Themida - co je to ?
Moderátor: Moderátoři Živě.cz
od himo 16. 12. 2006 20:13
cawte pls pomozte ja mam podobny problem ked sa prihlasim na uzivatela nabehne mi 4 krat themida na ktoru musim kliknut tak pls pomozte
Logfile of HijackThis v1.99.1
Scan saved at 20:00:27, on 16. 12. 2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\VTTimer.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\winam\winampa.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\syshost.exe
C:\WINDOWS\System32\mysvcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\srshost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Lukas\LOCALS~1\Temp\Rar$EX00.781\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.321search.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1 ... MqXr901hez
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {45A4902E-4479-4EAE-A186-8D0F7E4C78DE} - C:\Program Files\Starware349\bin\Starware349.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: Starware349 - {9FB3908C-6565-4CB0-95F8-E9F85258723C} - C:\Program Files\Starware349\bin\Starware349.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1051
O4 - HKLM\..\Run: [startkey] C:\WINDOWS\System32\server.exe
O4 - HKLM\..\Run: [OLESVR2] C:\WINDOWS\System32\OLESVR2.exe
O4 - HKLM\..\Run: [WinampAgent] C:\winam\winampa.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Windows System] syshost.exe
O4 - HKLM\..\Run: [mysvcig38] mysvcc.exe
O4 - HKLM\..\Run: [Trans] C:\PROGRA~1\TRANS\Trans.exe
O4 - HKLM\..\Run: [Pepsi Volume Controller 3.0] C:\Program Files\Zamaan's Software\Pepsi Volume Controller 3.0\pvc3.0.exe
O4 - HKLM\..\Run: [Glass2k] C:\Program Files\Glass2k\Glass2k.exe
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\RunServices: [Microsoft Windows System] syshost.exe
O4 - HKLM\..\RunServices: [mysvcig38] mysvcc.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [startkey] C:\WINDOWS\System32\server.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [srshost.exe] C:\WINDOWS\system32\srshost.exe
O4 - Startup: Kalendár.lnk = C:\WINDOWS\MENINY.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Wincbr.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... xdm799YYSK
O8 - Extra context menu item: Stiahnu položku pomocou FlashGetu - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Stiahnu všetky položky pomocou FlashGetu - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocach ... 0.0.15.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://pokladna.station.zoznam.sk/god/ocx/ExentCtl.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{344ADFE1-BD5B-4CBA-AA08-6CDC7D3D1F77}: NameServer = 62.168.122.95,62.168.96.4
O20 - Winlogon Notify: OLESVR2 - OLESVR2.dll (file missing)
O20 - Winlogon Notify: rpcc - C:\WINDOWS\System32\rpcc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
Logfile of HijackThis v1.99.1
Scan saved at 20:00:27, on 16. 12. 2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\VTTimer.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\winam\winampa.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\syshost.exe
C:\WINDOWS\System32\mysvcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\srshost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Lukas\LOCALS~1\Temp\Rar$EX00.781\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.321search.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1 ... MqXr901hez
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {45A4902E-4479-4EAE-A186-8D0F7E4C78DE} - C:\Program Files\Starware349\bin\Starware349.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: Starware349 - {9FB3908C-6565-4CB0-95F8-E9F85258723C} - C:\Program Files\Starware349\bin\Starware349.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1051
O4 - HKLM\..\Run: [startkey] C:\WINDOWS\System32\server.exe
O4 - HKLM\..\Run: [OLESVR2] C:\WINDOWS\System32\OLESVR2.exe
O4 - HKLM\..\Run: [WinampAgent] C:\winam\winampa.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Windows System] syshost.exe
O4 - HKLM\..\Run: [mysvcig38] mysvcc.exe
O4 - HKLM\..\Run: [Trans] C:\PROGRA~1\TRANS\Trans.exe
O4 - HKLM\..\Run: [Pepsi Volume Controller 3.0] C:\Program Files\Zamaan's Software\Pepsi Volume Controller 3.0\pvc3.0.exe
O4 - HKLM\..\Run: [Glass2k] C:\Program Files\Glass2k\Glass2k.exe
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\RunServices: [Microsoft Windows System] syshost.exe
O4 - HKLM\..\RunServices: [mysvcig38] mysvcc.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [startkey] C:\WINDOWS\System32\server.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [srshost.exe] C:\WINDOWS\system32\srshost.exe
O4 - Startup: Kalendár.lnk = C:\WINDOWS\MENINY.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Wincbr.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... xdm799YYSK
O8 - Extra context menu item: Stiahnu položku pomocou FlashGetu - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Stiahnu všetky položky pomocou FlashGetu - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocach ... 0.0.15.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://pokladna.station.zoznam.sk/god/ocx/ExentCtl.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{344ADFE1-BD5B-4CBA-AA08-6CDC7D3D1F77}: NameServer = 62.168.122.95,62.168.96.4
O20 - Winlogon Notify: OLESVR2 - OLESVR2.dll (file missing)
O20 - Winlogon Notify: rpcc - C:\WINDOWS\System32\rpcc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
- himo
- Kolemjdoucí
od Levlard 16. 12. 2006 20:40
1) Předem bych doporučil nainstalovat firewall, jinak nemá cenu dále pokračovat v čištění počítače.
2) Fixni v HijackThis:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.321search.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1ILE...MqXr901hez
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {45A4902E-4479-4EAE-A186-8D0F7E4C78DE} - C:\Program Files\Starware349\bin\Starware349.dll
O3 - Toolbar: Starware349 - {9FB3908C-6565-4CB0-95F8-E9F85258723C} - C:\Program Files\Starware349\bin\Starware349.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [startkey] C:\WINDOWS\System32\server.exe
O4 - HKLM\..\Run: [OLESVR2] C:\WINDOWS\System32\OLESVR2.exe
O4 - HKLM\..\Run: [Microsoft Windows System] syshost.exe
O4 - HKLM\..\Run: [mysvcig38] mysvcc.exe
O4 - HKLM\..\RunServices: [Microsoft Windows System] syshost.exe
O4 - HKLM\..\RunServices: [mysvcig38] mysvcc.exe
O4 - HKCU\..\Run: [startkey] C:\WINDOWS\System32\server.exe
O4 - HKCU\..\Run: [srshost.exe] C:\WINDOWS\system32\srshost.exe
O4 - Global Startup: Wincbr.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...xdm799YYSK
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...0.0.15.cab
O20 - Winlogon Notify: OLESVR2 - OLESVR2.dll (file missing)
3) Stáhni si a spusť pod účtem administrátora Avenger - http://swandog46.geekstogo.com/avenger.exe
- Zvol možnost Input script manually a klikni na ikonku lupy
- Do nového prázdného okna zkopíruj celý tento text:
- Poté klikni na Done
- Klikni na ikonu semaforu ke spuštění programu, nakonec klikni na OK a tvůj počítač se restartuje
4) Stáhni si a spusť ComboFix - http://download.bleepingcomputer.com/sUBs/combofix.exe
- Postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log, zkopíruj sem prosím celý jeho obsah
Vlož sem log z ComboFixu a nový log z HijackThis.
2) Fixni v HijackThis:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.321search.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1ILE...MqXr901hez
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {45A4902E-4479-4EAE-A186-8D0F7E4C78DE} - C:\Program Files\Starware349\bin\Starware349.dll
O3 - Toolbar: Starware349 - {9FB3908C-6565-4CB0-95F8-E9F85258723C} - C:\Program Files\Starware349\bin\Starware349.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [startkey] C:\WINDOWS\System32\server.exe
O4 - HKLM\..\Run: [OLESVR2] C:\WINDOWS\System32\OLESVR2.exe
O4 - HKLM\..\Run: [Microsoft Windows System] syshost.exe
O4 - HKLM\..\Run: [mysvcig38] mysvcc.exe
O4 - HKLM\..\RunServices: [Microsoft Windows System] syshost.exe
O4 - HKLM\..\RunServices: [mysvcig38] mysvcc.exe
O4 - HKCU\..\Run: [startkey] C:\WINDOWS\System32\server.exe
O4 - HKCU\..\Run: [srshost.exe] C:\WINDOWS\system32\srshost.exe
O4 - Global Startup: Wincbr.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...xdm799YYSK
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...0.0.15.cab
O20 - Winlogon Notify: OLESVR2 - OLESVR2.dll (file missing)
3) Stáhni si a spusť pod účtem administrátora Avenger - http://swandog46.geekstogo.com/avenger.exe
- Zvol možnost Input script manually a klikni na ikonku lupy
- Do nového prázdného okna zkopíruj celý tento text:
- Kód: Vybrat vše
Files to delete:
C:\WINDOWS\System32\syshost.exe
C:\WINDOWS\System32\mysvcc.exe
C:\WINDOWS\system32\srshost.exe
C:\WINDOWS\System32\server.exe
C:\WINDOWS\System32\OLESVR2.exe
C:\WINDOWS\System32\rpcc.dll
Folders to delete:
C:\Program Files\Starware349
Registry keys to delete:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rpcc
- Poté klikni na Done
- Klikni na ikonu semaforu ke spuštění programu, nakonec klikni na OK a tvůj počítač se restartuje
4) Stáhni si a spusť ComboFix - http://download.bleepingcomputer.com/sUBs/combofix.exe
- Postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log, zkopíruj sem prosím celý jeho obsah
Vlož sem log z ComboFixu a nový log z HijackThis.
- Levlard
- VIP uživatel
-
od himo 17. 12. 2006 12:53
tu je log z combo fixu
Lukas - 06-12-17 12:48:30,56 Service Pack 1
ComboFix 06.11.27 - Running from: "C:\Program Files\Mozilla Firefox"
((((((((((((((((((((((((((((((( Files Created from 2006-11-17 to 2006-12-17 ))))))))))))))))))))))))))))))))))
2006-12-17 12:45 <DIR> d-------- C:\avenger
2006-12-16 09:33 <DIR> d--hs---- C:\FOUND.017
2006-12-10 18:03 70,870 --a------ C:\Documents and Settings\Lukas\4.exe
2006-12-10 18:03 70,823 --a------ C:\Documents and Settings\Lukas\3.exe
2006-12-10 12:22 2,048 ---hs---- C:\WINDOWS\system32\helpermdm4.exe
2006-12-10 12:21 70,870 ---hs---- C:\WINDOWS\system32\mdm4.exe
2006-12-10 12:21 2,048 ---hs---- C:\WINDOWS\system32\helpersrrvc.exe
2006-12-09 21:20 <DIR> d-------- C:\Documents and Settings\Lukas\Shared
2006-12-09 21:03 <DIR> d-------- C:\Program Files\Azureus
2006-12-09 21:03 <DIR> d-------- C:\Documents and Settings\Lukas\Application Data\Azureus
2006-12-09 18:17 <DIR> d-------- C:\Documents and Settings\Lukas\.limewire
2006-12-07 18:00 <DIR> d-------- C:\Fraps
2006-12-07 18:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2006-12-06 22:02 968,192 --a------ C:\WINDOWS\system32\msgina.dll
2006-12-06 22:02 938,496 --a------ C:\WINDOWS\system32\syssetup.dll
2006-12-06 22:02 88,064 --a------ C:\WINDOWS\system32\mydocs.dll
2006-12-06 22:02 87,552 --a------ C:\WINDOWS\system32\occache.dll
2006-12-06 22:02 762,368 --a------ C:\WINDOWS\system32\WINNTBBU.DLL
2006-12-06 22:02 66,048 --a------ C:\WINDOWS\notepad.exe
2006-12-06 22:02 631,808 --a------ C:\WINDOWS\system32\rasdlg.dll
2006-12-06 22:02 598,016 --a------ C:\WINDOWS\system32\mstscax.dll
2006-12-06 22:02 548,864 --a------ C:\WINDOWS\system32\shdoclc.dll
2006-12-06 22:02 522,240 --a------ C:\WINDOWS\system32\printui.dll
2006-12-06 22:02 504,320 --a------ C:\WINDOWS\system32\logonui.exe
2006-12-06 22:02 420,864 --a------ C:\WINDOWS\system32\shimgvw.dll
2006-12-06 22:02 414,720 --a------ C:\WINDOWS\system32\wiaacmgr.exe
2006-12-06 22:02 384,000 --a------ C:\WINDOWS\system32\themeui.dll
2006-12-06 22:02 361,472 --a------ C:\WINDOWS\system32\fontext.dll
2006-12-06 22:02 339,968 --a------ C:\WINDOWS\system32\mspaint.exe
2006-12-06 22:02 316,416 --a------ C:\WINDOWS\system32\zipfldr.dll
2006-12-06 22:02 3,371,008 --a------ C:\WINDOWS\system32\wmploc.dll
2006-12-06 22:02 276,480 --a------ C:\WINDOWS\system32\winsrv.dll
2006-12-06 22:02 258,048 --a------ C:\WINDOWS\system32\webcheck.dll
2006-12-06 22:02 250,368 --a------ C:\WINDOWS\system32\mstask.dll
2006-12-06 22:02 238,080 --a------ C:\WINDOWS\system32\newdev.dll
2006-12-06 22:02 219,648 --a------ C:\WINDOWS\system32\logon.scr
2006-12-06 22:02 210,944 --a------ C:\WINDOWS\system32\moricons.dll
2006-12-06 22:02 146,432 --a------ C:\WINDOWS\system32\keymgr.dll
2006-12-06 22:02 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2006-12-06 22:02 137,216 --a------ C:\WINDOWS\system32\ntshrui.dll
2006-12-06 22:02 134,656 --a------ C:\WINDOWS\system32\netid.dll
2006-12-06 22:02 134,144 --a------ C:\WINDOWS\regedit.exe
2006-12-06 22:02 128,512 --a------ C:\WINDOWS\system32\taskmgr.exe
2006-12-06 22:02 124,416 --a------ C:\WINDOWS\system32\sndrec32.exe
2006-12-06 22:02 117,760 --a------ C:\WINDOWS\system32\stobject.dll
2006-12-06 22:02 110,592 --a------ C:\WINDOWS\system32\inetcplc.dll
2006-12-06 22:02 106,496 --a------ C:\WINDOWS\system32\url.dll
2006-12-06 22:02 103,936 --a------ C:\WINDOWS\system32\sysocmgr.exe
2006-12-06 22:02 1,622,528 --a------ C:\WINDOWS\system32\netshell.dll
2006-12-06 22:01 80,384 --a------ C:\WINDOWS\system32\cabview.dll
2006-12-06 22:01 66,560 --a------ C:\WINDOWS\system32\console.dll
2006-12-06 22:01 61,440 --a------ C:\WINDOWS\system32\cleanmgr.exe
2006-12-06 22:01 375,808 --a------ C:\WINDOWS\system32\cmd.exe
2006-12-06 22:01 324,608 --a------ C:\WINDOWS\system32\cmdial32.dll
2006-12-06 22:01 158,720 --a------ C:\WINDOWS\system32\credui.dll
2006-12-06 22:01 114,688 --a------ C:\WINDOWS\system32\calc.exe
2006-12-06 22:01 1,004,032 --a------ C:\WINDOWS\explorer.exe
2006-12-03 15:08 <DIR> d-------- C:\Program Files\ImTOO
2006-12-03 12:58 43,691 --a------ C:\WINDOWS\BricoPackUninst.cmd
2006-12-03 12:58 203,264 --a------ C:\WINDOWS\system32\uxtheme.dll
2006-12-03 12:55 3,038 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2006-12-03 12:54 <DIR> d-------- C:\WINDOWS\BricoPacks
2006-12-03 12:17 <DIR> d-------- C:\WINDOWS\system32\VIRepair
2006-12-02 22:13 81,920 --a------ C:\WINDOWS\system32\closeapp.exe
2006-12-02 22:13 19,968 --a------ C:\WINDOWS\system32\reico.exe
2006-12-02 22:13 111,104 --a------ C:\WINDOWS\system32\Uharc.exe
2006-12-02 19:35 35,840 --a------ C:\WINDOWS\system32\drivers\isapnp.sys
2006-12-01 16:54 77,329 --a------ C:\WINDOWS\system32\recsl.exe
2006-11-26 18:52 49,152 -ra------ C:\WINDOWS\system32\VTTimer.exe
2006-11-26 18:52 458,752 -ra------ C:\WINDOWS\system32\VTDisply.dll
2006-11-26 16:17 <DIR> d-------- C:\Program Files\URUSoft
2006-11-26 14:49 <DIR> d-------- C:\Program Files\ASF-AVI-RM-WMV Repair
2006-11-23 19:38 689,152 --a------ C:\WINDOWS\CALLUNI.EXE
2006-11-23 19:38 233,472 --a------ C:\WINDOWS\system\ILDA32.DLL
2006-11-23 19:38 <DIR> d-------- C:\CALLNET
2006-11-22 19:29 <DIR> d-------- C:\Program Files\Switch Off
2006-11-22 17:05 <DIR> d-------- C:\Program Files\EA GAMES
2006-11-17 22:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2006-11-17 00:11 48,128 --a------ C:\WINDOWS\system32\srshostu.exe
2006-11-17 00:10 179,200 --a------ C:\WINDOWS\system32\winl0gon.exe
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-11-16 21:32 -------- d-------- C:\Program Files\18 WoS Across America
2006-11-16 17:23 0 --a------ C:\Documents and Settings\Lukas\Application Data\AVSDVDPlayer.m3u
2006-11-12 17:42 21840 --a------ C:\WINDOWS\system32\SIntfNT.dll
2006-11-12 17:42 17212 --a------ C:\WINDOWS\system32\SIntf32.dll
2006-11-12 17:42 12067 --a------ C:\WINDOWS\system32\SIntf16.dll
2006-11-12 17:36 -------- d-------- C:\Program Files\Codemasters
2006-11-10 18:47 -------- d-------- C:\Program Files\QuickTime
2006-11-10 18:46 -------- d-------- C:\Program Files\Apple Software Update
2006-11-10 18:20 -------- d-------- C:\Program Files\Alwil Software
2006-11-10 17:55 -------- d-------- C:\Program Files\ABCgames Cheater
2006-11-05 19:07 33824 --a------ C:\WINDOWS\system32\drivers\oreans32.sys
2006-11-05 18:17 -------- d-------- C:\Program Files\AVSMedia
2006-11-05 15:36 -------- d-------- C:\Program Files\TVUPlayer
2006-10-28 09:06 -------- d-------- C:\Program Files\Picasa2
2006-10-26 14:08 40960 --a------ C:\WINDOWS\system32\frapsvid.dll
2006-09-25 17:45 666240 --a------ C:\WINDOWS\system32\aswBoot.exe
2006-09-25 17:37 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"OM_Monitor"="C:\\Program Files\\OLYMPUS\\OLYMPUS Master\\Monitor.exe -NoStart"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"VTTimer"="VTTimer.exe"
"NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"OM_Monitor"="C:\\Program Files\\OLYMPUS\\OLYMPUS Master\\FirstStart.exe"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1051"
"WinampAgent"="C:\\winam\\winampa.exe"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\\Program Files\\Google\\Gmail Notifier\\gnotify.exe"
"avast!"="\"C:\\Program Files\\Alwil Software\\Avast4\\ashDisp.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Trans"="C:\\PROGRA~1\\TRANS\\Trans.exe"
"Pepsi Volume Controller 3.0"="C:\\Program Files\\Zamaan's Software\\Pepsi Volume Controller 3.0\\pvc3.0.exe"
"Glass2k"="C:\\Program Files\\Glass2k\\Glass2k.exe"
"LClock"="C:\\Program Files\\LClock\\LClock.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Aktuálna domovská stránka"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,01,00,00,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"=dword:00000000
"NoColorChoice"=dword:00000000
"NoDispBackgroundPage"=dword:00000000
"NoDispCPL"=dword:00000000
"NoDispSettingsPage"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoVisualStyleChoice"=dword:00000000
"NoSizeChoice"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"=dword:00000001
"NoSaveSettings"=dword:00000000
"NoRecentDocsHistory"=dword:00000001
"CDRAutoRun"=dword:00000000
"NoDriveTypeAutoRun"=dword:00000095
"NoLowDiskSpaceChecks"=dword:00000001
"MemCheckBoxInRunDlg"=dword:00000000
"NoClose"=dword:00000000
"NoAutoTrayNotify"=dword:00000000
"NoResolveTrack"=dword:00000000
"NoResolveSearch"=dword:00000001
"LinkResolveIgnoreLinkInfo"=dword:00000001
"NoStartBanner"=hex:01,00,00,00
"NoWelcomeScreen"=dword:00000001
"NoRecentDocsNetHood"=dword:00000001
"NoDesktopCleanupWizard"=dword:00000001
"NoSharedDocuments"=dword:00000001
"NoThemesTab"=dword:00000000
"ForceClassicControlPanel"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"RunStartupScriptSync"=dword:00000000
"SynchronousMachineGroupPolicy"=dword:00000000
"SynchronousUserGroupPolicy"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoRemoteRecursiveEvents"=dword:00000001
"NoStrCmpLogical"=dword:00000001
"NoClose"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
backup-20061217-124228-315
O20 - Winlogon Notify: OLESVR2 - OLESVR2.dll (file missing)
backup-20061217-124227-302
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
backup-20061217-124228-965
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocach ... 0.0.15.cab
backup-20061217-124226-486
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
backup-20061217-124226-881
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
backup-20061217-124226-696
R3 - URLSearchHook: (no name) - - (no file)
backup-20061217-124226-518
O2 - BHO: (no name) - {45A4902E-4479-4EAE-A186-8D0F7E4C78DE} - C:\Program Files\Starware349\bin\Starware349.dll
backup-20061217-124227-681
O3 - Toolbar: Starware349 - {9FB3908C-6565-4CB0-95F8-E9F85258723C} - C:\Program Files\Starware349\bin\Starware349.dll
backup-20061217-124227-880
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
backup-20061217-124227-549
O4 - HKLM\..\Run: [startkey] C:\WINDOWS\System32\server.exe
backup-20061217-124227-542
O4 - HKLM\..\Run: [OLESVR2] C:\WINDOWS\System32\OLESVR2.exe
backup-20061217-124226-644
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1 ... MqXr901hez
backup-20061217-124227-557
O4 - HKLM\..\Run: [mysvcig38] mysvcc.exe
backup-20061217-124227-987
O4 - HKLM\..\RunServices: [Microsoft Windows System] syshost.exe
backup-20061217-124227-228
O4 - HKLM\..\RunServices: [mysvcig38] mysvcc.exe
backup-20061217-124227-504
O4 - HKCU\..\Run: [startkey] C:\WINDOWS\System32\server.exe
backup-20061217-124227-147
O4 - HKCU\..\Run: [srshost.exe] C:\WINDOWS\system32\srshost.exe
backup-20061217-124227-482
O4 - Global Startup: Wincbr.exe
backup-20061217-124227-162
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... xdm799YYSK
backup-20061217-124227-660
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
backup-20061217-124226-727
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.321search.com
backup-20061217-124227-297
O4 - HKLM\..\Run: [Microsoft Windows System] syshost.exe
backup-20061216-195130-949
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
Completion time: 06-12-17 12:50:33.40
C:\ComboFix.txt ... 06-12-17 12:50
a tu je log z hijacku
Logfile of HijackThis v1.99.1
Scan saved at 12:53:32, on 17. 12. 2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\VTTimer.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\winam\winampa.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\TRANS\Trans.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\WINDOWS\System32\svchost.exe
C:\DOCUME~1\Lukas\LOCALS~1\Temp\Rar$EX01.219\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1051
O4 - HKLM\..\Run: [WinampAgent] C:\winam\winampa.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Trans] C:\PROGRA~1\TRANS\Trans.exe
O4 - HKLM\..\Run: [Pepsi Volume Controller 3.0] C:\Program Files\Zamaan's Software\Pepsi Volume Controller 3.0\pvc3.0.exe
O4 - HKLM\..\Run: [Glass2k] C:\Program Files\Glass2k\Glass2k.exe
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Kalendár.lnk = C:\WINDOWS\MENINY.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Stiahnu položku pomocou FlashGetu - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Stiahnu všetky položky pomocou FlashGetu - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://pokladna.station.zoznam.sk/god/ocx/ExentCtl.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{344ADFE1-BD5B-4CBA-AA08-6CDC7D3D1F77}: NameServer = 62.168.122.95,62.168.96.4
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
Lukas - 06-12-17 12:48:30,56 Service Pack 1
ComboFix 06.11.27 - Running from: "C:\Program Files\Mozilla Firefox"
((((((((((((((((((((((((((((((( Files Created from 2006-11-17 to 2006-12-17 ))))))))))))))))))))))))))))))))))
2006-12-17 12:45 <DIR> d-------- C:\avenger
2006-12-16 09:33 <DIR> d--hs---- C:\FOUND.017
2006-12-10 18:03 70,870 --a------ C:\Documents and Settings\Lukas\4.exe
2006-12-10 18:03 70,823 --a------ C:\Documents and Settings\Lukas\3.exe
2006-12-10 12:22 2,048 ---hs---- C:\WINDOWS\system32\helpermdm4.exe
2006-12-10 12:21 70,870 ---hs---- C:\WINDOWS\system32\mdm4.exe
2006-12-10 12:21 2,048 ---hs---- C:\WINDOWS\system32\helpersrrvc.exe
2006-12-09 21:20 <DIR> d-------- C:\Documents and Settings\Lukas\Shared
2006-12-09 21:03 <DIR> d-------- C:\Program Files\Azureus
2006-12-09 21:03 <DIR> d-------- C:\Documents and Settings\Lukas\Application Data\Azureus
2006-12-09 18:17 <DIR> d-------- C:\Documents and Settings\Lukas\.limewire
2006-12-07 18:00 <DIR> d-------- C:\Fraps
2006-12-07 18:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2006-12-06 22:02 968,192 --a------ C:\WINDOWS\system32\msgina.dll
2006-12-06 22:02 938,496 --a------ C:\WINDOWS\system32\syssetup.dll
2006-12-06 22:02 88,064 --a------ C:\WINDOWS\system32\mydocs.dll
2006-12-06 22:02 87,552 --a------ C:\WINDOWS\system32\occache.dll
2006-12-06 22:02 762,368 --a------ C:\WINDOWS\system32\WINNTBBU.DLL
2006-12-06 22:02 66,048 --a------ C:\WINDOWS\notepad.exe
2006-12-06 22:02 631,808 --a------ C:\WINDOWS\system32\rasdlg.dll
2006-12-06 22:02 598,016 --a------ C:\WINDOWS\system32\mstscax.dll
2006-12-06 22:02 548,864 --a------ C:\WINDOWS\system32\shdoclc.dll
2006-12-06 22:02 522,240 --a------ C:\WINDOWS\system32\printui.dll
2006-12-06 22:02 504,320 --a------ C:\WINDOWS\system32\logonui.exe
2006-12-06 22:02 420,864 --a------ C:\WINDOWS\system32\shimgvw.dll
2006-12-06 22:02 414,720 --a------ C:\WINDOWS\system32\wiaacmgr.exe
2006-12-06 22:02 384,000 --a------ C:\WINDOWS\system32\themeui.dll
2006-12-06 22:02 361,472 --a------ C:\WINDOWS\system32\fontext.dll
2006-12-06 22:02 339,968 --a------ C:\WINDOWS\system32\mspaint.exe
2006-12-06 22:02 316,416 --a------ C:\WINDOWS\system32\zipfldr.dll
2006-12-06 22:02 3,371,008 --a------ C:\WINDOWS\system32\wmploc.dll
2006-12-06 22:02 276,480 --a------ C:\WINDOWS\system32\winsrv.dll
2006-12-06 22:02 258,048 --a------ C:\WINDOWS\system32\webcheck.dll
2006-12-06 22:02 250,368 --a------ C:\WINDOWS\system32\mstask.dll
2006-12-06 22:02 238,080 --a------ C:\WINDOWS\system32\newdev.dll
2006-12-06 22:02 219,648 --a------ C:\WINDOWS\system32\logon.scr
2006-12-06 22:02 210,944 --a------ C:\WINDOWS\system32\moricons.dll
2006-12-06 22:02 146,432 --a------ C:\WINDOWS\system32\keymgr.dll
2006-12-06 22:02 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2006-12-06 22:02 137,216 --a------ C:\WINDOWS\system32\ntshrui.dll
2006-12-06 22:02 134,656 --a------ C:\WINDOWS\system32\netid.dll
2006-12-06 22:02 134,144 --a------ C:\WINDOWS\regedit.exe
2006-12-06 22:02 128,512 --a------ C:\WINDOWS\system32\taskmgr.exe
2006-12-06 22:02 124,416 --a------ C:\WINDOWS\system32\sndrec32.exe
2006-12-06 22:02 117,760 --a------ C:\WINDOWS\system32\stobject.dll
2006-12-06 22:02 110,592 --a------ C:\WINDOWS\system32\inetcplc.dll
2006-12-06 22:02 106,496 --a------ C:\WINDOWS\system32\url.dll
2006-12-06 22:02 103,936 --a------ C:\WINDOWS\system32\sysocmgr.exe
2006-12-06 22:02 1,622,528 --a------ C:\WINDOWS\system32\netshell.dll
2006-12-06 22:01 80,384 --a------ C:\WINDOWS\system32\cabview.dll
2006-12-06 22:01 66,560 --a------ C:\WINDOWS\system32\console.dll
2006-12-06 22:01 61,440 --a------ C:\WINDOWS\system32\cleanmgr.exe
2006-12-06 22:01 375,808 --a------ C:\WINDOWS\system32\cmd.exe
2006-12-06 22:01 324,608 --a------ C:\WINDOWS\system32\cmdial32.dll
2006-12-06 22:01 158,720 --a------ C:\WINDOWS\system32\credui.dll
2006-12-06 22:01 114,688 --a------ C:\WINDOWS\system32\calc.exe
2006-12-06 22:01 1,004,032 --a------ C:\WINDOWS\explorer.exe
2006-12-03 15:08 <DIR> d-------- C:\Program Files\ImTOO
2006-12-03 12:58 43,691 --a------ C:\WINDOWS\BricoPackUninst.cmd
2006-12-03 12:58 203,264 --a------ C:\WINDOWS\system32\uxtheme.dll
2006-12-03 12:55 3,038 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2006-12-03 12:54 <DIR> d-------- C:\WINDOWS\BricoPacks
2006-12-03 12:17 <DIR> d-------- C:\WINDOWS\system32\VIRepair
2006-12-02 22:13 81,920 --a------ C:\WINDOWS\system32\closeapp.exe
2006-12-02 22:13 19,968 --a------ C:\WINDOWS\system32\reico.exe
2006-12-02 22:13 111,104 --a------ C:\WINDOWS\system32\Uharc.exe
2006-12-02 19:35 35,840 --a------ C:\WINDOWS\system32\drivers\isapnp.sys
2006-12-01 16:54 77,329 --a------ C:\WINDOWS\system32\recsl.exe
2006-11-26 18:52 49,152 -ra------ C:\WINDOWS\system32\VTTimer.exe
2006-11-26 18:52 458,752 -ra------ C:\WINDOWS\system32\VTDisply.dll
2006-11-26 16:17 <DIR> d-------- C:\Program Files\URUSoft
2006-11-26 14:49 <DIR> d-------- C:\Program Files\ASF-AVI-RM-WMV Repair
2006-11-23 19:38 689,152 --a------ C:\WINDOWS\CALLUNI.EXE
2006-11-23 19:38 233,472 --a------ C:\WINDOWS\system\ILDA32.DLL
2006-11-23 19:38 <DIR> d-------- C:\CALLNET
2006-11-22 19:29 <DIR> d-------- C:\Program Files\Switch Off
2006-11-22 17:05 <DIR> d-------- C:\Program Files\EA GAMES
2006-11-17 22:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2006-11-17 00:11 48,128 --a------ C:\WINDOWS\system32\srshostu.exe
2006-11-17 00:10 179,200 --a------ C:\WINDOWS\system32\winl0gon.exe
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-11-16 21:32 -------- d-------- C:\Program Files\18 WoS Across America
2006-11-16 17:23 0 --a------ C:\Documents and Settings\Lukas\Application Data\AVSDVDPlayer.m3u
2006-11-12 17:42 21840 --a------ C:\WINDOWS\system32\SIntfNT.dll
2006-11-12 17:42 17212 --a------ C:\WINDOWS\system32\SIntf32.dll
2006-11-12 17:42 12067 --a------ C:\WINDOWS\system32\SIntf16.dll
2006-11-12 17:36 -------- d-------- C:\Program Files\Codemasters
2006-11-10 18:47 -------- d-------- C:\Program Files\QuickTime
2006-11-10 18:46 -------- d-------- C:\Program Files\Apple Software Update
2006-11-10 18:20 -------- d-------- C:\Program Files\Alwil Software
2006-11-10 17:55 -------- d-------- C:\Program Files\ABCgames Cheater
2006-11-05 19:07 33824 --a------ C:\WINDOWS\system32\drivers\oreans32.sys
2006-11-05 18:17 -------- d-------- C:\Program Files\AVSMedia
2006-11-05 15:36 -------- d-------- C:\Program Files\TVUPlayer
2006-10-28 09:06 -------- d-------- C:\Program Files\Picasa2
2006-10-26 14:08 40960 --a------ C:\WINDOWS\system32\frapsvid.dll
2006-09-25 17:45 666240 --a------ C:\WINDOWS\system32\aswBoot.exe
2006-09-25 17:37 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"OM_Monitor"="C:\\Program Files\\OLYMPUS\\OLYMPUS Master\\Monitor.exe -NoStart"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"VTTimer"="VTTimer.exe"
"NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"OM_Monitor"="C:\\Program Files\\OLYMPUS\\OLYMPUS Master\\FirstStart.exe"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1051"
"WinampAgent"="C:\\winam\\winampa.exe"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\\Program Files\\Google\\Gmail Notifier\\gnotify.exe"
"avast!"="\"C:\\Program Files\\Alwil Software\\Avast4\\ashDisp.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Trans"="C:\\PROGRA~1\\TRANS\\Trans.exe"
"Pepsi Volume Controller 3.0"="C:\\Program Files\\Zamaan's Software\\Pepsi Volume Controller 3.0\\pvc3.0.exe"
"Glass2k"="C:\\Program Files\\Glass2k\\Glass2k.exe"
"LClock"="C:\\Program Files\\LClock\\LClock.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Aktuálna domovská stránka"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,01,00,00,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"=dword:00000000
"NoColorChoice"=dword:00000000
"NoDispBackgroundPage"=dword:00000000
"NoDispCPL"=dword:00000000
"NoDispSettingsPage"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoVisualStyleChoice"=dword:00000000
"NoSizeChoice"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"=dword:00000001
"NoSaveSettings"=dword:00000000
"NoRecentDocsHistory"=dword:00000001
"CDRAutoRun"=dword:00000000
"NoDriveTypeAutoRun"=dword:00000095
"NoLowDiskSpaceChecks"=dword:00000001
"MemCheckBoxInRunDlg"=dword:00000000
"NoClose"=dword:00000000
"NoAutoTrayNotify"=dword:00000000
"NoResolveTrack"=dword:00000000
"NoResolveSearch"=dword:00000001
"LinkResolveIgnoreLinkInfo"=dword:00000001
"NoStartBanner"=hex:01,00,00,00
"NoWelcomeScreen"=dword:00000001
"NoRecentDocsNetHood"=dword:00000001
"NoDesktopCleanupWizard"=dword:00000001
"NoSharedDocuments"=dword:00000001
"NoThemesTab"=dword:00000000
"ForceClassicControlPanel"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"RunStartupScriptSync"=dword:00000000
"SynchronousMachineGroupPolicy"=dword:00000000
"SynchronousUserGroupPolicy"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoRemoteRecursiveEvents"=dword:00000001
"NoStrCmpLogical"=dword:00000001
"NoClose"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
backup-20061217-124228-315
O20 - Winlogon Notify: OLESVR2 - OLESVR2.dll (file missing)
backup-20061217-124227-302
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
backup-20061217-124228-965
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocach ... 0.0.15.cab
backup-20061217-124226-486
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
backup-20061217-124226-881
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
backup-20061217-124226-696
R3 - URLSearchHook: (no name) - - (no file)
backup-20061217-124226-518
O2 - BHO: (no name) - {45A4902E-4479-4EAE-A186-8D0F7E4C78DE} - C:\Program Files\Starware349\bin\Starware349.dll
backup-20061217-124227-681
O3 - Toolbar: Starware349 - {9FB3908C-6565-4CB0-95F8-E9F85258723C} - C:\Program Files\Starware349\bin\Starware349.dll
backup-20061217-124227-880
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
backup-20061217-124227-549
O4 - HKLM\..\Run: [startkey] C:\WINDOWS\System32\server.exe
backup-20061217-124227-542
O4 - HKLM\..\Run: [OLESVR2] C:\WINDOWS\System32\OLESVR2.exe
backup-20061217-124226-644
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1 ... MqXr901hez
backup-20061217-124227-557
O4 - HKLM\..\Run: [mysvcig38] mysvcc.exe
backup-20061217-124227-987
O4 - HKLM\..\RunServices: [Microsoft Windows System] syshost.exe
backup-20061217-124227-228
O4 - HKLM\..\RunServices: [mysvcig38] mysvcc.exe
backup-20061217-124227-504
O4 - HKCU\..\Run: [startkey] C:\WINDOWS\System32\server.exe
backup-20061217-124227-147
O4 - HKCU\..\Run: [srshost.exe] C:\WINDOWS\system32\srshost.exe
backup-20061217-124227-482
O4 - Global Startup: Wincbr.exe
backup-20061217-124227-162
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... xdm799YYSK
backup-20061217-124227-660
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
backup-20061217-124226-727
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.321search.com
backup-20061217-124227-297
O4 - HKLM\..\Run: [Microsoft Windows System] syshost.exe
backup-20061216-195130-949
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
Completion time: 06-12-17 12:50:33.40
C:\ComboFix.txt ... 06-12-17 12:50
a tu je log z hijacku
Logfile of HijackThis v1.99.1
Scan saved at 12:53:32, on 17. 12. 2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\VTTimer.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\winam\winampa.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\TRANS\Trans.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\WINDOWS\System32\svchost.exe
C:\DOCUME~1\Lukas\LOCALS~1\Temp\Rar$EX01.219\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1051
O4 - HKLM\..\Run: [WinampAgent] C:\winam\winampa.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Trans] C:\PROGRA~1\TRANS\Trans.exe
O4 - HKLM\..\Run: [Pepsi Volume Controller 3.0] C:\Program Files\Zamaan's Software\Pepsi Volume Controller 3.0\pvc3.0.exe
O4 - HKLM\..\Run: [Glass2k] C:\Program Files\Glass2k\Glass2k.exe
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Kalendár.lnk = C:\WINDOWS\MENINY.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Stiahnu položku pomocou FlashGetu - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Stiahnu všetky položky pomocou FlashGetu - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://pokladna.station.zoznam.sk/god/ocx/ExentCtl.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{344ADFE1-BD5B-4CBA-AA08-6CDC7D3D1F77}: NameServer = 62.168.122.95,62.168.96.4
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
- himo
- Kolemjdoucí
od Levlard 17. 12. 2006 13:23
1) Soubor C:\WINDOWS\system\ILDA32.DLL prosím otestuj na http://www.virustotal.com/en/indexf.html a zkopíruj sem výsledky.
2) Použij znovu Avenger a zkopíruj do něho celý tento text:
V tomto případě se bude počítač restartovat dvakrát, po restartu by měl vyběhnout log z Avengeru, zkopíruj sem prosím celý jeho obsah.
Log z HijackThis je až na chybějící firewall a Service Pack 2 v pořádku.
Napiš také, jestli přetrvávají problémy.
2) Použij znovu Avenger a zkopíruj do něho celý tento text:
- Kód: Vybrat vše
Drivers to unload:
oreans32
Files to delete:
C:\WINDOWS\system32\winl0gon.exe
C:\Documents and Settings\Lukas\4.exe
C:\Documents and Settings\Lukas\3.exe
C:\WINDOWS\system32\helpermdm4.exe
C:\WINDOWS\system32\mdm4.exe
C:\WINDOWS\system32\helpersrrvc.exe
C:\WINDOWS\system32\srshostu.exe
C:\WINDOWS\CALLUNI.EXE
C:\WINDOWS\system32\recsl.exe
C:\WINDOWS\system32\drivers\oreans32.sys
V tomto případě se bude počítač restartovat dvakrát, po restartu by měl vyběhnout log z Avengeru, zkopíruj sem prosím celý jeho obsah.
Log z HijackThis je až na chybějící firewall a Service Pack 2 v pořádku.
Napiš také, jestli přetrvávají problémy.
- Levlard
- VIP uživatel
-
od himo 17. 12. 2006 13:59
tu je log z avengeru
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\bjlpaenc
*******************
Script file located at: \??\C:\WINDOWS\System32\mytbpvcm.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Driver oreans32 unloaded successfully.
File C:\WINDOWS\system32\winl0gon.exe deleted successfully.
File C:\Documents and Settings\Lukas\4.exe deleted successfully.
File C:\Documents and Settings\Lukas\3.exe deleted successfully.
File C:\WINDOWS\system32\helpermdm4.exe deleted successfully.
File C:\WINDOWS\system32\mdm4.exe deleted successfully.
File C:\WINDOWS\system32\helpersrrvc.exe deleted successfully.
File C:\WINDOWS\system32\srshostu.exe deleted successfully.
File C:\WINDOWS\CALLUNI.EXE deleted successfully.
File C:\WINDOWS\system32\recsl.exe deleted successfully.
File C:\WINDOWS\system32\drivers\oreans32.sys deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
a tu je to o tom subore
Complete scanning result of "ILDA32.DLL", received in VirusTotal at 12.17.2006, 13:55:28 (CET).
Antivirus Version Update Result
AntiVir 7.3.0.19 12.15.2006 no virus found
Authentium 4.93.8 12.15.2006 no virus found
Avast 4.7.892.0 12.16.2006 no virus found
AVG 386 12.16.2006 no virus found
BitDefender 7.2 12.17.2006 no virus found
CAT-QuickHeal 8.00 12.15.2006 no virus found
ClamAV devel-20060426 12.17.2006 no virus found
DrWeb 4.33 12.17.2006 no virus found
eSafe 7.0.14.0 12.14.2006 no virus found
eTrust-InoculateIT 23.73.87 12.16.2006 no virus found
eTrust-Vet 30.3.3254 12.15.2006 no virus found
Ewido 4.0 12.16.2006 no virus found
Fortinet 2.82.0.0 12.17.2006 no virus found
F-Prot 3.16f 12.15.2006 no virus found
F-Prot4 4.2.1.29 12.15.2006 no virus found
Ikarus T3.1.0.26 12.17.2006 no virus found
Kaspersky 4.0.2.24 12.17.2006 no virus found
McAfee 4920 12.15.2006 no virus found
Microsoft 1.1804 12.15.2006 no virus found
NOD32v2 1924 12.15.2006 no virus found
Norman 5.80.02 12.15.2006 no virus found
Panda 9.0.0.4 12.16.2006 no virus found
Prevx1 V2 12.17.2006 no virus found
Sophos 4.12.0 12.17.2006 no virus found
Sunbelt 2.2.907.0 11.30.2006 no virus found
TheHacker 6.0.3.133 12.16.2006 no virus found
UNA 1.83 12.15.2006 no virus found
VBA32 3.11.1 12.16.2006 no virus found
VirusBuster 4.3.19:9 12.16.2006 no virus found
Aditional Information
File size: 233472 bytes
MD5: ebeecf5b8fae16438a4818f3975ab465
SHA1: 880ca475e31f701aeb9bd8b8db222aad21780684
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\bjlpaenc
*******************
Script file located at: \??\C:\WINDOWS\System32\mytbpvcm.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Driver oreans32 unloaded successfully.
File C:\WINDOWS\system32\winl0gon.exe deleted successfully.
File C:\Documents and Settings\Lukas\4.exe deleted successfully.
File C:\Documents and Settings\Lukas\3.exe deleted successfully.
File C:\WINDOWS\system32\helpermdm4.exe deleted successfully.
File C:\WINDOWS\system32\mdm4.exe deleted successfully.
File C:\WINDOWS\system32\helpersrrvc.exe deleted successfully.
File C:\WINDOWS\system32\srshostu.exe deleted successfully.
File C:\WINDOWS\CALLUNI.EXE deleted successfully.
File C:\WINDOWS\system32\recsl.exe deleted successfully.
File C:\WINDOWS\system32\drivers\oreans32.sys deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
a tu je to o tom subore
Complete scanning result of "ILDA32.DLL", received in VirusTotal at 12.17.2006, 13:55:28 (CET).
Antivirus Version Update Result
AntiVir 7.3.0.19 12.15.2006 no virus found
Authentium 4.93.8 12.15.2006 no virus found
Avast 4.7.892.0 12.16.2006 no virus found
AVG 386 12.16.2006 no virus found
BitDefender 7.2 12.17.2006 no virus found
CAT-QuickHeal 8.00 12.15.2006 no virus found
ClamAV devel-20060426 12.17.2006 no virus found
DrWeb 4.33 12.17.2006 no virus found
eSafe 7.0.14.0 12.14.2006 no virus found
eTrust-InoculateIT 23.73.87 12.16.2006 no virus found
eTrust-Vet 30.3.3254 12.15.2006 no virus found
Ewido 4.0 12.16.2006 no virus found
Fortinet 2.82.0.0 12.17.2006 no virus found
F-Prot 3.16f 12.15.2006 no virus found
F-Prot4 4.2.1.29 12.15.2006 no virus found
Ikarus T3.1.0.26 12.17.2006 no virus found
Kaspersky 4.0.2.24 12.17.2006 no virus found
McAfee 4920 12.15.2006 no virus found
Microsoft 1.1804 12.15.2006 no virus found
NOD32v2 1924 12.15.2006 no virus found
Norman 5.80.02 12.15.2006 no virus found
Panda 9.0.0.4 12.16.2006 no virus found
Prevx1 V2 12.17.2006 no virus found
Sophos 4.12.0 12.17.2006 no virus found
Sunbelt 2.2.907.0 11.30.2006 no virus found
TheHacker 6.0.3.133 12.16.2006 no virus found
UNA 1.83 12.15.2006 no virus found
VBA32 3.11.1 12.16.2006 no virus found
VirusBuster 4.3.19:9 12.16.2006 no virus found
Aditional Information
File size: 233472 bytes
MD5: ebeecf5b8fae16438a4818f3975ab465
SHA1: 880ca475e31f701aeb9bd8b8db222aad21780684
- himo
- Kolemjdoucí
od maros6666 18. 7. 2007 08:06
zdravim. mne sa tiez dostalo do compu to svinstvo Themida a mam tu "verziu" co po 20 minutach napise ze treba regitrovanu verziu a vypne sa. pomozte mi s tym prosim Vas. tu su logy z HijackThis:
http://www.upnito.sk/download.php?file=startuplist.txt&dwToken=eb273da5a19371e2c88b897ce42f3400
http://www.upnito.sk/download.php?file=hijackthis.log&dwToken=e452c751991b6611925896a8bcf0b08f
odpiste mi prosim Vas na ICQ: 380-466-183
ĎAKUJEM
http://www.upnito.sk/download.php?file=startuplist.txt&dwToken=eb273da5a19371e2c88b897ce42f3400
http://www.upnito.sk/download.php?file=hijackthis.log&dwToken=e452c751991b6611925896a8bcf0b08f
odpiste mi prosim Vas na ICQ: 380-466-183
ĎAKUJEM
- maros6666
- Junior
od Levlard 18. 7. 2007 08:54
1) Fixni v HijackThis:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
2) Stáhni si a spusť pod účtem administrátora Avenger - http://swandog46.geekstogo.com/avenger.exe
- Zvol možnost Input script manually a klikni na ikonku lupy
- Do nového prázdného okna zkopíruj celý tento text:
- Poté klikni na Done
- Klikni na ikonu semaforu ke spuštění programu, nakonec klikni na OK a tvůj počítač se dvakrát restartuje
Vlož sem log z Avengeru, který vyběhne po restartu a nový log z HijackThis.
Napiš, jestli problémy přetrvají.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
2) Stáhni si a spusť pod účtem administrátora Avenger - http://swandog46.geekstogo.com/avenger.exe
- Zvol možnost Input script manually a klikni na ikonku lupy
- Do nového prázdného okna zkopíruj celý tento text:
- Kód: Vybrat vše
Drivers to unload:
oreans32
Files to delete:
C:\WINDOWS\system32\vssms32.exe
C:\WINDOWS\system32\drivers\oreans32.sys
Registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | vssms32
- Poté klikni na Done
- Klikni na ikonu semaforu ke spuštění programu, nakonec klikni na OK a tvůj počítač se dvakrát restartuje
Vlož sem log z Avengeru, který vyběhne po restartu a nový log z HijackThis.
Napiš, jestli problémy přetrvají.
- Levlard
- VIP uživatel
-
od maros6666 18. 7. 2007 09:50
no spravil som to. PC sa dvakrat restartoval a ten avenger vyhodil iba prazdny dokument s priponou txt a ta themida znovu nabehla.
novy log z hijack this je tu:
http://www.upnito.sk/download.php?file=hijackthis.log&dwToken=b8951aec2eba0d1a4ff467fe1e207451
diky za pomoc
novy log z hijack this je tu:
http://www.upnito.sk/download.php?file=hijackthis.log&dwToken=b8951aec2eba0d1a4ff467fe1e207451
diky za pomoc
- maros6666
- Junior
od Levlard 18. 7. 2007 10:39
Ten vir je neústupný 
1) Stáhni si na plochu ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe
2) Spusť Poznámkový blok přes Start - Programy - Příslušenství a zkopíruj do něj celý tento text:
Zvol možnost Uložit soubor jako, pojmenuj soubor CFScript.txt a zvol Uložit jako typ Všechny soubory. Ulož soubor na plochu.
3) Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Spustí se ComboFix, potvrď licenční podmínky stiskem klávesy 1
- Postupuj dle pokynů, během aplikování programu neklikej do zobrazujícího se okna
- Po dokončení skenování a případném restartu počítače by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem celý jeho obsah
Vlož vytvořený log z ComboFixu.
1) Stáhni si na plochu ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe
2) Spusť Poznámkový blok přes Start - Programy - Příslušenství a zkopíruj do něj celý tento text:
- Kód: Vybrat vše
Driver::
oreans32
File::
C:\WINDOWS\hkr32.asm
C:\WINDOWS\system32\ldapi32.exe
C:\WINDOWS\system32\ntcvx32.dll
C:\WINDOWS\system32\ntswrl32.dll
C:\WINDOWS\system32\vssms32.exe
C:\WINDOWS\system32\drivers\oreans32.sys
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vssms32"=-
Zvol možnost Uložit soubor jako, pojmenuj soubor CFScript.txt a zvol Uložit jako typ Všechny soubory. Ulož soubor na plochu.
3) Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Spustí se ComboFix, potvrď licenční podmínky stiskem klávesy 1
- Postupuj dle pokynů, během aplikování programu neklikej do zobrazujícího se okna
- Po dokončení skenování a případném restartu počítače by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem celý jeho obsah
Vlož vytvořený log z ComboFixu.
- Levlard
- VIP uživatel
-
Kdo je online
Uživatelé procházející toto fórum: Žádní registrovaní uživatelé a 0 návštevníků