na ploše se zobrazuje POUZE tapeta

L@diSS · Příspěvekod **L@diSS** » 11 čer 2007 15:04

zkusil jsem ten Vundofix a dal Scan..vse ok. pak sem dal Remove Vundo. no a za asi sekundu pote, co dam REMOVE VUNDO se mi proste objevi modra "DOSovska" obrazovka s tim, ze prej pokud tuto obrazovku vidite poprve...blabla..

Reklama

Baron Prášil · Příspěvekod **Baron Prášil** » 11 čer 2007 15:11

přečti si poznámku na dně toho návodu :wink:

a použij i ten druhej nástroj VirtumundoBegone

L@diSS · Příspěvekod **L@diSS** » 11 čer 2007 16:48

tak pri tom druhym programu to dela to same.

djmalda · Příspěvekod **djmalda** » 11 čer 2007 16:51

hmmm , zalohoval bych si data a hodil format ... , protoze je to nejakej vetsi error

sakiri · Příspěvekod **sakiri** » 11 čer 2007 16:52

tak to je zbytečný formát když se nevyzkoušely všechny nástroje.

Takže uděláme log z ComboFixu.

Stáhni si ComboFix a spusť ho.

Postupuj dle pokynů během aplikování ComboFixu neklikej do zobrazujícího se okna může se stát totiž že to proces zastaví.
Po skončení se vytvoří log tak sem zkopíruj jeho obsah.

(Je možné že se počítač restartuje, bude to kvůli tomu že ComboFix našel infikované soubory aby je smazal tak se restartuje PC)

Musíš mít práva administrátora pro spušťění ComboFixu.

takže poté nám sem dej log z ComboFixu + nový log z HJT.

Jinak možná už vím proč se ti nezobrazujou ikonky neběží ti totiž Explorer.exe který se o to stará.
Může to být i tím že tam máš totiž Vundo infekci takže ji odstraníme.

L@diSS · Příspěvekod **L@diSS** » 11 čer 2007 17:07

wow! udelal jsem to v Combofixu, restartlo se a ..JE TO TAM! diky
p.s. tady jsou ty logy:

ComboFix 07-06-11.3 - D:\ComboFix.exe
"Administrator" - 2007-06-11 17:01:06 NTFS

(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\mljgf.dll
C:\WINDOWS\system32\opnnonk.dll
C:\WINDOWS\system32\tuvwxyw.dll
C:\WINDOWS\system32\qrqss.bak2
C:\WINDOWS\system32\qrqss.ini
C:\WINDOWS\system32\fgjlm.ini
C:\WINDOWS\system32\ssqrq.dll
C:\WINDOWS\system32\rqrstsq.dll

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\DOCUME~1\ADMINI~1\DATAAP~1.\macromedia\Flash Player\#SharedObjects\HW6WS6M5\www.broadcaster.com
C:\DOCUME~1\ADMINI~1\DATAAP~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\DOCUME~1\ADMINI~1\DATAAP~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\WINDOWS\regedit.com
C:\WINDOWS\system32\taskmgr.com

(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\mljgf.dll
C:\WINDOWS\system32\opnnonk.dll
C:\WINDOWS\system32\tuvwxyw.dll
C:\WINDOWS\system32\qrqss.bak2
C:\WINDOWS\system32\qrqss.ini
C:\WINDOWS\system32\fgjlm.ini
C:\WINDOWS\system32\ssqrq.dll
C:\WINDOWS\system32\rqrstsq.dll

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\DOCUME~1\ADMINI~1\DATAAP~1.\macromedia\Flash Player\#SharedObjects\HW6WS6M5\www.broadcaster.com
C:\DOCUME~1\ADMINI~1\DATAAP~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\DOCUME~1\ADMINI~1\DATAAP~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\WINDOWS\regedit.com
C:\WINDOWS\system32\taskmgr.com

((((((((((((((((((((((((( Files Created from 2007-05-11 to 2007-06-11 )))))))))))))))))))))))))))))))

((((((((((((((((((((((((( Files Created from 2007-05-11 to 2007-06-11 )))))))))))))))))))))))))))))))

2007-06-11 17:00 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-11 17:00 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-11 14:49 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2007-06-11 14:49 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2007-06-11 14:48 <DIR> d-------- C:\VundoFix Backups
2007-06-11 14:48 <DIR> d-------- C:\VundoFix Backups
2007-06-11 12:44 <DIR> d-a------ C:\WINDOWS\zts2.exe
2007-06-11 12:44 <DIR> d-a------ C:\WINDOWS\zts2.exe
2007-06-11 12:44 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2007-06-11 12:44 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2007-06-11 12:44 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2007-06-11 12:44 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2007-06-11 12:44 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2007-06-11 12:44 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2007-06-11 12:44 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2007-06-11 12:44 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2007-06-11 12:42 214,016 --a------ C:\WINDOWS\R.COM
2007-06-11 12:42 214,016 --a------ C:\WINDOWS\R.COM
2007-06-11 12:42 130,048 --a------ C:\WINDOWS\system32\T.COM
2007-06-11 12:42 130,048 --a------ C:\WINDOWS\system32\T.COM
2007-06-11 08:26 <DIR> d-------- C:\WINDOWS\system32\bits
2007-06-11 08:16 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2007-06-11 08:16 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2007-06-11 07:57 7,680 --a------ C:\WINDOWS\system32\bitsprx2.dll
2007-06-11 07:57 7,680 --a------ C:\WINDOWS\system32\bitsprx2.dll
2007-06-11 07:57 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2007-06-11 07:57 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2007-06-11 07:57 331,776 --a------ C:\WINDOWS\system32\winhttp.dll
2007-06-11 07:57 331,776 --a------ C:\WINDOWS\system32\winhttp.dll
2007-06-11 07:57 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-06-11 07:57 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-06-11 07:50 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-06-11 07:47 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2007-06-11 07:47 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2007-06-11 07:47 41,240 --a------ C:\WINDOWS\system32\wups.dll
2007-06-11 07:47 41,240 --a------ C:\WINDOWS\system32\wups.dll
2007-06-11 07:47 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-06-11 07:47 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-06-11 07:47 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
2007-06-11 07:47 173,336 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-06-11 07:47 173,336 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-06-11 07:47 127,768 --a------ C:\WINDOWS\system32\wucltui.dll
2007-06-11 07:47 127,768 --a------ C:\WINDOWS\system32\wucltui.dll
2007-06-11 07:47 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-06-11 07:47 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-06-11 07:30 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-06-11 07:30 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-06-11 07:30 298,104 --a------ C:\WINDOWS\system32\imon.dll
2007-06-11 07:30 298,104 --a------ C:\WINDOWS\system32\imon.dll
2007-06-11 07:30 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2007-06-11 07:30 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2007-06-10 21:37 223,083 --a------ C:\WINDOWS\system32\gebyv.dll
2007-06-10 21:37 223,083 --a------ C:\WINDOWS\system32\gebyv.dll
2007-06-10 20:27 30,208 --a------ C:\WINDOWS\system32\drivers\wceusbsh.sys
2007-06-10 20:27 30,208 --a------ C:\WINDOWS\system32\drivers\wceusbsh.sys
2007-06-10 19:49 244,983 --a------ C:\WINDOWS\system32\ddaya.dll
2007-06-10 15:51 <DIR> d-------- C:\DOCUME~1\vadim\DATAAP~1\Media Player Classic
2007-06-01 21:12 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-06-01 21:12 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Adobe Systems
2007-06-01 21:10 49,680 --a------ C:\WINDOWS\twunk_16.exe
2007-06-01 21:10 25,600 --a------ C:\WINDOWS\twunk_32.exe
2007-06-01 21:10 25,600 --a------ C:\WINDOWS\twunk_32.exe
2007-06-01 20:57 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-06-01 20:57 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-06-01 20:50 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-06-01 20:50 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-06-01 20:50 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-06-01 20:50 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-06-01 20:49 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-06-01 20:44 <DIR> d-------- C:\Program Files\Lavasoft
2007-06-01 20:44 <DIR> d-------- C:\Program Files\Lavasoft
2007-06-01 19:09 17,480 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2007-06-01 19:09 17,480 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2007-06-01 19:09 <DIR> d-------- C:\Program Files\Hamachi
2007-06-01 19:09 <DIR> d-------- C:\Program Files\Hamachi
2007-06-01 19:09 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DATAAP~1\Hamachi
2007-06-01 18:53 657,139 --ahs---- C:\WINDOWS\system32\ybadd.bak2
2007-06-01 18:33 206 --a------ C:\WINDOWS\g15824359.exe
2007-06-01 18:33 206 --a------ C:\WINDOWS\g15824359.exe
2007-06-01 14:10 503,808 --a------ C:\WINDOWS\system32\MSVCP71.DLL
2007-06-01 14:10 503,808 --a------ C:\WINDOWS\system32\MSVCP71.DLL
2007-06-01 14:10 348,160 --a------ C:\WINDOWS\system32\MSVCR71.DLL
2007-06-01 14:10 1,060,864 --a------ C:\WINDOWS\system32\MFC71.DLL
2007-06-01 14:10 1,060,864 --a------ C:\WINDOWS\system32\MFC71.DLL
2007-06-01 13:39 <DIR> d-------- C:\Program Files\Symantec
2007-06-01 13:39 <DIR> d-------- C:\Program Files\Symantec
2007-06-01 13:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Symantec
2007-06-01 13:38 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-06-01 13:34 <DIR> d-------- C:\Program Files\NortonAnti
2007-06-01 13:34 <DIR> d-------- C:\Program Files\NortonAnti
2007-06-01 13:14 <DIR> d-------- C:\Program Files\Norton WinDoctor 2005
2007-06-01 13:14 <DIR> d-------- C:\Program Files\Norton WinDoctor 2005
2007-06-01 13:13 <DIR> d-------- C:\WINDOWS\NU_DATA
2007-06-01 13:13 <DIR> d-------- C:\WINDOWS\NU_DATA
2007-06-01 13:02 <DIR> d-------- C:\Program Files\Common Files\Vbox
2007-06-01 13:00 <DIR> d-------- C:\Program Files\Canon
2007-06-01 13:00 <DIR> d-------- C:\Program Files\Canon
2007-06-01 12:59 24,832 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-06-01 12:59 24,832 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-06-01 12:56 73,728 -ra------ C:\WINDOWS\system32\CNMCP58.exe

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-11 09:36:18 46,860 ----a-w C:\WINDOWS\system32\perfc005.dat
2007-06-11 09:36:18 312,620 ----a-w C:\WINDOWS\system32\perfh005.dat
No new files created in this timespan

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-11 09:36:18 46,860 ----a-w C:\WINDOWS\system32\perfc005.dat
2007-06-11 09:36:18 312,620 ----a-w C:\WINDOWS\system32\perfh005.dat

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 16:39]
{22BF413B-C6D2-4d91-82A9-A0F997BA588C}=C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2007-05-18 13:14]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar1.dll [2007-05-30 14:21]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [2007-06-02 12:42]

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-04-04 13:38]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2003-04-04 13:56]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-06-11 07:28]

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2001-08-02 07:14]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-05-18 13:14]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-02 12:42]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 16:39]
{22BF413B-C6D2-4d91-82A9-A0F997BA588C}=C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2007-05-18 13:14]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar1.dll [2007-05-30 14:21]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [2007-06-02 12:42]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"RunStartupScriptSync"=0 (0x0)
"SynchronousMachineGroupPolicy"=0 (0x0)
"SynchronousUserGroupPolicy"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoColorChoice"=0 (0x0)
"NoDispCPL"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoVisualStyleChoice"=0 (0x0)
"NoSizeChoice"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoRemoteRecursiveEvents"=1 (0x1)
"NoStrCmpLogical"=1 (0x1)
"NoClose"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"=1 (0x1)
"NoSaveSettings"=0 (0x0)
"NoRecentDocsHistory"=1 (0x1)
"NoLowDiskSpaceChecks"=1 (0x1)
"MemCheckBoxInRunDlg"=0 (0x0)
"NoClose"=0 (0x0)
"NoAutoTrayNotify"=0 (0x0)
"NoResolveTrack"=0 (0x0)
"NoResolveSearch"=1 (0x1)
"LinkResolveIgnoreLinkInfo"=1 (0x1)
"NoStartBanner"=01000000
"NoWelcomeScreen"=1 (0x1)
"NoRecentDocsNetHood"=1 (0x1)
"NoDesktopCleanupWizard"=1 (0x1)
"NoSharedDocuments"=1 (0x1)
"NoThemesTab"=0 (0x0)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-04-04 13:38]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2003-04-04 13:56]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-06-11 07:28]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2001-08-02 07:14]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-05-18 13:14]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-02 12:42]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages msv1_0 nwprovau

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"=1 (0x1)
"NoSaveSettings"=0 (0x0)
"NoRecentDocsHistory"=1 (0x1)
"NoLowDiskSpaceChecks"=1 (0x1)
"MemCheckBoxInRunDlg"=0 (0x0)
"NoClose"=0 (0x0)
"NoAutoTrayNotify"=0 (0x0)
"NoResolveTrack"=0 (0x0)
"NoResolveSearch"=1 (0x1)
"LinkResolveIgnoreLinkInfo"=1 (0x1)
"NoStartBanner"=01000000
"NoWelcomeScreen"=1 (0x1)
"NoRecentDocsNetHood"=1 (0x1)
"NoDesktopCleanupWizard"=1 (0x1)
"NoSharedDocuments"=1 (0x1)
"NoThemesTab"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages msv1_0 nwprovau

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-11 17:04:11
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-11 17:04:38 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-11 17:04

--- E O F ---

p.s. za chvilku dopisu jeste z HJT

L@diSS · Příspěvekod **L@diSS** » 11 čer 2007 17:10

tak tady je ten HJ

Logfile of HijackThis v1.99.1
Scan saved at 17:11:18, on 11.6.2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.735\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\WINDOWS\SYSTEM32\VundoFixSVC.exe

sakiri · Příspěvekod **sakiri** » 11 čer 2007 17:17

Takže jo přejmenuj ten HijackThis.exe jak psal Baron Prášil.

Jinak dej mě chvilku na ten log z ComboFixu než se tím prokoušu.

Jinak už se ti ikonky zobrazujou?

L@diSS · Příspěvekod **L@diSS** » 11 čer 2007 17:31

no..jo. vse jak ma byt. vse funguje jak ma. diky

sakiri · Příspěvekod **sakiri** » 11 čer 2007 17:35

bacha ještě to není vše v ComboFix logu jsou zobrazeny soubory které patří k Vundo tak ho odpráskneme kompletně.

Dej mě však ještě chvíli než ten log celý zkontroluji.

A nezapomeň na ten HJT log.

*******************************************************************************************

Takže jo dokontroloval jsem to.
Použij Avenger a do něj vlož tento script:

Files to delete:
C:\WINDOWS\system32\gebyv.dll
C:\WINDOWS\system32\ddaya.dll
C:\WINDOWS\system32\ybadd.bak2

Po restartu PC by se ti měl zobrazit log Avengeru tak ho sem zkopíruj.

Tyto soubory nech otestovat na Virustotalu:
C:\WINDOWS\g15824359.exe
C:\WINDOWS\twunk_32.exe
C:\WINDOWS\twunk_16.exe

Pro lepší nalezení si zapni zobrazovat skyté a systémové soubory.

Poté nám sem zkopíruj výsledek + nový log ComboFixu + log z Avengeru + ten log z HJT.

L@diSS · Příspěvekod **L@diSS** » 11 čer 2007 18:07

Avenger nevlastnim. tak poshanim

L@diSS · Příspěvekod **L@diSS** » 11 čer 2007 18:09

uz avengra mam

na ploše se zobrazuje POUZE tapeta

hm

YO

Kdo je online