avira premium security suite

no mam tuto ochranu PC, osobne sami po kasperskom paci najviac,a nespomaluje tak pc, preto ho mam... a mam taky problem s tym, ze ked spustim pc, tak mi normalne nastartuje antivirus,ale po case par sekundach mi zmizne ikona v pravo dole... ked spustim program cez odkaz, tka ttam je napisane ze vsetko ja aktivne, a je ,lebo firewall,, my dava otazky,ale neviem preco to neni teda dolu, co moze byt na vine???

Sprostá otázka, ale... neschová sa ti iba tá ikona? Skúsil si kliknúť na tu šípku čo tam je

Poprosím log z HijackThis, návod ako na to je tu:
http://www.pcforum.sk/postup-pri-cisteni-napadnuteho-pc-vt17087.html

aka sipka????
ale nie, samozrejme ze som skusil a nebola tam, ono to odtail zmizne ... a nejde to...

tento stvrtok som si instaloval windows , aj tak ho potrebujes??? ale ak hej, tak staci povedat

Ak si si istý, že to nebude nejakým šmejdom, potom ho nepotrebujeme.

tak verim tej avire... ale asi to psravim, a kebyze to nie je haved, co by to mohlo byt???

Možno sa ti pri štarte spúšťa veľa programov.

takze spustanie programov mam obmedzene len na tei co potrebujemˇ, pouzivam tuneUP a stiaahol som si to nainstaval a siel som spustit a vyhodilo mi tabulku a chcel som dat accept, a zrusilo, urobil som to apson 10 krat, a vzdy sa to zrusilo... to nebude normalne, mohli by ste poradit co s tym???

No, radšej daj ten logfile.

ale ide o to, ze ho nemam, lebo to HIjack this mi nejde, dal som ho nainstalovat,a ked osm cchcel dat accept, zrusilo mi to... to nechapem preco sa stalo, co yb s tim mohlo byt??

Jááj, ty si písal o hijacku. V tom prípade ho premenuj na abcdef.exe

premenoval som instalacku a znova to iste, vyhodi mi tu tabulku kde accept chcem dat,ale hned sa zavrie a vytvori sa iba odkaz na ploche... co s tym moze byt??

Stiahni a spusť:
http://www.safer-networking.org/files/delcwssk.zip

coolwwwsearch.smartKiller /v1 alebo v2/ has not been found on your system


to mi napisalo pri spusteni, a co nebolo teda najdene v mojom systeme???

Skúsime ešte tento nástroj:
http://www.trendmicro.com/ftp/products/online-tools/cwshredder.exe

toto mi uz ide, dal som vytvorit spravu dufam ze to ste potrebovali

**** Run Keys ****

RUN: [RTHDCPL] RTHDCPL.EXE
RUN: [Alcmtr] ALCMTR.EXE
RUN: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
RUN: [avgnt] "C:\Program Files\Avira Premium Security Suite\avgnt.exe" /min
RUN: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
RUN: [Windows Update] C:\WINDOWS\system32\papanoah.exe


**** Browser Helper Objects ****

BHO: [Podpora odkazu pre aplikáciu Adobe PDF Reader] C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: [BitComet Helper] C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
BHO: [Groove GFS Browser Helper] C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
BHO: [SSVHelper Class] C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll


**** IE Toolbars ****



**** IE Extensions ****

IEExt: []
IEExt: [Send to OneNote]
IEExt: [BitComet Search]
IEExt: [Research]
IEExt: [ICQ6] C:\Program Files\ICQ6\ICQ.exe
IEExt: [Messenger] C:\Program Files\Messenger\msmsgs.exe


**** Hosts File Entries ****

HOSTS: 127.0.0.1 localhost
HOSTS: 66.98.148.65 auto.search.msn.com
HOSTS: 66.98.148.65 auto.search.msn.es


**** IE Settings ****

Default Page: http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
Default Search: http://www.microsoft.com/isapi/redir.dl ... r=iesearch
Search Bar: http://google.icq.com/search/search_frame.php
Search Page: http://www.microsoft.com/isapi/redir.dl ... r=iesearch


**** IE Context Menu (Right click) ****

IEContext: [E&xport to Microsoft Excel] res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
IEContext: [Stáhnout odkaz s použitím BitCometu] res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
IEContext: [Stáhnout všechna videa s použitím BitCometu] res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
IEContext: [Stáhnout všechny odkazy s použitím BitCometu] res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm


**** Layered Service Providers ****

LSP: AVSDA over [MSAFD Tcpip [TCP/IP]]
LSP: AVSDA over [MSAFD Tcpip [UDP/IP]]
LSP: MSAFD Tcpip [TCP/IP]
LSP: MSAFD Tcpip [UDP/IP]
LSP: RSVP UDP Service Provider
LSP: RSVP TCP Service Provider
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{58EAA096-E24F-4623-BA3A-AD4D637DDDCF}] SEQPACKET 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{58EAA096-E24F-4623-BA3A-AD4D637DDDCF}] DATAGRAM 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2F4957B3-DE3F-4FBC-9806-35000B907BD7}] SEQPACKET 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2F4957B3-DE3F-4FBC-9806-35000B907BD7}] DATAGRAM 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2D958F5F-C273-491B-874B-887762FB49D6}] SEQPACKET 2
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2D958F5F-C273-491B-874B-887762FB49D6}] DATAGRAM 2


**** Blocked Control Panel Items ****

BLOCKED: [ncpa.cpl] No
BLOCKED: [odbccp32.cpl] No


**** Downloaded Program Files ****

{6414512B-B978-451D-A0D8-FCFDF33E833C} [http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1186676065984] C:\WINDOWS\system32\wuweb.dll
{8AD9C840-044E-11D1-B3E9-00805F499D93} [http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab]
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab]
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab]


**** Windows Services ****

[Alerter] %SystemRoot%\system32\svchost.exe -k LocalService
[ALG] %SystemRoot%\System32\alg.exe
[AntiVirFirewallService] C:\Program Files\Avira Premium Security Suite\avfwsvc.exe
[AntiVirMailService] "C:\Program Files\Avira Premium Security Suite\avmailc.exe"
[AntiVirScheduler] "C:\Program Files\Avira Premium Security Suite\sched.exe"
[AntiVirService] "C:\Program Files\Avira Premium Security Suite\avguard.exe"
[AppMgmt] %SystemRoot%\system32\svchost.exe -k netsvcs
[aspnet_state] %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
[Ati HotKey Poller] %SystemRoot%\system32\Ati2evxx.exe
[AudioSrv] %SystemRoot%\System32\svchost.exe -k netsvcs
[AVEService] "C:\Program Files\Avira Premium Security Suite\avesvc.exe"
[BITS] %SystemRoot%\system32\svchost.exe -k netsvcs
[Browser] %SystemRoot%\system32\svchost.exe -k netsvcs
[CiSvc] %SystemRoot%\system32\cisvc.exe
[ClipSrv] %SystemRoot%\system32\clipsrv.exe
[clr_optimization_v2.0.50727_32] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
[COMSysApp] C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
[CryptSvc] %SystemRoot%\system32\svchost.exe -k netsvcs
[DcomLaunch] %SystemRoot%\system32\svchost -k DcomLaunch
[Dhcp] %SystemRoot%\system32\svchost.exe -k netsvcs
[dmadmin] %SystemRoot%\System32\dmadmin.exe /com
[dmserver] %SystemRoot%\System32\svchost.exe -k netsvcs
[Dnscache] %SystemRoot%\system32\svchost.exe -k NetworkService
[ERSvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[Eventlog] %SystemRoot%\system32\services.exe
[EventSystem] C:\WINDOWS\system32\svchost.exe -k netsvcs
[FastUserSwitchingCompatibility] %SystemRoot%\System32\svchost.exe -k netsvcs
[FontCache3.0.0.0] C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
[helpsvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[HidServ] %SystemRoot%\System32\svchost.exe -k netsvcs
[HTTPFilter] %SystemRoot%\System32\svchost.exe -k HTTPFilter
[idsvc] "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
[ImapiService] C:\WINDOWS\system32\imapi.exe
[lanmanserver] %SystemRoot%\system32\svchost.exe -k netsvcs
[lanmanworkstation] %SystemRoot%\system32\svchost.exe -k netsvcs
[LmHosts] %SystemRoot%\system32\svchost.exe -k LocalService
[Messenger] %SystemRoot%\system32\svchost.exe -k netsvcs
[Microsoft Office Groove Audit Service] "C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe"
[mnmsrvc] C:\WINDOWS\system32\mnmsrvc.exe
[MSDTC] C:\WINDOWS\system32\msdtc.exe
[MSIServer] C:\WINDOWS\system32\msiexec.exe /V
[NBService] C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
[NetDDE] %SystemRoot%\system32\netdde.exe
[NetDDEdsdm] %SystemRoot%\system32\netdde.exe
[Netlogon] %SystemRoot%\system32\lsass.exe
[Netman] %SystemRoot%\System32\svchost.exe -k netsvcs
[NetTcpPortSharing] "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"
[Nla] %SystemRoot%\system32\svchost.exe -k netsvcs
[NMIndexingService] "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe"
[NtLmSsp] %SystemRoot%\system32\lsass.exe
[NtmsSvc] %SystemRoot%\system32\svchost.exe -k netsvcs
[odserv] "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE"
[ose] "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
[PlugPlay] %SystemRoot%\system32\services.exe
[PolicyAgent] %SystemRoot%\system32\lsass.exe
[ProtectedStorage] %SystemRoot%\system32\lsass.exe
[RasAuto] %SystemRoot%\system32\svchost.exe -k netsvcs
[RasMan] %SystemRoot%\system32\svchost.exe -k netsvcs
[RDSessMgr] C:\WINDOWS\system32\sessmgr.exe
[RemoteAccess] %SystemRoot%\system32\svchost.exe -k netsvcs
[RemoteRegistry] %SystemRoot%\system32\svchost.exe -k LocalService
[RpcLocator] %SystemRoot%\system32\locator.exe
[RpcSs] %SystemRoot%\system32\svchost -k rpcss
[RSVP] %SystemRoot%\system32\rsvp.exe
[SamSs] %SystemRoot%\system32\lsass.exe
[SCardSvr] %SystemRoot%\System32\SCardSvr.exe
[Schedule] %SystemRoot%\System32\svchost.exe -k netsvcs
[seclogon] %SystemRoot%\System32\svchost.exe -k netsvcs
[SENS] %SystemRoot%\system32\svchost.exe -k netsvcs
[SharedAccess] %SystemRoot%\system32\svchost.exe -k netsvcs
[ShellHWDetection] %SystemRoot%\System32\svchost.exe -k netsvcs
[Spooler] %SystemRoot%\system32\spoolsv.exe
[srservice] %SystemRoot%\system32\svchost.exe -k netsvcs
[SSDPSRV] %SystemRoot%\system32\svchost.exe -k LocalService
[stisvc] %SystemRoot%\system32\svchost.exe -k imgsvc
[SwPrv] C:\WINDOWS\system32\dllhost.exe /Processid:{EAE7FA5D-2D93-45BB-9B9B-D047723AEF70}
[SysmonLog] %SystemRoot%\system32\smlogsvc.exe
[TapiSrv] %SystemRoot%\System32\svchost.exe -k netsvcs
[TermService] %SystemRoot%\System32\svchost -k DComLaunch
[Themes] %SystemRoot%\System32\svchost.exe -k netsvcs
[TlntSvr] C:\WINDOWS\system32\tlntsvr.exe
[TrkWks] %SystemRoot%\system32\svchost.exe -k netsvcs
[upnphost] %SystemRoot%\system32\svchost.exe -k LocalService
[UPS] %SystemRoot%\System32\ups.exe
[UxTuneUp] %SystemRoot%\System32\svchost.exe -k netsvcs
[VSS] %SystemRoot%\System32\vssvc.exe
[W32Time] %SystemRoot%\System32\svchost.exe -k netsvcs
[WebClient] %SystemRoot%\system32\svchost.exe -k LocalService
[winmgmt] %systemroot%\system32\svchost.exe -k netsvcs
[WmdmPmSN] %SystemRoot%\System32\svchost.exe -k netsvcs
[Wmi] %SystemRoot%\System32\svchost.exe -k netsvcs
[WmiApSrv] C:\WINDOWS\system32\wbem\wmiapsrv.exe
[WMPNetworkSvc] "C:\Program Files\Windows Media Player\WMPNetwk.exe"
[wscsvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[wuauserv] %systemroot%\system32\svchost.exe -k netsvcs
[WudfSvc] %SystemRoot%\system32\svchost.exe -k WudfServiceGroup
[WZCSVC] %SystemRoot%\System32\svchost.exe -k netsvcs
[xmlprov] %SystemRoot%\System32\svchost.exe -k netsvcs


**** Custom IE Search Items ****

SEARCH: [SearchAssistant] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
SEARCH: [CustomizeSearch] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


**** Complete IE Options ****

IEOPT: [NoUpdateCheck]
IEOPT: [NoJITSetup]
IEOPT: [Disable Script Debugger] yes
IEOPT: [Show_ChannelBand] No
IEOPT: [Anchor Underline] yes
IEOPT: [Cache_Update_Frequency] Once_Per_Session
IEOPT: [Display Inline Images] yes
IEOPT: [Do404Search]
IEOPT: [Save_Session_History_On_Exit] no
IEOPT: [Show_FullURL] no
IEOPT: [Show_StatusBar] yes
IEOPT: [Show_ToolBar] yes
IEOPT: [Show_URLinStatusBar] yes
IEOPT: [Show_URLToolBar] yes
IEOPT: [Start Page] http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
IEOPT: [Use_DlgBox_Colors] yes
IEOPT: [Search Page] http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IEOPT: [FullScreen] no
IEOPT: [Search Bar] http://google.icq.com/search/search_frame.php
IEOPT: [Window_Placement] ,
IEOPT: [Default_Page_URL] http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
IEOPT: [Default_Search_URL] http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IEOPT: [Search Page] http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IEOPT: [Enable_Disk_Cache] yes
IEOPT: [Cache_Percent_of_Disk]
IEOPT: [Delete_Temp_Files_On_Exit] yes
IEOPT: [Anchor_Visitation_Horizon]
IEOPT: [Use_Async_DNS] yes
IEOPT: [Placeholder_Width]
IEOPT: [Placeholder_Height]
IEOPT: [Start Page] http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IEOPT: [CompanyName] Microsoft Corporation
IEOPT: [Custom_Key] MICROSO
IEOPT: [Wizard_Version] 6.0.2600.0000
IEOPT: [FullScreen] no

Tento súbor otestuj na http://www.virustoal.com a odošli ho na adresu v mojom podpise.

C:\WINDOWS\system32\papanoah.exe


A čo log z hijacku?

ten hijack mi este stale nejde, ten isty problem, co pred tym... a nepochopil som, ako myslis ze mam otestovat ten subor, mohol by si nejaky odkaz na navod?

Pošlite ho mne na threat.samples@gmail.com

Jednoducho ho priložíte ako prílohu. Ja sa o test postarám.


Hijack skúste použiť v núdzovom režime.

mali ste pravdu v nudzovom rezime to slo to je vysledok Hijacku

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:52:20, on 11. 8. 2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: Podpora odkazu pre aplikáciu Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira Premium Security Suite\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 6676065984
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira Premium Security Suite\avfwsvc.exe
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira Premium Security Suite\avmailc.exe
O23 - Service: Avira Premium Security Suite Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira Premium Security Suite\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Avira Premium Security Suite MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira Premium Security Suite\avesvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

--
End of file - 4576 bytes

Fixnite v HijackThis tak, že pri položke dáte fajku a po označení všetkých položiek zvolíte „Fix checked“:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing


A ten súbor potrebujeme otestovať.





Potom:

Prečistite PC cez CCleaner, neinštalujte ten toolbar (pozor na neho, čítajte všetko pri inštalácii):
http://www.ccleaner.com

Stiahnite MWAV a preskenujte PC (sken je dlhý) –->
ftp://ftp.microworldsystems.com/download/tools/mwav.exe


PS: Zajtra pokračujem

dobre zatial dakujem a ten subor som vam poslal mailom ako prilohu... ked to sravim dam vediet, asi zajtra...

Súbor neprišiel. Skúste postupovať podľa môjho podpisu - heslo sa pridáva v záložke "rozšírené", "nastaviť heslo".



Z MWAV potrebujeme log z poľa "Informace o nalezených hrozbách" - skopírovať na fórum.

takze subor som vam poslal pred chvilou, hijack som urobil to ,,fixnutie,, a pouzil som ccleaner... a akurat idem pustit to ,,mwav,, potom dam sem log, zatial dakujem...

Sken bude naozaj dlhý, takže si môžete ísť oddýchnuť alebo iné.

Súbor je čistý. Určite je to ?

Lebo prišiel

ano je to papanoah.exe lebo iny tam neni, a tento som dal zbalit winrarom... a to mwav mi bezi zatial mi naslo 4 kritickych objektov a 3 chyby...

Informujem sa bližšie o tom súbore a vyjadrím sa, čo s ním. Respektíve, nie je skrytý?


Ohľadne MWAV ---> potom stačí vložiť celý log z poľa "Informace o nalezených hrozbách"

mali ste pravdu, bol skryty, uuz som vam ho poslal, je zbaleny vo winrare...ale nedal som uz heslo...