Děkuji za předešlé rady a pomoc z wmp,,vyřešila jsem to trochu jinak,ale přezto moc děkuji....Prosím ještě kontrola Logu pro můj druhý Pc...všem moc děkuji...Logfile of HijackThis v1.99.1
Scan saved at 21:26:17, on 8.11.2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\System32\svcchost.exe
C:\WINDOWS\System32\mysvcc.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\syswinxp.exe
C:\WINDOWS\wintasks32.exe
C:\WINDOWS\system32\lsscs.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Documents and Settings\Tomas\Plocha\UtilProgs\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Affiliate Beta - {C49DD894-C6DE-4910-8C41-BA20F852D8BC} - C:\Program Files\Affiliate Beta\untitled.dll (file missing)
O2 - BHO: (no name) - {3A947772-3B29-41DB-A436-4B5CAAECE2F6} - C:\WINDOWS\System32\mljhhgh.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Affiliate Beta - {C49DD894-C6DE-4910-8C41-BA20F852D8BC} - C:\Program Files\Affiliate Beta\untitled.dll (file missing)
O4 - HKLM\..\Run: [keyboard] C:\\kybrdd_5.exe
O4 - HKLM\..\Run: [newname] C:\\nwnmd_5.exe
O4 - HKLM\..\Run: [msvcc25] svcchost.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [mysvcig38] mysvcc.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunServices: [msvcc25] svcchost.exe
O4 - HKLM\..\RunServices: [mysvcig38] mysvcc.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Affiliate Beta - {C49DD894-C6DE-4910-8C41-BA20F852D8BC} - C:\Program Files\Affiliate Beta\untitled.dll (file missing)
O9 - Extra 'Tools' menuitem: Affiliate Beta - {C49DD894-C6DE-4910-8C41-BA20F852D8BC} - C:\Program Files\Affiliate Beta\untitled.dll (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O20 - Winlogon Notify: CSCSettings - C:\WINDOWS\system32\o666lgjs16o6.dll (file missing)
O20 - Winlogon Notify: mljhhgh - C:\WINDOWS\SYSTEM32\mljhhgh.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\VG9tYXM\command.exe (file missing)
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Unknown owner - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe (file missing)
O23 - Service: Microsoft Windows System32 - Unknown owner - C:\WINDOWS\syswinxp.exe
O23 - Service: Win32 Task Manager (Win32Task) - Unknown owner - C:\WINDOWS\wintasks32.exe
O23 - Service: Window Plugin Service - Unknown owner - C:\WINDOWS\system32\lsscs.exe
log ...
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
ukonči ve správci úloh a smaž
C:\WINDOWS\System32\svcchost.exe
C:\WINDOWS\System32\mysvcc.exe
C:\WINDOWS\syswinxp.exe
C:\WINDOWS\wintasks32.exe
C:\WINDOWS\system32\lsscs.exe
v HijackThis fixni
R3 - URLSearchHook: Affiliate Beta - {C49DD894-C6DE-4910-8C41-BA20F852D8BC} - C:\Program Files\Affiliate Beta\untitled.dll (file missing)
O2 - BHO: (no name) - {3A947772-3B29-41DB-A436-4B5CAAECE2F6} - C:\WINDOWS\System32\mljhhgh.dll
O3 - Toolbar: Affiliate Beta - {C49DD894-C6DE-4910-8C41-BA20F852D8BC} - C:\Program Files\Affiliate Beta\untitled.dll (file missing)
O4 - HKLM\..\Run: [keyboard] C:\\kybrdd_5.exe
O4 - HKLM\..\Run: [newname] C:\\nwnmd_5.exe
O4 - HKLM\..\Run: [msvcc25] svcchost.exe
O4 - HKLM\..\Run: [mysvcig38] mysvcc.exe
O4 - HKLM\..\RunServices: [msvcc25] svcchost.exe
O4 - HKLM\..\RunServices: [mysvcig38] mysvcc.exe
O9 - Extra button: Affiliate Beta - {C49DD894-C6DE-4910-8C41-BA20F852D8BC} - C:\Program Files\Affiliate Beta\untitled.dll (file missing)
O9 - Extra 'Tools' menuitem: Affiliate Beta - {C49DD894-C6DE-4910-8C41-BA20F852D8BC} - C:\Program Files\Affiliate Beta\untitled.dll (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O20 - Winlogon Notify: CSCSettings - C:\WINDOWS\system32\o666lgjs16o6.dll (file missing)
O20 - Winlogon Notify: mljhhgh - C:\WINDOWS\SYSTEM32\mljhhgh.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\VG9tYXM\command.exe (file missing)
stahni si killbox
http://www.bleepingcomputer.com/files/s ... illBox.zip
rozbal,spust a do okýnka zkopíruj tučné
C:\WINDOWS\SYSTEM32\mljhhgh.dll
zaškrtni Delete on Reboot a Unregister .dll Before Deleting
a klikni na křížek.stroj pude do restartu
po restartu novej log
C:\WINDOWS\System32\svcchost.exe
C:\WINDOWS\System32\mysvcc.exe
C:\WINDOWS\syswinxp.exe
C:\WINDOWS\wintasks32.exe
C:\WINDOWS\system32\lsscs.exe
v HijackThis fixni
R3 - URLSearchHook: Affiliate Beta - {C49DD894-C6DE-4910-8C41-BA20F852D8BC} - C:\Program Files\Affiliate Beta\untitled.dll (file missing)
O2 - BHO: (no name) - {3A947772-3B29-41DB-A436-4B5CAAECE2F6} - C:\WINDOWS\System32\mljhhgh.dll
O3 - Toolbar: Affiliate Beta - {C49DD894-C6DE-4910-8C41-BA20F852D8BC} - C:\Program Files\Affiliate Beta\untitled.dll (file missing)
O4 - HKLM\..\Run: [keyboard] C:\\kybrdd_5.exe
O4 - HKLM\..\Run: [newname] C:\\nwnmd_5.exe
O4 - HKLM\..\Run: [msvcc25] svcchost.exe
O4 - HKLM\..\Run: [mysvcig38] mysvcc.exe
O4 - HKLM\..\RunServices: [msvcc25] svcchost.exe
O4 - HKLM\..\RunServices: [mysvcig38] mysvcc.exe
O9 - Extra button: Affiliate Beta - {C49DD894-C6DE-4910-8C41-BA20F852D8BC} - C:\Program Files\Affiliate Beta\untitled.dll (file missing)
O9 - Extra 'Tools' menuitem: Affiliate Beta - {C49DD894-C6DE-4910-8C41-BA20F852D8BC} - C:\Program Files\Affiliate Beta\untitled.dll (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O20 - Winlogon Notify: CSCSettings - C:\WINDOWS\system32\o666lgjs16o6.dll (file missing)
O20 - Winlogon Notify: mljhhgh - C:\WINDOWS\SYSTEM32\mljhhgh.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\VG9tYXM\command.exe (file missing)
stahni si killbox
http://www.bleepingcomputer.com/files/s ... illBox.zip
rozbal,spust a do okýnka zkopíruj tučné
C:\WINDOWS\SYSTEM32\mljhhgh.dll
zaškrtni Delete on Reboot a Unregister .dll Before Deleting
a klikni na křížek.stroj pude do restartu
po restartu novej log
prvně použij tohle
pak ukonči v taskmanageru červeně označené soubory smaž (ctrl+alt+delete):
C:\WINDOWS\System32\svcchost.exe
C:\WINDOWS\System32\mysvcc.exe
C:\WINDOWS\syswinxp.exe
C:\WINDOWS\wintasks32.exe
C:\WINDOWS\system32\lsscs.exe
v HJT fixni:
R3 - URLSearchHook: Affiliate Beta - {C49DD894-C6DE-4910-8C41-BA20F852D8BC} - C:\Program Files\Affiliate Beta\untitled.dll (file missing)
O4 - HKLM\..\Run: [keyboard] C:\\kybrdd_5.exe
O4 - HKLM\..\Run: [newname] C:\\nwnmd_5.exe
O4 - HKLM\..\Run: [msvcc25] svcchost.exe
O4 - HKLM\..\Run: [mysvcig38] mysvcc.exe
O4 - HKLM\..\RunServices: [msvcc25] svcchost.exe
O4 - HKLM\..\RunServices: [mysvcig38] mysvcc.exe
O9 - Extra button: Affiliate Beta - {C49DD894-C6DE-4910-8C41-BA20F852D8BC} - C:\Program Files\Affiliate Beta\untitled.dll (file missing)
O9 - Extra 'Tools' menuitem: Affiliate Beta - {C49DD894-C6DE-4910-8C41-BA20F852D8BC} - C:\Program Files\Affiliate Beta\untitled.dll (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O20 - Winlogon Notify: CSCSettings - C:\WINDOWS\system32\o666lgjs16o6.dll (file missing)
Start-Spustit-services.msc, najít služby, zastavit je a nastavit spouštění na Zakázáno:
O23 - Service: Microsoft Windows System32 - Unknown owner - C:\WINDOWS\syswinxp.exe
O23 - Service: Win32 Task Manager (Win32Task) - Unknown owner - C:\WINDOWS\wintasks32.exe
O23 - Service: Window Plugin Service - Unknown owner - C:\WINDOWS\system32\lsscs.exe
po restartu sem dej nový log
pak ukonči v taskmanageru červeně označené soubory smaž (ctrl+alt+delete):
C:\WINDOWS\System32\svcchost.exe
C:\WINDOWS\System32\mysvcc.exe
C:\WINDOWS\syswinxp.exe
C:\WINDOWS\wintasks32.exe
C:\WINDOWS\system32\lsscs.exe
v HJT fixni:
R3 - URLSearchHook: Affiliate Beta - {C49DD894-C6DE-4910-8C41-BA20F852D8BC} - C:\Program Files\Affiliate Beta\untitled.dll (file missing)
O4 - HKLM\..\Run: [keyboard] C:\\kybrdd_5.exe
O4 - HKLM\..\Run: [newname] C:\\nwnmd_5.exe
O4 - HKLM\..\Run: [msvcc25] svcchost.exe
O4 - HKLM\..\Run: [mysvcig38] mysvcc.exe
O4 - HKLM\..\RunServices: [msvcc25] svcchost.exe
O4 - HKLM\..\RunServices: [mysvcig38] mysvcc.exe
O9 - Extra button: Affiliate Beta - {C49DD894-C6DE-4910-8C41-BA20F852D8BC} - C:\Program Files\Affiliate Beta\untitled.dll (file missing)
O9 - Extra 'Tools' menuitem: Affiliate Beta - {C49DD894-C6DE-4910-8C41-BA20F852D8BC} - C:\Program Files\Affiliate Beta\untitled.dll (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O20 - Winlogon Notify: CSCSettings - C:\WINDOWS\system32\o666lgjs16o6.dll (file missing)
Start-Spustit-services.msc, najít služby, zastavit je a nastavit spouštění na Zakázáno:
O23 - Service: Microsoft Windows System32 - Unknown owner - C:\WINDOWS\syswinxp.exe
O23 - Service: Win32 Task Manager (Win32Task) - Unknown owner - C:\WINDOWS\wintasks32.exe
O23 - Service: Window Plugin Service - Unknown owner - C:\WINDOWS\system32\lsscs.exe
po restartu sem dej nový log
sakiri píše:prvně použij tohle
pak ukonči v taskmanageru červeně označené soubory smaž (ctrl+alt+delete):
C:\WINDOWS\System32\svcchost.exe
C:\WINDOWS\System32\mysvcc.exe
C:\WINDOWS\syswinxp.exe
C:\WINDOWS\wintasks32.exe
C:\WINDOWS\system32\lsscs.exe
v HJT fixni:
R3 - URLSearchHook: Affiliate Beta - {C49DD894-C6DE-4910-8C41-BA20F852D8BC} - C:\Program Files\Affiliate Beta\untitled.dll (file missing)
O4 - HKLM\..\Run: [keyboard] C:\\kybrdd_5.exe
O4 - HKLM\..\Run: [newname] C:\\nwnmd_5.exe
O4 - HKLM\..\Run: [msvcc25] svcchost.exe
O4 - HKLM\..\Run: [mysvcig38] mysvcc.exe
O4 - HKLM\..\RunServices: [msvcc25] svcchost.exe
O4 - HKLM\..\RunServices: [mysvcig38] mysvcc.exe
O9 - Extra button: Affiliate Beta - {C49DD894-C6DE-4910-8C41-BA20F852D8BC} - C:\Program Files\Affiliate Beta\untitled.dll (file missing)
O9 - Extra 'Tools' menuitem: Affiliate Beta - {C49DD894-C6DE-4910-8C41-BA20F852D8BC} - C:\Program Files\Affiliate Beta\untitled.dll (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O20 - Winlogon Notify: CSCSettings - C:\WINDOWS\system32\o666lgjs16o6.dll (file missing)
Start-Spustit-services.msc, najít služby, zastavit je a nastavit spouštění na Zakázáno:
O23 - Service: Microsoft Windows System32 - Unknown owner - C:\WINDOWS\syswinxp.exe
O23 - Service: Win32 Task Manager (Win32Task) - Unknown owner - C:\WINDOWS\wintasks32.exe
O23 - Service: Window Plugin Service - Unknown owner - C:\WINDOWS\system32\lsscs.exe
po restartu sem dej nový log
VKLÁDÁM NOVÝ LOG PO ......
Logfile of HijackThis v1.99.1
Scan saved at 6:59:28, on 13.11.2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Documents and Settings\Tomas\Plocha\UtilProgs\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: (no name) - {2CD1097E-16BD-4A7B-AB22-B94F6B484E84} - C:\WINDOWS\System32\wvwxv.dll (file missing)
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\VG9tYXM\command.exe (file missing)
DĚKUJI O DRUHOU KONTROLU....
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Ještě zastav tuto službu:
Start-Spustit-services.msc, najít služby, zastavit je a nastavit spouštění na Zakázáno:
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\VG9tYXM\command.exe (file missing)
Fixni v HJT
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
O2 - BHO: (no name) - {2CD1097E-16BD-4A7B-AB22-B94F6B484E84} - C:\WINDOWS\System32\wvwxv.dll (file missing)
Chybí ti tam už zpomínaný SP2 a firewall tak bych si je v rámci lepšího zabezpečení doinstaloval.
Start-Spustit-services.msc, najít služby, zastavit je a nastavit spouštění na Zakázáno:
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\VG9tYXM\command.exe (file missing)
Fixni v HJT
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
O2 - BHO: (no name) - {2CD1097E-16BD-4A7B-AB22-B94F6B484E84} - C:\WINDOWS\System32\wvwxv.dll (file missing)
Chybí ti tam už zpomínaný SP2 a firewall tak bych si je v rámci lepšího zabezpečení doinstaloval.
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 6 hostů