Win32.HS.m2 - jak se TOHO zbavit?

[Deathwalker]

Win32.HS.m2 - mam infikovany PC -vyskoci tahle hlaska a uz mi tam naskakuji v exploreru wokna s anti spywarem

uz mi zacinaji cukat nervy

[matajon]

zkus sem poslat log z HijackThis - http://www.wilderssecurity.com/supportf ... ckThis.exe

[Deathwalker]

Logfile of HijackThis v1.99.1
Scan saved at 17:56:15, on 22.3.2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\mssearchnet.exe
C:\WINDOWS\System32\nvctrl.exe
C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\CTSvcCDA.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Deathwalker\Plocha\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O1 - Hosts: 212.96.165.39 L2authd.lineage2.com
O1 - Hosts: 212.96.165.39 L2testauthd.lineage2.com
O1 - Hosts: 212.96.165.39 nprotect.lineage2.com
O2 - BHO: Nothing - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - C:\WINDOWS\System32\hp3A98.tmp
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CreativeMixer] C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE /t
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{6CD3F721-25F7-4CC8-9421-5F052DDB7F95}: NameServer = 62.84.126.6,62.84.132.6
O17 - HKLM\System\CS1\Services\Tcpip\..\{6CD3F721-25F7-4CC8-9421-5F052DDB7F95}: NameServer = 62.84.126.6,62.84.132.6
O17 - HKLM\System\CS2\Services\Tcpip\..\{6CD3F721-25F7-4CC8-9421-5F052DDB7F95}: NameServer = 62.84.126.6,62.84.132.6
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcSandraSrv.exe

[matajon]

v nouzovym rezimu smazat -

Kód: Vybrat vše

C:\WINDOWS\System32\mssearchnet.exe 
C:\WINDOWS\System32\nvctrl.exe

a v HijackThis fixnout a smazat tohle -

Kód: Vybrat vše

O2 - BHO: Nothing - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - C:\WINDOWS\System32\hp3A98.tmp

nebo pustit v nouzovem rezimu tento program - http://martinnnnn.php5.cz/down/nnncleaner.exe (to bude asi jednodussi)

[Deathwalker]

ok, diky