Padá operační systém (vyřešeno)

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

lucie.kv
nováček
Příspěvky: 11
Registrován: září 06
Pohlaví: Nespecifikováno
Stav:
Offline

Padá operační systém (vyřešeno)

Příspěvekod lucie.kv » 15 zář 2006 01:13

Dobrý den, moc vás prosím o pomoc. Před týdnem mi najednou začal padat sám od sebe operační systém. Vždy, když znovu naběhne, objeví se hláška, že winlogon.exe zjistil chybu a musí se uzavřít. Tento problém se vyskytuje, když jsem na internetu. Nejdřív se mi systém sám restartoval tak po hodině pohybu na netu, ale stav se zhoršuje. Teď už se mi systém hroutí třeba i po deseti minutách. Už jsem z toho zoufalá, vůbec nevím, co s tím. Antivirové a spywarové programy hlásí stav OK. Posílám vám výpis z HiJackThisu a předem děkuji za pomoc. Lucie

Logfile of HijackThis v1.99.1
Scan saved at 1:07:37, on 15.9.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Icons\SetIcon.exe
C:\Program Files\Browser MOUSE\mouse32a.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\cs-cz\msnappau.exe
C:\Program Files\Muiltmedia keyboard utility\2.2D\KbdAp32A.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AnyDATA\EasyWirelessNet\EasyWirelessNet.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\uživatel\Dokumenty\instalačky\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {2CC1F27E-9D52-7F02-7CDE-B6567A968820} - (no file)
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: (no name) - {802856D9-CC98-4529-9971-58C92BA7342d} - C:\WINDOWS\system32\fvxxfmof.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: ATLDistrib Object - {93C6313C-9DB4-4694-8BD0-E378C573A9AD} - C:\WINDOWS\system32\geebb.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\cs-cz\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\cs-cz\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /firstlogon
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SetIcon] C:\Program Files\Icons\SetIcon.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Muiltmedia keyboard utility\2.2D\MMKEYBD.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\cs-cz\msnappau.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/ ... bAgent.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7829822015
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F379C159-06F8-4D8B-B5FD-0FCAE7D52329}: NameServer = 160.218.10.200 160.218.43.200
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: geebb - C:\WINDOWS\system32\geebb.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: yhuptsfb - C:\WINDOWS\SYSTEM32\yhuptsfb.dll
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Bluetooth Software\bin\btwdins.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

Reklama
Uživatelský avatar
fredik
člen Security týmu
Master Level 7
Master Level 7
Příspěvky: 4680
Registrován: červenec 06
Pohlaví: Muž
Stav:
Offline

Příspěvekod fredik » 15 zář 2006 08:12

Použij podle návodu Vundo, Vitrumonde po aplikaci vlož nový log z HJT.

lucie.kv
nováček
Příspěvky: 11
Registrován: září 06
Pohlaví: Nespecifikováno
Stav:
Offline

Příspěvekod lucie.kv » 15 zář 2006 20:28

Díky za radu. Vše jsem provedla podle instrukcí, tady je výpis z HJT. Problém se zatím nevyřešil, po 30 minutách na netu se opět objevila modrá obrazovka a po ní následoval samovolný restart PC.

Logfile of HijackThis v1.99.1
Scan saved at 20:15:53, on 15.9.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Icons\SetIcon.exe
C:\Program Files\Browser MOUSE\mouse32a.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\cs-cz\msnappau.exe
C:\Program Files\Muiltmedia keyboard utility\2.2D\KbdAp32A.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\AnyDATA\EasyWirelessNet\EasyWirelessNet.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\uživatel\Dokumenty\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {2CC1F27E-9D52-7F02-7CDE-B6567A968820} - (no file)
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: (no name) - {802856D9-CC98-4529-9971-58C92BA7342d} - C:\WINDOWS\system32\fvxxfmof.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\cs-cz\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\cs-cz\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /firstlogon
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SetIcon] C:\Program Files\Icons\SetIcon.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Muiltmedia keyboard utility\2.2D\MMKEYBD.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\cs-cz\msnappau.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/ ... bAgent.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7829822015
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F379C159-06F8-4D8B-B5FD-0FCAE7D52329}: NameServer = 160.218.10.200 160.218.43.200
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: yhuptsfb - C:\WINDOWS\SYSTEM32\yhuptsfb.dll
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Bluetooth Software\bin\btwdins.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

Uživatelský avatar
Baron Prášil
Master Level 7
Master Level 7
Příspěvky: 4882
Registrován: červen 06
Pohlaví: Muž
Stav:
Offline

Příspěvekod Baron Prášil » 15 zář 2006 20:53

tohle fixni

O2 - BHO: (no name) - {2CC1F27E-9D52-7F02-7CDE-B6567A968820} - (no file)

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O15 - Trusted Zone: *.frame.crazywinnings.com

O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)

tohle najdi na disku a smaž
O20 - Winlogon Notify: yhuptsfb - C:\WINDOWS\SYSTEM32\yhuptsfb.dll
možná na to budeš muset použít killbox

http://www.bleepingcomputer.com/files/spyware/KillBox.zip

tady je návod

http://mikrom.bloguje.cz/180593comment.php

Nainstaluj firewall!!

lucie.kv
nováček
Příspěvky: 11
Registrován: září 06
Pohlaví: Nespecifikováno
Stav:
Offline

Příspěvekod lucie.kv » 15 zář 2006 22:05

Tak jsem ty položky fixla, ten soubor pomocí KillBoxu vymazala, ale ještě se mi v adresáři WINDOWS nachází jeden zavirovaný soubor. Teprve až co jsem vymazala ten yhuptsfb.dll mi Nod ohlásil, že i soubor, který se nachází v C:\WINDOWS\system32\yhuptsfb(3).dll je nakažen virem Win32/TrojanProxy.Agent.JZ. Do karantény ale přesunout nejde a vymazat jsem se ho zatím neodvážila a vyléčit ho Nod neumí.

Uživatelský avatar
Baron Prášil
Master Level 7
Master Level 7
Příspěvky: 4882
Registrován: červen 06
Pohlaví: Muž
Stav:
Offline

Příspěvekod Baron Prášil » 15 zář 2006 22:53

určitě smazat.
a ještě jeden log,prosím

Uživatelský avatar
fredik
člen Security týmu
Master Level 7
Master Level 7
Příspěvky: 4680
Registrován: červenec 06
Pohlaví: Muž
Stav:
Offline

Příspěvekod fredik » 15 zář 2006 22:54

Zkus si projet pc programem Mwav a vlož sem z něj log podle návodu. Kdyžtak zkus soubor uvedený tebou otestovat na Virustotal a dej sem výsledek. Pak sem vlož aktualni log z HJT.

Pokud sis ještě nenainstalovala firewall tak si vybrat mužeš zde v sekci firewall:

lucie.kv
nováček
Příspěvky: 11
Registrován: září 06
Pohlaví: Nespecifikováno
Stav:
Offline

Příspěvekod lucie.kv » 16 zář 2006 00:01

I ten druhý infikovaný soubor jsem smazala. Posílám jak výpis z Virustotalu, tak i z HJT. Určitě si nějaký ten firewall nainstaluju a taky o víkendu proskenuju PC Mwavem a dám sem jeho výsledek.

Výsledek z Virustotalu:
STATUS: FINISHEDComplete scanning result of "yhuptsfb_3_.dll", received in VirusTotal at 09.15.2006, 23:31:21 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.16 09.15.2006 no virus found
Authentium 4.93.8 09.15.2006 no virus found
Avast 4.7.844.0 09.15.2006 no virus found
AVG 386 09.15.2006 no virus found
BitDefender 7.2 09.15.2006 no virus found
CAT-QuickHeal 8.00 09.15.2006 no virus found
ClamAV devel-20060426 09.15.2006 no virus found
eTrust-InoculateIT 23.72.126 09.15.2006 no virus found
eTrust-Vet 30.3.3078 09.15.2006 no virus found
DrWeb 4.33 09.15.2006 no virus found
Ewido 4.0 09.15.2006 no virus found
Fortinet 2.82.0.0 09.15.2006 no virus found
F-Prot 3.16f 09.15.2006 no virus found
F-Prot4 4.2.1.29 09.15.2006 no virus found
Ikarus 0.2.65.0 09.15.2006 no virus found
Kaspersky 4.0.2.24 09.15.2006 no virus found
McAfee 4853 09.15.2006 no virus found
Microsoft 1.1560 09.15.2006 no virus found
NOD32v2 1.1758 09.15.2006 no virus found
Norman 5.80.02 09.15.2006 no virus found
Panda 9.0.0.4 09.15.2006 no virus found
Sophos 4.09.0 09.15.2006 no virus found
Symantec 8.0 09.15.2006 no virus found
TheHacker 5.9.8.212 09.15.2006 no virus found
UNA 1.83 09.15.2006 no virus found
VBA32 3.11.1 09.15.2006 no virus found
VirusBuster 4.3.7:9 09.15.2006 no virus found


Aditional Information
File size: 0 bytes
MD5: d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709


Výsledek z HJT:
Logfile of HijackThis v1.99.1
Scan saved at 23:48:09, on 15.9.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Icons\SetIcon.exe
C:\Program Files\Browser MOUSE\mouse32a.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\cs-cz\msnappau.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Muiltmedia keyboard utility\2.2D\KbdAp32A.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AnyDATA\EasyWirelessNet\EasyWirelessNet.exe
C:\Documents and Settings\uživatel\Dokumenty\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: (no name) - {802856D9-CC98-4529-9971-58C92BA7342d} - C:\WINDOWS\system32\fvxxfmof.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\cs-cz\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\cs-cz\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /firstlogon
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SetIcon] C:\Program Files\Icons\SetIcon.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Muiltmedia keyboard utility\2.2D\MMKEYBD.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\cs-cz\msnappau.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/ ... bAgent.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7829822015
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F379C159-06F8-4D8B-B5FD-0FCAE7D52329}: NameServer = 160.218.10.200 160.218.43.200
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: yhuptsfb - yhuptsfb.dll (file missing)
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Bluetooth Software\bin\btwdins.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

Uživatelský avatar
Baron Prášil
Master Level 7
Master Level 7
Příspěvky: 4882
Registrován: červen 06
Pohlaví: Muž
Stav:
Offline

Příspěvekod Baron Prášil » 16 zář 2006 11:00

1. nainstaluj firewall

2.fixni

O15 - Trusted Zone: *.frame.crazywinnings.com

O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)

O20 - Winlogon Notify: yhuptsfb - yhuptsfb.dll (file missing)

tohle nech zkontrolovat na
http://virusscan.jotti.org/

O2 - BHO: (no name) - {802856D9-CC98-4529-9971-58C92BA7342d} - C:\WINDOWS\system32\fvxxfmof.dll
když to bude šmejd,tak fix

Uživatelský avatar
mikel
Level 5
Level 5
Příspěvky: 2298
Registrován: květen 05
Bydliště: Karviná
Pohlaví: Muž
Stav:
Offline

Příspěvekod mikel » 16 zář 2006 13:16

Ještě by to chtělo fixnout zbytečnosti:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O4 - HKLM\..\Run: [SetIcon] C:\Program Files\Icons\SetIcon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
Znáte pravidla?
Tipy a triky ve Windows XP
Návody: HijackThis, MWAV, CCleaner (THX to mijaja)
Problémy, které chcete vyřešit pište sem do fóra. Neposílejte je emailem ani po ICQ!

lucie.kv
nováček
Příspěvky: 11
Registrován: září 06
Pohlaví: Nespecifikováno
Stav:
Offline

Příspěvekod lucie.kv » 17 zář 2006 19:06

Tak jsem vše fixla, i ten soubor pod položkou 02, zjistilo mi to, že je to malware. Musím vám všem moc a moc poděkovat, protože už je všechno zase v pořádku. Podle mě ten samovolný restart způsoboval ten infikovaný soubor yhuptsfb.dll, protože po jeho odstranění už ani jednou nedošlo ke zhroucení systému. Posílám výpis z Mwav, snad jsem vybrala správné položky.


Sun Sep 17 09:23:54 2006 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\admanager controller !!!
Sun Sep 17 09:23:54 2006 => Object "deskad.service Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Sep 17 09:23:54 2006 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\hsa !!!
Sun Sep 17 09:23:54 2006 => Object "hsa Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Sep 17 09:23:54 2006 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\navhelper !!!
Sun Sep 17 09:23:54 2006 => Object "navhelper Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Sep 17 09:23:54 2006 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\saie !!!
Sun Sep 17 09:23:54 2006 => Object "dyfuca.internet optimizer Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Sep 17 09:23:54 2006 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\savenow !!!
Sun Sep 17 09:23:54 2006 => Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Sep 17 09:23:54 2006 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\sw !!!
Sun Sep 17 09:23:54 2006 => Object "sw Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Sep 17 09:23:54 2006 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\tsa !!!
Sun Sep 17 09:23:54 2006 => Object "sw Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Sep 17 09:23:54 2006 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\tv media !!!
Sun Sep 17 09:23:54 2006 => Object "tvmedia Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Sep 17 09:23:54 2006 => Offending Key found: HKLM\Software\focusinteractive !!!
Sun Sep 17 09:23:54 2006 => Object "mywebsearch Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Sep 17 09:23:54 2006 => Offending Key found: HKLM\Software\fun web products !!!
Sun Sep 17 09:23:54 2006 => Object "funweb Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Sep 17 09:23:54 2006 => Offending Key found: HKLM\Software\mywebsearch !!!
Sun Sep 17 09:23:54 2006 => Object "mwsoemon Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Sep 17 09:23:54 2006 => Offending Key found: HKLM\Software\saie !!!
Sun Sep 17 09:23:54 2006 => Object "dyfuca.internet optimizer Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Sep 17 09:23:54 2006 => Offending Key found: HKCU\Software\fun web products !!!
Sun Sep 17 09:23:54 2006 => Object "funweb Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Sep 17 09:23:54 2006 => Offending Key found: HKCU\Software\funwebproducts !!!
Sun Sep 17 09:23:54 2006 => Object "funwebproducts Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Sep 17 09:23:54 2006 => Offending Key found: HKCU\Software\mywebsearch !!!
Sun Sep 17 09:23:54 2006 => Object "mwsoemon Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Sep 17 09:23:54 2006 => Offending Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gator.com !!!
Sun Sep 17 09:23:54 2006 => Object "gain.gator Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Sep 17 09:23:54 2006 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\p3p\history\gator.com !!!
Sun Sep 17 09:23:54 2006 => Object "gain.gator Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Sep 17 09:23:54 2006 => Offending Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\p3p\history\gator.com !!!
Sun Sep 17 09:23:54 2006 => Object "gain.gator Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Sep 17 09:23:56 2006 => Offending file found: C:\m00.exe
Sun Sep 17 09:23:56 2006 => System found infected with zlob Trojan-Downloader (m00.exe)! Action taken: No Action Taken.

Sun Sep 17 09:23:56 2006 => Offending file found: C:\WINDOWS\pcconfig.dat
Sun Sep 17 09:23:56 2006 => System found infected with xrenoder Spyware/Adware (pcconfig.dat)! Action taken: No Action Taken.

Sun Sep 17 09:23:57 2006 => Offending file found: C:\WINDOWS\system32\vp.dat
Sun Sep 17 09:23:57 2006 => System found infected with deskad.service Spyware/Adware (vp.dat)! Action taken: No Action Taken.

Sun Sep 17 09:23:57 2006 => Offending Folder found: C:\Program Files\funwebproducts
Sun Sep 17 09:23:57 2006 => Object "funwebproducts Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Sep 17 09:24:16 2006 => Offending Folder found: C:\Documents and Settings\uživatel\Dokumenty\obrázky\denní složka\1.3\xxyy
Sun Sep 17 09:24:16 2006 => Object "unknown trojan Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Sep 17 09:24:43 2006 => Offending file found: C:\Documents and Settings\uživatel\Dokumenty\icq lite\292243857\morhun_333356666\ikony\ikony\atomy-karty\games.ico
Sun Sep 17 09:24:43 2006 => System found infected with zlob Trojan-Downloader (games.ico)! Action taken: No Action Taken.

Sun Sep 17 09:24:59 2006 => Offending Folder found: C:\Documents and Settings\uživatel\Dokumenty\Obrázky\denní složka\1.3\xxyy
Sun Sep 17 09:24:59 2006 => Object "unknown trojan Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Sep 17 09:25:05 2006 => Offending file found: C:\Documents and Settings\All Users\Nabídka Start\Programy\yahoo!\hry\poker.url
Sun Sep 17 09:25:05 2006 => System found infected with smitfraud Browser Hijacker (poker.url)! Action taken: No Action Taken.

Sun Sep 17 09:25:06 2006 => Offending file found: C:\Documents and Settings\All Users\Nabídka Start\programy\yahoo!\hry\poker.url
Sun Sep 17 09:25:06 2006 => System found infected with smitfraud Browser Hijacker (poker.url)! Action taken: No Action Taken.

Sun Sep 17 09:26:02 2006 => File C:\WINDOWS\system32\lgmkqndk.dll tagged as "not-a-virus:AdWare.Win32.BHO.v". Action Taken: No Action Taken.
Sun Sep 17 09:26:03 2006 => File C:\WINDOWS\system32\geebb.dll.vir tagged as "not-a-virus:AdWare.Win32.Virtumonde.gen". Action Taken: No Action Taken.
Sun Sep 17 09:26:55 2006 => File C:\WINDOWS\system32\decade.exe tagged as "not-a-virus:AdWare.Win32.MediaTickets.h". Action Taken: No Action Taken.
Sun Sep 17 09:27:27 2006 => Scanning File C:\DOCUME~1\UŽIVATEL\LOCALS~1\Temp\FtpTempF\riskware.avc [**]
Sun Sep 17 09:27:27 2006 => Scanning File C:\DOCUME~1\UŽIVATEL\LOCALS~1\Temp\Spyware.sdb [**]
Sun Sep 17 09:27:27 2006 => Scanning File C:\DOCUME~1\UŽIVATEL\LOCALS~1\Temp\riskware.avc [**]
Sun Sep 17 09:25:37 2006 => File C:\WINDOWS\system32\sunny_37.exe infected by "Trojan-Downloader.Win32.TSUpdate.e" Virus! Action Taken: No Action Taken.

Sun Sep 17 10:00:18 2006 => ***** Scanning complete. *****

Sun Sep 17 10:00:18 2006 => Total Objects Scanned: 30985
Sun Sep 17 10:00:18 2006 => Total Critical Objects: 34
Sun Sep 17 10:00:18 2006 => Total Disinfected Objects: 0
Sun Sep 17 10:00:18 2006 => Total Objects Renamed: 0
Sun Sep 17 10:00:18 2006 => Total Deleted Objects: 0
Sun Sep 17 10:00:18 2006 => Total Errors: 168
Sun Sep 17 10:00:18 2006 => Time Elapsed: 00:10:43
Sun Sep 17 10:00:18 2006 => Virus Database Date: 9/17/2006
Sun Sep 17 10:00:18 2006 => Virus Database Count: 224066

Uživatelský avatar
mikel
Level 5
Level 5
Příspěvky: 2298
Registrován: květen 05
Bydliště: Karviná
Pohlaví: Muž
Stav:
Offline

Příspěvekod mikel » 17 zář 2006 21:15

No potěš Pán Gates! Když jsem to uviděl, tak jsem sprásknul myšítka. :D

V registrech je třeba vymazat tyto červené položky:
HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\admanager controller
HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\hsa
HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\navhelper
HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\saie
HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\savenow
HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\sw
HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\tsa
HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\tv media
HKLM\Software\focusinteractive
HKLM\Software\fun web products
HKLM\Software\mywebsearch
HKLM\Software\saie
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\p3p\history\gator.com
HKCU\Software\fun web products
HKCU\Software\funwebproducts
HKCU\Software\mywebsearch
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gator.com
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\p3p\history\gator.com

Pak ještě vymazat tyto soubory nebo adresáře:
C:\m00.exe
C:\WINDOWS\pcconfig.dat
C:\WINDOWS\system32\vp.dat
C:\Documents and Settings\uživatel\Dokumenty\obrázky\denní složka\1.3\xxyy
C:\Documents and Settings\uživatel\Dokumenty\icq lite\292243857\morhun_333356666\ikony\ikony\atomy-karty\games.ico
C:\Documents and Settings\All Users\Nabídka Start\Programy\yahoo!\hry\poker.url
C:\WINDOWS\system32\lgmkqndk.dll
C:\WINDOWS\system32\geebb.dll
C:\WINDOWS\system32\decade.exe
C:\WINDOWS\system32\sunny_37.exe

Ještě odinstalovat v Přidat nebo odebrat programy:
funwebproducts

a pokud na disku zůstane adresář C:\Program Files\funwebproducts, tak ho smaž.
Znáte pravidla?
Tipy a triky ve Windows XP
Návody: HijackThis, MWAV, CCleaner (THX to mijaja)
Problémy, které chcete vyřešit pište sem do fóra. Neposílejte je emailem ani po ICQ!


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 8 hostů