W32 Looksky (nebo jak se to pise ;) )
Napsal: 04 zář 2007 20:15
zdarec mam problem nikde sem chytil tendle wir
----
odstranil sem ho pres hijackthis a dal pokoj ted se mi objevil znova a to sem na netu nebyl znova odstranim ten jeho RO .. ta ho treba za 2 minuty je tam znova
muj jack
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\PROGRA~2\Grisoft\AVG7\avgrssvc.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~2\Grisoft\AVG7\avgamsvr.exe
D:\PROGRA~2\Grisoft\AVG7\avgupsvc.exe
D:\PROGRA~2\Grisoft\AVG7\avgrssvc.exe
D:\PROGRA~2\Grisoft\AVG7\avgemc.exe
D:\WINDOWS\system32\CTsvcCDA.exe
D:\Program Files\Common Files\LightScribe\LSSrvc.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\Spyware Terminator\sp_rsser.exe
D:\PROGRA~2\Grisoft\AVG7\avgfwsrv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\RTHDCPL.EXE
D:\WINDOWS\system32\WF2K.EXE
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\system32\Rundll32.exe
D:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
D:\PROGRA~2\ALWILS~1\Avast4\ashDisp.exe
D:\PROGRA~2\Grisoft\AVG7\avgcc.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe
D:\Program Files\108Mbps Wireless LAN Adapter\WLANPRO.exe
D:\PROGRA~1\MOZILL~1\FIREFOX.EXE
D:\Program Files\WinRAR\WinRAR.exe
D:\DOCUME~1\SUCHAC~1.MIL\LOCALS~1\Temp\Rar$EX21.219\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [WinFoxV2] D:\WINDOWS\system32\WF2K.EXE Initial
O4 - HKLM\..\Run: [WinFast2KLoadDefault] rundll32.exe D:\WINDOWS\system32\wf2kcpl.dll,DllLoadDefaultSettings
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VolPanel] "D:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [avast!] D:\PROGRA~2\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpywareTerminator] "D:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~2\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative MediaSource Go] "D:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe" /SCB
O4 - Startup: Yahoo! Widget Engine.lnk = D:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: 108Mbps Wireless LAN Adapter Configuration Utility.lnk = D:\Program Files\108Mbps Wireless LAN Adapter\WLANPRO.exe
O4 - Global Startup: Reg.lnk = ?
O10 - Unknown file in Winsock LSP: d:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\avgfwafu.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{3BA43BD1-BEC5-4277-8FE6-7B28EB1F3959}: NameServer = 217.11.224.1,217.11.224.2
O20 - Winlogon Notify: avgwlntf - D:\WINDOWS\SYSTEM32\avgwlntf.dll
O21 - SSODL: msmhost - {B549D6A8-F7BB-4402-AA67-9D7F8DA09D49} - D:\WINDOWS\msmhost.dll
O21 - SSODL: msmdev - {273B0544-326D-49B3-B447-97BA80A739D9} - D:\WINDOWS\msmdev.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~2\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~2\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - D:\PROGRA~2\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~2\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - D:\PROGRA~2\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - D:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - D:\Program Files\WinClamAVShield\sp_clamsrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - D:\Program Files\Spyware Terminator\sp_rsser.exe
to R0 - .... vzdycky mazu
jak se toho zbavit ?
----
odstranil sem ho pres hijackthis a dal pokoj ted se mi objevil znova a to sem na netu nebyl znova odstranim ten jeho RO .. ta ho treba za 2 minuty je tam znova
muj jack
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\PROGRA~2\Grisoft\AVG7\avgrssvc.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~2\Grisoft\AVG7\avgamsvr.exe
D:\PROGRA~2\Grisoft\AVG7\avgupsvc.exe
D:\PROGRA~2\Grisoft\AVG7\avgrssvc.exe
D:\PROGRA~2\Grisoft\AVG7\avgemc.exe
D:\WINDOWS\system32\CTsvcCDA.exe
D:\Program Files\Common Files\LightScribe\LSSrvc.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\Spyware Terminator\sp_rsser.exe
D:\PROGRA~2\Grisoft\AVG7\avgfwsrv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\RTHDCPL.EXE
D:\WINDOWS\system32\WF2K.EXE
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\system32\Rundll32.exe
D:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
D:\PROGRA~2\ALWILS~1\Avast4\ashDisp.exe
D:\PROGRA~2\Grisoft\AVG7\avgcc.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe
D:\Program Files\108Mbps Wireless LAN Adapter\WLANPRO.exe
D:\PROGRA~1\MOZILL~1\FIREFOX.EXE
D:\Program Files\WinRAR\WinRAR.exe
D:\DOCUME~1\SUCHAC~1.MIL\LOCALS~1\Temp\Rar$EX21.219\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [WinFoxV2] D:\WINDOWS\system32\WF2K.EXE Initial
O4 - HKLM\..\Run: [WinFast2KLoadDefault] rundll32.exe D:\WINDOWS\system32\wf2kcpl.dll,DllLoadDefaultSettings
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VolPanel] "D:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [avast!] D:\PROGRA~2\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpywareTerminator] "D:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~2\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative MediaSource Go] "D:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe" /SCB
O4 - Startup: Yahoo! Widget Engine.lnk = D:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: 108Mbps Wireless LAN Adapter Configuration Utility.lnk = D:\Program Files\108Mbps Wireless LAN Adapter\WLANPRO.exe
O4 - Global Startup: Reg.lnk = ?
O10 - Unknown file in Winsock LSP: d:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\avgfwafu.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{3BA43BD1-BEC5-4277-8FE6-7B28EB1F3959}: NameServer = 217.11.224.1,217.11.224.2
O20 - Winlogon Notify: avgwlntf - D:\WINDOWS\SYSTEM32\avgwlntf.dll
O21 - SSODL: msmhost - {B549D6A8-F7BB-4402-AA67-9D7F8DA09D49} - D:\WINDOWS\msmhost.dll
O21 - SSODL: msmdev - {273B0544-326D-49B3-B447-97BA80A739D9} - D:\WINDOWS\msmdev.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~2\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~2\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - D:\PROGRA~2\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~2\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - D:\PROGRA~2\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - D:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - D:\Program Files\WinClamAVShield\sp_clamsrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - D:\Program Files\Spyware Terminator\sp_rsser.exe
to R0 - .... vzdycky mazu
jak se toho zbavit ?