Mám asi tento vir i když avast nic nehlásí. Když dám třeba ctrl+alt+deltak to hlásí že spravce systému zakázal správce úloh.Můžete mi na to mrknout? díky
Logfile of HijackThis v1.99.1
Scan saved at 12:36:49, on 27.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\PC\Dokumenty\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam\Postak\SRank.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {50E43D86-A74D-11D0-98CE-004005249458} (AnimatedGif Control) - https://www.mojebanka.cz/jars/confwiz/MVSGif.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://212.80.66.25/activex/AxisCamControl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{70F7A4AF-AFE9-4A51-9E52-5D5421F573F2}: NameServer = 85.255.114.74,85.255.112.61
O17 - HKLM\System\CCS\Services\Tcpip\..\{803E40A5-9089-40BF-A84F-679D7031341E}: NameServer = 85.255.114.74,85.255.112.61
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.74 85.255.112.61
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.114.74 85.255.112.61
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.74 85.255.112.61
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Win32small-BLF(trj)
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Použij Fixwareout návod najdeš tady: pak sem vlož log z Firewareoutu a nový log z HJT.
Na odblokování TaskManageru použij NnnCleaner. Spustíš ho je tam tlačítko Nástroje klikneš na něj a je tam možnost Odblokovat Taskmanager
Na odblokování TaskManageru použij NnnCleaner. Spustíš ho je tam tlačítko Nástroje klikneš na něj a je tam možnost Odblokovat Taskmanager
udělal jsem ten Fixwareout přesně podle névodu ale nikde nemam tu slozku s výdledky tj.C:/fixwareot/report.txt takový soubor tam nemám Tak posílam alespoň log
Logfile of HijackThis v1.99.1
Scan saved at 13:52:51, on 27.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\PC\Dokumenty\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam\Postak\SRank.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [dmuyp.exe] C:\WINDOWS\system32\dmuyp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {50E43D86-A74D-11D0-98CE-004005249458} (AnimatedGif Control) - https://www.mojebanka.cz/jars/confwiz/MVSGif.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://212.80.66.25/activex/AxisCamControl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{70F7A4AF-AFE9-4A51-9E52-5D5421F573F2}: NameServer = 85.255.114.74,85.255.112.61
O17 - HKLM\System\CCS\Services\Tcpip\..\{803E40A5-9089-40BF-A84F-679D7031341E}: NameServer = 85.255.114.74,85.255.112.61
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.74 85.255.112.61
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.114.74 85.255.112.61
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.74 85.255.112.61
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Logfile of HijackThis v1.99.1
Scan saved at 13:52:51, on 27.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\PC\Dokumenty\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam\Postak\SRank.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [dmuyp.exe] C:\WINDOWS\system32\dmuyp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {50E43D86-A74D-11D0-98CE-004005249458} (AnimatedGif Control) - https://www.mojebanka.cz/jars/confwiz/MVSGif.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://212.80.66.25/activex/AxisCamControl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{70F7A4AF-AFE9-4A51-9E52-5D5421F573F2}: NameServer = 85.255.114.74,85.255.112.61
O17 - HKLM\System\CCS\Services\Tcpip\..\{803E40A5-9089-40BF-A84F-679D7031341E}: NameServer = 85.255.114.74,85.255.112.61
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.74 85.255.112.61
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.114.74 85.255.112.61
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.74 85.255.112.61
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
tak se mi podařil ten log :
Fixwareout ver 1.003
Last edited 8/11/2006
Post this report in the forums please
Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}76CFCB5D5558-A028-8C54-BA41-3A23A7D7{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2063836765DB-C8CA-4FE4-03A6-34BFCB74{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\pyumd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\0mdm
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\1mdm
...
Random Runs removed from HKLM
...
PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
»»»»» Searching by size/names...
»»»»»
Search five digit cs, dm and jb files.
This WILL/CAN also list Legit Files, Submit them at Virustotal
C:\WINDOWS\SYSTEM32\CSSVW.EXE 51 724 2006-10-24
C:\WINDOWS\SYSTEM32\DMEPF.EXE 60 990 2004-08-17
C:\WINDOWS\SYSTEM32\DMLAZ.EXE 60 990 2004-08-17
C:\WINDOWS\SYSTEM32\DMUYP.EXE 60 990 2004-08-17
C:\WINDOWS\SYSTEM32\DMWOF.EXE 60 990 2004-08-17
Other suspects.
Directory of C:\WINDOWS\system32
»»»»» Misc files.
»»»»» Checking for older varients covered by the Rem3 tool.
Fixwareout ver 1.003
Last edited 8/11/2006
Post this report in the forums please
Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}76CFCB5D5558-A028-8C54-BA41-3A23A7D7{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2063836765DB-C8CA-4FE4-03A6-34BFCB74{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\pyumd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\0mdm
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\1mdm
...
Random Runs removed from HKLM
...
PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
»»»»» Searching by size/names...
»»»»»
Search five digit cs, dm and jb files.
This WILL/CAN also list Legit Files, Submit them at Virustotal
C:\WINDOWS\SYSTEM32\CSSVW.EXE 51 724 2006-10-24
C:\WINDOWS\SYSTEM32\DMEPF.EXE 60 990 2004-08-17
C:\WINDOWS\SYSTEM32\DMLAZ.EXE 60 990 2004-08-17
C:\WINDOWS\SYSTEM32\DMUYP.EXE 60 990 2004-08-17
C:\WINDOWS\SYSTEM32\DMWOF.EXE 60 990 2004-08-17
Other suspects.
Directory of C:\WINDOWS\system32
»»»»» Misc files.
»»»»» Checking for older varients covered by the Rem3 tool.
Jestě nový log z hijacku
Logfile of HijackThis v1.99.1
Scan saved at 16:37:22, on 27.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\PC\Dokumenty\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam\Postak\SRank.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {50E43D86-A74D-11D0-98CE-004005249458} (AnimatedGif Control) - https://www.mojebanka.cz/jars/confwiz/MVSGif.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://212.80.66.25/activex/AxisCamControl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{611B2589-05E8-4B2A-AC83-146BA1A22C52}: NameServer = 85.255.114.74 85.255.112.61
O17 - HKLM\System\CCS\Services\Tcpip\..\{70F7A4AF-AFE9-4A51-9E52-5D5421F573F2}: NameServer = 85.255.114.74,85.255.112.61
O17 - HKLM\System\CCS\Services\Tcpip\..\{803E40A5-9089-40BF-A84F-679D7031341E}: NameServer = 85.255.114.74,85.255.112.61
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.74 85.255.112.61
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.114.74 85.255.112.61
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.74 85.255.112.61
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Logfile of HijackThis v1.99.1
Scan saved at 16:37:22, on 27.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\PC\Dokumenty\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam\Postak\SRank.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {50E43D86-A74D-11D0-98CE-004005249458} (AnimatedGif Control) - https://www.mojebanka.cz/jars/confwiz/MVSGif.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://212.80.66.25/activex/AxisCamControl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{611B2589-05E8-4B2A-AC83-146BA1A22C52}: NameServer = 85.255.114.74 85.255.112.61
O17 - HKLM\System\CCS\Services\Tcpip\..\{70F7A4AF-AFE9-4A51-9E52-5D5421F573F2}: NameServer = 85.255.114.74,85.255.112.61
O17 - HKLM\System\CCS\Services\Tcpip\..\{803E40A5-9089-40BF-A84F-679D7031341E}: NameServer = 85.255.114.74,85.255.112.61
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.74 85.255.112.61
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.114.74 85.255.112.61
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.74 85.255.112.61
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Zkus ještě otestovat tady tyto soubory (tučené) buď na Virustotallnebo na Jottiscan
C:\WINDOWS\SYSTEM32\CSSVW.EXE
C:\WINDOWS\SYSTEM32\DMEPF.EXE
C:\WINDOWS\SYSTEM32\DMLAZ.EXE
C:\WINDOWS\SYSTEM32\DMUYP.EXE
C:\WINDOWS\SYSTEM32\DMWOF.EXE
a dej sem výsledky. Pak to dořešíme.
C:\WINDOWS\SYSTEM32\CSSVW.EXE
C:\WINDOWS\SYSTEM32\DMEPF.EXE
C:\WINDOWS\SYSTEM32\DMLAZ.EXE
C:\WINDOWS\SYSTEM32\DMUYP.EXE
C:\WINDOWS\SYSTEM32\DMWOF.EXE
a dej sem výsledky. Pak to dořešíme.
Omlouvám se dříve to nešlo poslat /návštěva/ale je to dost dlouhý snad se to sem vejde
Complete scanning result of "dmwof.exe", received in VirusTotal at 11.27.2006, 19:59:50 (CET).
Antivirus Version Update Result
AntiVir 7.2.0.46 11.27.2006 TR/Dldr.DNSChanger.Gen
Authentium 4.93.8 11.24.2006 could be a corrupted executable file
Avast 4.7.892.0 11.27.2006 no virus found
AVG 386 11.27.2006 no virus found
BitDefender 7.2 11.27.2006 no virus found
CAT-QuickHeal 8.00 11.27.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 11.27.2006 no virus found
DrWeb 4.33 11.27.2006 Trojan.DnsChange
eSafe 7.0.14.0 11.27.2006 Win32.Polipos.sus
eTrust-InoculateIT 23.73.68 11.27.2006 no virus found
eTrust-Vet 30.3.3217 11.27.2006 Win32/Alureon!generic
Ewido 4.0 11.27.2006 Trojan.Small.fb
Fortinet 2.82.0.0 11.27.2006 PossibleThreat!013622
F-Prot 3.16f 11.24.2006 Possibly a new variant of W32/new-malware!Maximus
F-Prot4 4.2.1.29 11.24.2006 W32/new-malware!Maximus
Ikarus 0.2.65.0 11.27.2006 no virus found
Kaspersky 4.0.2.24 11.27.2006 no virus found
McAfee 4905 11.27.2006 no virus found
Microsoft 1.1804 11.27.2006 Win32/Alureon.gen
NOD32v2 1885 11.27.2006 a variant of Win32/Small.FB
Norman 5.80.02 11.27.2006 no virus found
Panda 9.0.0.4 11.27.2006 Trj/dmRandom.DW
Prevx1 V2 11.27.2006 Covert.Sys.Exec
Sophos 4.11.0 11.16.2006 no virus found
TheHacker 6.0.3.124 11.27.2006 no virus found
UNA 1.83 11.27.2006 no virus found
VBA32 3.11.1 11.27.2006 Trojan.DnsChange
VirusBuster 4.3.15:9 11.27.2006 no virus found
Aditional Information
File size: 60990 bytes
MD5: cface2872dfefc07efbe388340382345
SHA1: e1cdeb81efc28335ed33417fc9012fe3c01014bd
packers: PECRYPT
Complete scanning result of "cssvw.exe", received in VirusTotal at 11.27.2006, 20:03:39 (CET).
Antivirus Version Update Result
AntiVir 7.2.0.46 11.27.2006 TR/Dldr.Mohbpork.A.104
Authentium 4.93.8 11.24.2006 could be a corrupted executable file
Avast 4.7.892.0 11.27.2006 no virus found
AVG 386 11.27.2006 PSW.Agent.DIM
BitDefender 7.2 11.27.2006 Trojan.Downloader.Mohbpork.A
CAT-QuickHeal 8.00 11.27.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 11.27.2006 no virus found
DrWeb 4.33 11.27.2006 Trojan.DnsChange
eSafe 7.0.14.0 11.27.2006 Win32.Polipos.sus
eTrust-InoculateIT 23.73.68 11.27.2006 no virus found
eTrust-Vet 30.3.3217 11.27.2006 Win32/Alureon!generic
Ewido 4.0 11.27.2006 no virus found
Fortinet 2.82.0.0 11.27.2006 Agent.BC!tr.spy
F-Prot 3.16f 11.24.2006 Possibly a new variant of W32/new-malware!Maximus
F-Prot4 4.2.1.29 11.24.2006 W32/new-malware!Maximus
Ikarus 0.2.65.0 11.27.2006 no virus found
Kaspersky 4.0.2.24 11.27.2006 no virus found
McAfee 4905 11.27.2006 Spy-Agent.bc
Microsoft 1.1804 11.27.2006 Win32/Alureon.gen
NOD32v2 1885 11.27.2006 a variant of Win32/Small.FB
Norman 5.80.02 11.27.2006 no virus found
Panda 9.0.0.4 11.27.2006 Trj/Ruins.CX
Prevx1 V2 11.27.2006 no virus found
Sophos 4.11.0 11.16.2006 no virus found
TheHacker 6.0.3.124 11.27.2006 no virus found
UNA 1.83 11.27.2006 no virus found
VBA32 3.11.1 11.27.2006 Trojan.DnsChange
VirusBuster 4.3.15:9 11.27.2006 no virus found
Aditional Information
File size: 51724 bytes
MD5: 3aa7ea66680e4b8a09e93a913df118ae
SHA1: 0fdcf1e13ab36aa4bf942193e3d11f2167d940c9
packers: PECRYPT
Complete scanning result of "dmlaz.exe", received in VirusTotal at 11.27.2006, 20:15:45 (CET).
Antivirus Version Update Result
AntiVir 7.2.0.46 11.27.2006 TR/Dldr.DNSChanger.Gen
Authentium 4.93.8 11.24.2006 could be a corrupted executable file
Avast 4.7.892.0 11.27.2006 no virus found
AVG 386 11.27.2006 no virus found
BitDefender 7.2 11.27.2006 no virus found
CAT-QuickHeal 8.00 11.27.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 11.27.2006 no virus found
DrWeb 4.33 11.27.2006 Trojan.DnsChange
eSafe 7.0.14.0 11.27.2006 Win32.Polipos.sus
eTrust-InoculateIT 23.73.68 11.27.2006 no virus found
eTrust-Vet 30.3.3217 11.27.2006 Win32/Alureon!generic
Ewido 4.0 11.27.2006 Trojan.Small.fb
Fortinet 2.82.0.0 11.27.2006 PossibleThreat!013622
F-Prot 3.16f 11.24.2006 Possibly a new variant of W32/new-malware!Maximus
F-Prot4 4.2.1.29 11.27.2006 W32/new-malware!Maximus
Ikarus 0.2.65.0 11.27.2006 no virus found
Kaspersky 4.0.2.24 11.27.2006 no virus found
McAfee 4905 11.27.2006 no virus found
Microsoft 1.1804 11.27.2006 Win32/Alureon.gen
NOD32v2 1885 11.27.2006 a variant of Win32/Small.FB
Norman 5.80.02 11.27.2006 no virus found
Panda 9.0.0.4 11.27.2006 Trj/dmRandom.DW
Prevx1 V2 11.27.2006 Covert.Sys.Exec
Sophos 4.11.0 11.16.2006 no virus found
TheHacker 6.0.3.124 11.27.2006 no virus found
UNA 1.83 11.27.2006 no virus found
VBA32 3.11.1 11.27.2006 Trojan.DnsChange
VirusBuster 4.3.15:9 11.27.2006 no virus found
Aditional Information
File size: 60990 bytes
MD5: cface2872dfefc07efbe388340382345
SHA1: e1cdeb81efc28335ed33417fc9012fe3c01014bd
packers: PECRYPT
Complete scanning result of "dmepf.exe", received in VirusTotal at 11.27.2006, 20:20:37 (CET).
Antivirus Version Update Result
AntiVir 7.2.0.46 11.27.2006 TR/Dldr.DNSChanger.Gen
Authentium 4.93.8 11.24.2006 could be a corrupted executable file
Avast 4.7.892.0 11.27.2006 no virus found
AVG 386 11.27.2006 no virus found
BitDefender 7.2 11.27.2006 no virus found
CAT-QuickHeal 8.00 11.27.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 11.27.2006 no virus found
DrWeb 4.33 11.27.2006 Trojan.DnsChange
eSafe 7.0.14.0 11.27.2006 Win32.Polipos.sus
eTrust-InoculateIT 23.73.68 11.27.2006 no virus found
eTrust-Vet 30.3.3217 11.27.2006 Win32/Alureon!generic
Ewido 4.0 11.27.2006 Trojan.Small.fb
Fortinet 2.82.0.0 11.27.2006 PossibleThreat!013622
F-Prot 3.16f 11.24.2006 Possibly a new variant of W32/new-malware!Maximus
F-Prot4 4.2.1.29 11.27.2006 W32/new-malware!Maximus
Ikarus 0.2.65.0 11.27.2006 no virus found
Kaspersky 4.0.2.24 11.27.2006 no virus found
McAfee 4905 11.27.2006 no virus found
Microsoft 1.1804 11.27.2006 Win32/Alureon.gen
NOD32v2 1885 11.27.2006 a variant of Win32/Small.FB
Norman 5.80.02 11.27.2006 no virus found
Panda 9.0.0.4 11.27.2006 Trj/dmRandom.DW
Prevx1 V2 11.27.2006 no virus found
Sophos 4.11.0 11.16.2006 no virus found
TheHacker 6.0.3.124 11.27.2006 no virus found
UNA 1.83 11.27.2006 no virus found
VBA32 3.11.1 11.27.2006 Trojan.DnsChange
VirusBuster 4.3.15:9 11.27.2006 no virus found
Aditional Information
File size: 60990 bytes
MD5: cface2872dfefc07efbe388340382345
SHA1: e1cdeb81efc28335ed33417fc9012fe3c01014bd
packers: PECRYPT
Complete scanning result of "dmuyp.exe", received in VirusTotal at 11.27.2006, 20:31:27 (CET).
Antivirus Version Update Result
AntiVir 7.2.0.46 11.27.2006 TR/Dldr.DNSChanger.Gen
Authentium 4.93.8 11.24.2006 could be a corrupted executable file
Avast 4.7.892.0 11.27.2006 no virus found
AVG 386 11.27.2006 no virus found
BitDefender 7.2 11.27.2006 no virus found
CAT-QuickHeal 8.00 11.27.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 11.27.2006 no virus found
DrWeb 4.33 11.27.2006 Trojan.DnsChange
eSafe 7.0.14.0 11.27.2006 Win32.Polipos.sus
eTrust-InoculateIT 23.73.68 11.27.2006 no virus found
eTrust-Vet 30.3.3217 11.27.2006 Win32/Alureon!generic
Ewido 4.0 11.27.2006 Trojan.Small.fb
Fortinet 2.82.0.0 11.27.2006 PossibleThreat!013622
F-Prot 3.16f 11.24.2006 Possibly a new variant of W32/new-malware!Maximus
F-Prot4 4.2.1.29 11.27.2006 W32/new-malware!Maximus
Ikarus 0.2.65.0 11.27.2006 no virus found
Kaspersky 4.0.2.24 11.27.2006 no virus found
McAfee 4905 11.27.2006 no virus found
Microsoft 1.1804 11.27.2006 Win32/Alureon.gen
NOD32v2 1885 11.27.2006 a variant of Win32/Small.FB
Norman 5.80.02 11.27.2006 no virus found
Panda 9.0.0.4 11.27.2006 Trj/dmRandom.DW
Prevx1 V2 11.27.2006 Covert.Sys.Exec
Sophos 4.11.0 11.16.2006 no virus found
TheHacker 6.0.3.124 11.27.2006 no virus found
UNA 1.83 11.27.2006 no virus found
VBA32 3.11.1 11.27.2006 Trojan.DnsChange
VirusBuster 4.3.15:9 11.27.2006 no virus found
Aditional Information
File size: 60990 bytes
MD5: cface2872dfefc07efbe388340382345
SHA1: e1cdeb81efc28335ed33417fc9012fe3c01014bd
packers: PECRYPT
Complete scanning result of "dmwof.exe", received in VirusTotal at 11.27.2006, 19:59:50 (CET).
Antivirus Version Update Result
AntiVir 7.2.0.46 11.27.2006 TR/Dldr.DNSChanger.Gen
Authentium 4.93.8 11.24.2006 could be a corrupted executable file
Avast 4.7.892.0 11.27.2006 no virus found
AVG 386 11.27.2006 no virus found
BitDefender 7.2 11.27.2006 no virus found
CAT-QuickHeal 8.00 11.27.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 11.27.2006 no virus found
DrWeb 4.33 11.27.2006 Trojan.DnsChange
eSafe 7.0.14.0 11.27.2006 Win32.Polipos.sus
eTrust-InoculateIT 23.73.68 11.27.2006 no virus found
eTrust-Vet 30.3.3217 11.27.2006 Win32/Alureon!generic
Ewido 4.0 11.27.2006 Trojan.Small.fb
Fortinet 2.82.0.0 11.27.2006 PossibleThreat!013622
F-Prot 3.16f 11.24.2006 Possibly a new variant of W32/new-malware!Maximus
F-Prot4 4.2.1.29 11.24.2006 W32/new-malware!Maximus
Ikarus 0.2.65.0 11.27.2006 no virus found
Kaspersky 4.0.2.24 11.27.2006 no virus found
McAfee 4905 11.27.2006 no virus found
Microsoft 1.1804 11.27.2006 Win32/Alureon.gen
NOD32v2 1885 11.27.2006 a variant of Win32/Small.FB
Norman 5.80.02 11.27.2006 no virus found
Panda 9.0.0.4 11.27.2006 Trj/dmRandom.DW
Prevx1 V2 11.27.2006 Covert.Sys.Exec
Sophos 4.11.0 11.16.2006 no virus found
TheHacker 6.0.3.124 11.27.2006 no virus found
UNA 1.83 11.27.2006 no virus found
VBA32 3.11.1 11.27.2006 Trojan.DnsChange
VirusBuster 4.3.15:9 11.27.2006 no virus found
Aditional Information
File size: 60990 bytes
MD5: cface2872dfefc07efbe388340382345
SHA1: e1cdeb81efc28335ed33417fc9012fe3c01014bd
packers: PECRYPT
Complete scanning result of "cssvw.exe", received in VirusTotal at 11.27.2006, 20:03:39 (CET).
Antivirus Version Update Result
AntiVir 7.2.0.46 11.27.2006 TR/Dldr.Mohbpork.A.104
Authentium 4.93.8 11.24.2006 could be a corrupted executable file
Avast 4.7.892.0 11.27.2006 no virus found
AVG 386 11.27.2006 PSW.Agent.DIM
BitDefender 7.2 11.27.2006 Trojan.Downloader.Mohbpork.A
CAT-QuickHeal 8.00 11.27.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 11.27.2006 no virus found
DrWeb 4.33 11.27.2006 Trojan.DnsChange
eSafe 7.0.14.0 11.27.2006 Win32.Polipos.sus
eTrust-InoculateIT 23.73.68 11.27.2006 no virus found
eTrust-Vet 30.3.3217 11.27.2006 Win32/Alureon!generic
Ewido 4.0 11.27.2006 no virus found
Fortinet 2.82.0.0 11.27.2006 Agent.BC!tr.spy
F-Prot 3.16f 11.24.2006 Possibly a new variant of W32/new-malware!Maximus
F-Prot4 4.2.1.29 11.24.2006 W32/new-malware!Maximus
Ikarus 0.2.65.0 11.27.2006 no virus found
Kaspersky 4.0.2.24 11.27.2006 no virus found
McAfee 4905 11.27.2006 Spy-Agent.bc
Microsoft 1.1804 11.27.2006 Win32/Alureon.gen
NOD32v2 1885 11.27.2006 a variant of Win32/Small.FB
Norman 5.80.02 11.27.2006 no virus found
Panda 9.0.0.4 11.27.2006 Trj/Ruins.CX
Prevx1 V2 11.27.2006 no virus found
Sophos 4.11.0 11.16.2006 no virus found
TheHacker 6.0.3.124 11.27.2006 no virus found
UNA 1.83 11.27.2006 no virus found
VBA32 3.11.1 11.27.2006 Trojan.DnsChange
VirusBuster 4.3.15:9 11.27.2006 no virus found
Aditional Information
File size: 51724 bytes
MD5: 3aa7ea66680e4b8a09e93a913df118ae
SHA1: 0fdcf1e13ab36aa4bf942193e3d11f2167d940c9
packers: PECRYPT
Complete scanning result of "dmlaz.exe", received in VirusTotal at 11.27.2006, 20:15:45 (CET).
Antivirus Version Update Result
AntiVir 7.2.0.46 11.27.2006 TR/Dldr.DNSChanger.Gen
Authentium 4.93.8 11.24.2006 could be a corrupted executable file
Avast 4.7.892.0 11.27.2006 no virus found
AVG 386 11.27.2006 no virus found
BitDefender 7.2 11.27.2006 no virus found
CAT-QuickHeal 8.00 11.27.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 11.27.2006 no virus found
DrWeb 4.33 11.27.2006 Trojan.DnsChange
eSafe 7.0.14.0 11.27.2006 Win32.Polipos.sus
eTrust-InoculateIT 23.73.68 11.27.2006 no virus found
eTrust-Vet 30.3.3217 11.27.2006 Win32/Alureon!generic
Ewido 4.0 11.27.2006 Trojan.Small.fb
Fortinet 2.82.0.0 11.27.2006 PossibleThreat!013622
F-Prot 3.16f 11.24.2006 Possibly a new variant of W32/new-malware!Maximus
F-Prot4 4.2.1.29 11.27.2006 W32/new-malware!Maximus
Ikarus 0.2.65.0 11.27.2006 no virus found
Kaspersky 4.0.2.24 11.27.2006 no virus found
McAfee 4905 11.27.2006 no virus found
Microsoft 1.1804 11.27.2006 Win32/Alureon.gen
NOD32v2 1885 11.27.2006 a variant of Win32/Small.FB
Norman 5.80.02 11.27.2006 no virus found
Panda 9.0.0.4 11.27.2006 Trj/dmRandom.DW
Prevx1 V2 11.27.2006 Covert.Sys.Exec
Sophos 4.11.0 11.16.2006 no virus found
TheHacker 6.0.3.124 11.27.2006 no virus found
UNA 1.83 11.27.2006 no virus found
VBA32 3.11.1 11.27.2006 Trojan.DnsChange
VirusBuster 4.3.15:9 11.27.2006 no virus found
Aditional Information
File size: 60990 bytes
MD5: cface2872dfefc07efbe388340382345
SHA1: e1cdeb81efc28335ed33417fc9012fe3c01014bd
packers: PECRYPT
Complete scanning result of "dmepf.exe", received in VirusTotal at 11.27.2006, 20:20:37 (CET).
Antivirus Version Update Result
AntiVir 7.2.0.46 11.27.2006 TR/Dldr.DNSChanger.Gen
Authentium 4.93.8 11.24.2006 could be a corrupted executable file
Avast 4.7.892.0 11.27.2006 no virus found
AVG 386 11.27.2006 no virus found
BitDefender 7.2 11.27.2006 no virus found
CAT-QuickHeal 8.00 11.27.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 11.27.2006 no virus found
DrWeb 4.33 11.27.2006 Trojan.DnsChange
eSafe 7.0.14.0 11.27.2006 Win32.Polipos.sus
eTrust-InoculateIT 23.73.68 11.27.2006 no virus found
eTrust-Vet 30.3.3217 11.27.2006 Win32/Alureon!generic
Ewido 4.0 11.27.2006 Trojan.Small.fb
Fortinet 2.82.0.0 11.27.2006 PossibleThreat!013622
F-Prot 3.16f 11.24.2006 Possibly a new variant of W32/new-malware!Maximus
F-Prot4 4.2.1.29 11.27.2006 W32/new-malware!Maximus
Ikarus 0.2.65.0 11.27.2006 no virus found
Kaspersky 4.0.2.24 11.27.2006 no virus found
McAfee 4905 11.27.2006 no virus found
Microsoft 1.1804 11.27.2006 Win32/Alureon.gen
NOD32v2 1885 11.27.2006 a variant of Win32/Small.FB
Norman 5.80.02 11.27.2006 no virus found
Panda 9.0.0.4 11.27.2006 Trj/dmRandom.DW
Prevx1 V2 11.27.2006 no virus found
Sophos 4.11.0 11.16.2006 no virus found
TheHacker 6.0.3.124 11.27.2006 no virus found
UNA 1.83 11.27.2006 no virus found
VBA32 3.11.1 11.27.2006 Trojan.DnsChange
VirusBuster 4.3.15:9 11.27.2006 no virus found
Aditional Information
File size: 60990 bytes
MD5: cface2872dfefc07efbe388340382345
SHA1: e1cdeb81efc28335ed33417fc9012fe3c01014bd
packers: PECRYPT
Complete scanning result of "dmuyp.exe", received in VirusTotal at 11.27.2006, 20:31:27 (CET).
Antivirus Version Update Result
AntiVir 7.2.0.46 11.27.2006 TR/Dldr.DNSChanger.Gen
Authentium 4.93.8 11.24.2006 could be a corrupted executable file
Avast 4.7.892.0 11.27.2006 no virus found
AVG 386 11.27.2006 no virus found
BitDefender 7.2 11.27.2006 no virus found
CAT-QuickHeal 8.00 11.27.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 11.27.2006 no virus found
DrWeb 4.33 11.27.2006 Trojan.DnsChange
eSafe 7.0.14.0 11.27.2006 Win32.Polipos.sus
eTrust-InoculateIT 23.73.68 11.27.2006 no virus found
eTrust-Vet 30.3.3217 11.27.2006 Win32/Alureon!generic
Ewido 4.0 11.27.2006 Trojan.Small.fb
Fortinet 2.82.0.0 11.27.2006 PossibleThreat!013622
F-Prot 3.16f 11.24.2006 Possibly a new variant of W32/new-malware!Maximus
F-Prot4 4.2.1.29 11.27.2006 W32/new-malware!Maximus
Ikarus 0.2.65.0 11.27.2006 no virus found
Kaspersky 4.0.2.24 11.27.2006 no virus found
McAfee 4905 11.27.2006 no virus found
Microsoft 1.1804 11.27.2006 Win32/Alureon.gen
NOD32v2 1885 11.27.2006 a variant of Win32/Small.FB
Norman 5.80.02 11.27.2006 no virus found
Panda 9.0.0.4 11.27.2006 Trj/dmRandom.DW
Prevx1 V2 11.27.2006 Covert.Sys.Exec
Sophos 4.11.0 11.16.2006 no virus found
TheHacker 6.0.3.124 11.27.2006 no virus found
UNA 1.83 11.27.2006 no virus found
VBA32 3.11.1 11.27.2006 Trojan.DnsChange
VirusBuster 4.3.15:9 11.27.2006 no virus found
Aditional Information
File size: 60990 bytes
MD5: cface2872dfefc07efbe388340382345
SHA1: e1cdeb81efc28335ed33417fc9012fe3c01014bd
packers: PECRYPT
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Tak ty všechny soubory co jsi testoval vymaž (označené červeně):
C:\WINDOWS\SYSTEM32\DMWOF.EXE
C:\WINDOWS\SYSTEM32\CSSVW.EXE
C:\WINDOWS\SYSTEM32\DMLAZ.EXE
C:\WINDOWS\SYSTEM32\DMEPF.EXE
C:\WINDOWS\SYSTEM32\DMUYP.EXE
Fixni v HJT.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O17 - HKLM\System\CCS\Services\Tcpip\..\{611B2589-05E8-4B2A-AC83-146BA1A22C52}: NameServer = 85.255.114.74 85.255.112.61
O17 - HKLM\System\CCS\Services\Tcpip\..\{70F7A4AF-AFE9-4A51-9E52-5D5421F573F2}: NameServer = 85.255.114.74,85.255.112.61
O17 - HKLM\System\CCS\Services\Tcpip\..\{803E40A5-9089-40BF-A84F-679D7031341E}: NameServer = 85.255.114.74,85.255.112.61
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.74 85.255.112.61
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.114.74 85.255.112.61
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.74 85.255.112.61
restartuj Pc a udělej nový log z HJT a vlož ho sem.
C:\WINDOWS\SYSTEM32\DMWOF.EXE
C:\WINDOWS\SYSTEM32\CSSVW.EXE
C:\WINDOWS\SYSTEM32\DMLAZ.EXE
C:\WINDOWS\SYSTEM32\DMEPF.EXE
C:\WINDOWS\SYSTEM32\DMUYP.EXE
Fixni v HJT.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O17 - HKLM\System\CCS\Services\Tcpip\..\{611B2589-05E8-4B2A-AC83-146BA1A22C52}: NameServer = 85.255.114.74 85.255.112.61
O17 - HKLM\System\CCS\Services\Tcpip\..\{70F7A4AF-AFE9-4A51-9E52-5D5421F573F2}: NameServer = 85.255.114.74,85.255.112.61
O17 - HKLM\System\CCS\Services\Tcpip\..\{803E40A5-9089-40BF-A84F-679D7031341E}: NameServer = 85.255.114.74,85.255.112.61
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.74 85.255.112.61
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.114.74 85.255.112.61
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.74 85.255.112.61
restartuj Pc a udělej nový log z HJT a vlož ho sem.
tk jsem vše udělal a posílám ten log
Logfile of HijackThis v1.99.1
Scan saved at 19:30:43, on 28.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\PC\Dokumenty\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam\Postak\SRank.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {50E43D86-A74D-11D0-98CE-004005249458} (AnimatedGif Control) - https://www.mojebanka.cz/jars/confwiz/MVSGif.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://212.80.66.25/activex/AxisCamControl.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Logfile of HijackThis v1.99.1
Scan saved at 19:30:43, on 28.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\PC\Dokumenty\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam\Postak\SRank.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {50E43D86-A74D-11D0-98CE-004005249458} (AnimatedGif Control) - https://www.mojebanka.cz/jars/confwiz/MVSGif.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://212.80.66.25/activex/AxisCamControl.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Zpět na “Viry, antiviry, firewally…”
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 5 hostů