout nic jiného, protože by sis mohl zlikvidovat internet.

Postupuj podle tohoto návodu s Avengerem. Postup opakuj alespoň 2x za sebou pak sem dej nový log z HJT na kontrolu.

[AlCapone03]

Logfile of HijackThis v1.99.1
Scan saved at 19:31:01, on 14.3.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
D:\Programs\Avast\ashDisp.exe
D:\Programs\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
D:\Programs\Reader 8.0\Reader\reader_sl.exe
D:\Programs\Avast\aswUpdSv.exe
D:\Programs\Avast\ashServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
D:\Programs\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
D:\Programs\ICQLite\ICQLite.exe
D:\Programs\Avast\ashWebSv.exe
D:\Programs\Avast\ashMaiSv.exe
D:\Programs\miranda\miranda32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Tommas\Dokumenty\ICQ Lite\490517297\lcpd_292686120\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/?from=icqhp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Programs\ICQToolbar\toolbaru.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - D:\Programs\ICQToolbar\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Programs\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [avast!] D:\Programs\Avast\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SpywareTerminator] "D:\Programs\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\RunOnce: [ICQ Lite] D:\Programs\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Reader Synchronizer.lnk = D:\Programs\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Programs\Reader 8.0\Reader\reader_sl.exe
O20 - Winlogon Notify: winmyy32 - winmyy32.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Programs\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Programs\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Programs\Avast\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Programs\Avast\ashWebSv.exe" /service (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Programs\Alcohol 120\StarWind\StarWindService.exe

[fredik]

Fixni v HJT toto:
O20 - Winlogon Notify: winmyy32 - winmyy32.dll (file missing)

Projeď to pro jistotu Mwav. Spusť ho proveď updata a spusť prohlídku přes tlačítko Scan & Clean (nesmíš mít zatrhlou volbu Scan Only). Co najde to odstraní. Po skončení prohlídky pak možná bude chtít restart tak ho povol.

Pak tam pro lepší zabezpečení doinstaluj SP2 pro WinXp a firewall.