Prosím někoho o kontrolu logu, asi 3 dny mi Avast hlásí viry.. asi 8.. něco jsem smazal, kontroluji i s MBAM, Spybot,
ještě se chci zeptat, jak zformátovat disk úplně.. zformátoval jsem oddíl, ale pořád to hlásí viry v oddíle.. a taky když vejdu na jednu konkrétní stránku, firefox se "vypne", ale při vypínání se opět přepne.. děkuji
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:44:23, on 2009/12/29
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal
Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\Program Files\Windows Defender\MsMpEng.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
I:\Program Files\Alwil Software\Avast4\ashServ.exe
I:\WINDOWS\system32\spoolsv.exe
I:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
I:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
I:\WINDOWS\system32\svchost.exe
I:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
I:\WINDOWS\system32\BtAssSvc.exe
I:\Program Files\Bonjour\mDNSResponder.exe
I:\Program Files\Java\jre6\bin\jqs.exe
I:\Program Files\Common Files\LightScribe\LSSrvc.exe
I:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
I:\WINDOWS\Explorer.EXE
I:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
I:\DOCUME~1\MARAS~1\LOCALS~1\Temp\c.exe
I:\Program Files\3DS MAX\mentalray\satellite\raysat_3dsmax9_32server.exe
I:\WINDOWS\system32\nvsvc32.exe
I:\WINDOWS\system32\HPZipm12.exe
I:\WINDOWS\system32\PSIService.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\mse.exe
I:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
I:\Program Files\Alwil Software\Avast4\ashWebSv.exe
I:\Program Files\Windows Defender\MSASCui.exe
I:\Program Files\Seznam\Postak\Postak.exe
I:\Program Files\Java\jre6\bin\jusched.exe
I:\Program Files\Unlocker\UnlockerAssistant.exe
I:\WINDOWS\system32\imPlayok.exe
I:\WINDOWS\system32\ctfmon.exe
I:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\QIP\qip.exe
I:\Documents and Settings\marťas\ghjaop.exe
I:\WINDOWS\system32\svchost.exe
I:\Documents and Settings\marťas\imPlayok.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\SpeedFan\speedfan.exe
I:\Program Files\Alwil Software\Avast4\ashDisp.exe
I:\Program Files\Microsoft IntelliPoint\ipoint.exe
I:\Program Files\Microsoft IntelliType Pro\itype.exe
I:\Program Files\uTorrent\uTorrent.exe
I:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
I:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
I:\WINDOWS\system32\rundll32.exe
I:\Program Files\Mozilla Firefox\firefox.exe
I:\Documents and Settings\marťas\Plocha\Programy PC\esetsmartinstaller_csy.exe
I:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 72.249.104.151:9939
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - I:\Documents and Settings\marťas\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - I:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - I:\Documents and Settings\marťas\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - I:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - I:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - I:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - I:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - (no file)
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - I:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll
O4 - HKLM\..\Run: [Windows Defender] "I:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SMail] "I:\Program Files\Seznam\Postak\Postak.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UnlockerAssistant] "I:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [imPlayok] I:\WINDOWS\system32\imPlayok.exe
O4 - HKCU\..\Run: [ctfmon.exe] I:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "I:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [QIP2005] I:\Program Files\QIP\qip.exe
O4 - HKCU\..\Run: [J8RPLTROBQ] I:\DOCUME~1\MARAS~1\LOCALS~1\Temp\c.exe
O4 - HKCU\..\Run: [waoaqa] I:\Documents and Settings\marťas\waoaqa.exe
O4 - HKCU\..\Run: [ghjaop] I:\Documents and Settings\marťas\ghjaop.exe
O4 - HKCU\..\Run: [PUT2VIDQLG] I:\DOCUME~1\MARAS~1\LOCALS~1\Temp\c.exe
O4 - HKCU\..\Run: [imPlayok] I:\Documents and Settings\marťas\imPlayok.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: ihaupd32.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: SpeedFan.lnk = I:\Program Files\SpeedFan\speedfan.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Zástupce - ashDisp.lnk = I:\Program Files\Alwil Software\Avast4\ashDisp.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Zástupce - ipoint.lnk = I:\Program Files\Microsoft IntelliPoint\ipoint.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Zástupce - itype.lnk = I:\Program Files\Microsoft IntelliType Pro\itype.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: µTorrent.lnk = I:\Program Files\uTorrent\uTorrent.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: ihaupd32.exe (User 'Default user')
O4 - .DEFAULT Startup: SpeedFan.lnk = I:\Program Files\SpeedFan\speedfan.exe (User 'Default user')
O4 - .DEFAULT Startup: Zástupce - ashDisp.lnk = I:\Program Files\Alwil Software\Avast4\ashDisp.exe (User 'Default user')
O4 - .DEFAULT Startup: Zástupce - ipoint.lnk = I:\Program Files\Microsoft IntelliPoint\ipoint.exe (User 'Default user')
O4 - .DEFAULT Startup: Zástupce - itype.lnk = I:\Program Files\Microsoft IntelliType Pro\itype.exe (User 'Default user')
O4 - .DEFAULT Startup: µTorrent.lnk = I:\Program Files\uTorrent\uTorrent.exe (User 'Default user')
O4 - Startup: ihaupd32.exe
O4 - Startup: SpeedFan.lnk = I:\Program Files\SpeedFan\speedfan.exe
O4 - Startup: Zástupce - ashDisp.lnk = I:\Program Files\Alwil Software\Avast4\ashDisp.exe
O4 - Startup: Zástupce - ipoint.lnk = I:\Program Files\Microsoft IntelliPoint\ipoint.exe
O4 - Startup: Zástupce - itype.lnk = I:\Program Files\Microsoft IntelliType Pro\itype.exe
O4 - Startup: µTorrent.lnk = I:\Program Files\uTorrent\uTorrent.exe
O4 - Global Startup: Pošťák.lnk = I:\Program Files\Seznam\Postak\Postak.exe
O8 - Extra context menu item: &NeoTrace It! - I:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: &Search - ?p=GRfox000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://I:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - I:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - I:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - I:\Program Files\QIP\qip.exe (HKCU)
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - I:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (file missing) (HKCU)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483....
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Anonymizer Management Service (AnonMgmtSvc) - Unknown owner - I:\Program Files\Anonymizer\Anonymizer Software\Common\AnonMgmtSvc.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - I:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - I:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: avast! Antivirus avast!W32Time (avast!W32Time) - Unknown owner - I:\WINDOWS\system32\acdbm.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - I:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bluetooth Assistant (BluetoothAssistant) - Unknown owner - I:\WINDOWS\system32\BtAssSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - I:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - I:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - I:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - I:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - I:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - I:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - I:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - I:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - I:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - I:\Program Files\3DS MAX\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - I:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
O23 - Service: NBService - Nero AG - I:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - I:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - I:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - I:\WINDOWS\system32\PSIService.exe
--
End of file - 14017 bytes
ještě tu dám log z MBAM.. když jsem je chtěl odstranit, program se vypl.. takže se nevymazali..
Malwarebytes' Anti-Malware 1.42
Verze databáze: 3289
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18372
2009/12/29 17:35:20
mbam-log-2009-12-29 (17-35-13).txt
Typ kontroly: Kompletní kontrola (C:\|D:\|H:\|I:\|)
Zkontrolované objekty: 343539
Uplynulý čas: 2 hour(s), 43 minute(s), 7 second(s)
Infikované procesy v paměti: 1
Infikované moduly v paměti: 0
Infikované klíče registru: 7
Infikované hodnoty registru: 0
Infikované datové položky registru: 3
Infikované adresáře: 0
Infikované soubory: 16
Infikované procesy v paměti:
I:\WINDOWS\mse.exe (Trojan.Agent) -> No action taken.
Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované klíče registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\VB and VBA Program Settings\tm (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.
Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované datové položky registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)
Infikované soubory:
I:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> No action taken.
I:\Documents and Settings\marťas\Data aplikací\wiaservg.log (Malware.Trace) -> No action taken.
I:\WINDOWS\Temp\wpv321260179670.exe (Trojan.Agent) -> No action taken.
I:\WINDOWS\msa.exe (Trojan.Agent) -> No action taken.
I:\WINDOWS\msc.exe (Trojan.Agent) -> No action taken.
I:\WINDOWS\msd.exe (Trojan.Agent) -> No action taken.
I:\WINDOWS\mse.exe (Trojan.Agent) -> No action taken.
I:\Documents and Settings\marťas\Local Settings\Temp\a.exe (Trojan.Dropper) -> No action taken.
I:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> No action taken.
I:\Documents and Settings\marťas\Local Settings\Temp\d.exe (Trojan.Dropper) -> No action taken.
I:\Documents and Settings\marťas\Local Settings\Temp\b.exe (Trojan.Dropper) -> No action taken.
I:\Documents and Settings\marťas\Local Settings\Temp\c.exe (Trojan.Dropper) -> No action taken.
I:\Documents and Settings\Diana\Local Settings\Temp\d.exe (Trojan.Dropper) -> No action taken.
I:\Documents and Settings\marťas\Local Settings\Temp\e.exe (Trojan.Dropper) -> No action taken.
I:\Documents and Settings\marťas\Local Settings\Temp\f.exe (Trojan.Dropper) -> No action taken.
I:\Documents and Settings\marťas\Local Settings\Temp\sshnas.dll (Trojan.FakeAlert) -> No action taken.
Ad log
fixněte
všechny řádky, kde je qip.ru
všechny řádky začínající R3
odinstalujte pdfforge toolbar a případně fixněte zbylé řádky¨
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - (no file)
O8 - Extra context menu item: &Search - ?p=GRfox000
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - I:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
řádky začínající O16
vymažte si adresáře temp a dočasné soubory internetu
Ad léčení
koukněte na
http://www.pcporadenstvi.cz/have-na-pokracovani-4-co-delat-kdyz-uz-se-ha...
případně následující pátý díl
pokud budete léčit, stáhněte si programy, instalujte je, následně aktualizujte a pak se odpojte od internetu.
děkuji, ale to už asi nebude potřeba.. počítač mi ještě v ten den klekl a nerozjel se..
nabootoval, ale pak jen černá obrazovka..
tak jsem si koupil Windows 7 a přeinstaloval.. :)
akorát při spouštění PC se mi objeví hláška, zda chci spustit Windows 7 nebo předchozí verzi windows.. zkoušel jsem předchozí, ale nic se mi nespouští.. tak se chci zeptat proč to tam je.. disk jsem formátoval..
a ještě mi z nového disku zmizel celý oddíl (asi 150 GB), ale v partition magic je.. ale nemůžu s ním nic udělat, protože ve windows 7 mi to nějak nejde..
sedmičky jsem nainstaloval místo původních xp (do stejného oddílu) a je i zformátovaný.. tak nevím v čem je problém..
kontroloval jsem PC na viry a asi už tam nejsou.. :)
můj log teď vypadá takto:
Logfile of HijackThis v1.99.1
Scan saved at 10:55:40, on 1.1.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Seznam\Postak\Postak.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\QIP\qip.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10d.exe
C:\Users\Martin\Desktop\Programy\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Martin\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [SMail] "C:\Program Files\Seznam\Postak\Postak.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKCU\..\Run: [QIP2005] C:\Program Files\QIP\qip.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvsvc32.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)
Ad log
log vypadá OK
Ad Windows
Myslím, že vše souvisí se vším. Nějakým způsobem tam zůstala stará instalace, která byla a je stále nefunkční, proto nenabíhá. Zkusil bych ještě jednou instalaci a formátování.
asi to budu muset udělat.. radši dřív než pozdě..
a ten ztracený oddíl ?
Jestli Vám nejde v tuto chvíli o data na disku, zkuste v Magic partition sloučit vše do jednoho oddílu a následně rozdělit.
Případně to zkusit při nové instalaci Windows (zformátování a následné dělení disku).
no.. nečekal jsem a asi ve 12 jsem reinstaloval Windows.. :)
už mám asi všechny programy nainstalované a všechno běží jak má.. :)
děkuji za pomoc..
udělal jsem to tak, jak jste psal při reinstalaci.. všechno odstranil a pak znovu vytvořil.. :???:
myslím, že už to tu můžete zamknout.. :)
ještě jednou děkuji..