V sys.tray se mi objevila ikona s otazníkem,který se mění na červený nebo modrý.V bublině se objeví system alert a po klepnutí to odkáže na domovskou stránku Antivermis. Projel jsem komp programem SmitfraudFix ,ale oběvuje se to tam pořád.Co s tím? Prosím o kontrolu logu
Logfile of HijackThis v1.99.1
Scan saved at 20:32:41, on 17.12.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\OETRN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\petr\Plocha\Antiviry\hijackthis.exe
R3 - Default URLSearchHook is missing
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: IECatcher Class - {B930BA63-9E5A-11D3-A288-0000E80E2EDE} - C:\Program Files\Mass Downloader\MDHELPER.DLL (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O3 - Toolbar: (no name) - {C75C8E7E-5059-4469-AC11-D7544B260382} - (no file)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1029
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [OEXPRESS] C:\WINDOWS\OETRN.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Stáhnout Free Download Managerem - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Stáhnout vybrané Free Download Managerem - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Stáhnout vše Free Download Managerem - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{386DBF95-BA2E-4432-B8BC-3D3111FE31B5}: NameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{386DBF95-BA2E-4432-B8BC-3D3111FE31B5}: NameServer = 192.168.0.1
O17 - HKLM\System\CS4\Services\Tcpip\..\{386DBF95-BA2E-4432-B8BC-3D3111FE31B5}: NameServer = 192.168.0.1
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
[/b]
antivermins-jak na něj?? (vyřešeno)
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Jen se zeptám jestli si zkusil provést ve SmitfraudFixu update?
Máš tam dva antispyware (Spy Sweeper a Spyware Doctor) tak si nech jen jeden.
Bylo by dobré se zbavit toho Megaupload Toolbar může být potencionálně nebezpečný.
Spusť znovu HijackThis a zaškrtni v něm okénka před řádky:
R3 - Default URLSearchHook is missing
O2 - BHO: IECatcher Class - {B930BA63-9E5A-11D3-A288-0000E80E2EDE} - C:\Program Files\Mass Downloader\MDHELPER.DLL (file missing)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O3 - Toolbar: (no name) - {C75C8E7E-5059-4469-AC11-D7544B260382} - (no file)
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
po zaškrtnutí klikni na FixChecked
Zkus otestovat tento soubor na VirusTotall
C:\WINDOWS\OETRN.EXE
Jinak můžeš vyzkoušet to odstranit podle tohoto návodu: How-to remove AntiVermins
Také by se celkem hodil upravený log z Mwav
Bylo by také dobré si pak doinstalovat nějaký firewall, ten co je součástí Windows není dostačující.
Máš tam dva antispyware (Spy Sweeper a Spyware Doctor) tak si nech jen jeden.
Bylo by dobré se zbavit toho Megaupload Toolbar může být potencionálně nebezpečný.
Spusť znovu HijackThis a zaškrtni v něm okénka před řádky:
R3 - Default URLSearchHook is missing
O2 - BHO: IECatcher Class - {B930BA63-9E5A-11D3-A288-0000E80E2EDE} - C:\Program Files\Mass Downloader\MDHELPER.DLL (file missing)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O3 - Toolbar: (no name) - {C75C8E7E-5059-4469-AC11-D7544B260382} - (no file)
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
po zaškrtnutí klikni na FixChecked
Zkus otestovat tento soubor na VirusTotall
C:\WINDOWS\OETRN.EXE
Jinak můžeš vyzkoušet to odstranit podle tohoto návodu: How-to remove AntiVermins
Také by se celkem hodil upravený log z Mwav
Bylo by také dobré si pak doinstalovat nějaký firewall, ten co je součástí Windows není dostačující.
Na ten šmejd nic z toho nezabralo.Ale nasměroval jsi mě správně.Na stránce http://www.bleepingcomputer.com/forums/topic69886.html je návod na ruční odebrání.Mě stačilo pouze přejmenovat soubor hjpprpu.dll na hjpprpu.dll.bad a byl pokoj (zatím).
Soubor OETRN.exe je čistej tady je výpis
STATUS: FINISHEDComplete scanning result of "OETRN.EXE", received in VirusTotal at 12.18.2006, 07:53:50 (CET).
Antivirus Version Update Result
AntiVir 7.3.0.19 12.15.2006 no virus found
Authentium 4.93.8 12.15.2006 no virus found
Avast 4.7.892.0 12.16.2006 no virus found
AVG 386 12.17.2006 no virus found
BitDefender 7.2 12.18.2006 no virus found
CAT-QuickHeal 8.00 12.17.2006 no virus found
ClamAV devel-20060426 12.17.2006 no virus found
DrWeb 4.33 12.18.2006 no virus found
eSafe 7.0.14.0 12.17.2006 no virus found
eTrust-InoculateIT 23.73.88 12.18.2006 no virus found
eTrust-Vet 30.3.3254 12.15.2006 no virus found
Ewido 4.0 12.17.2006 no virus found
Fortinet 2.82.0.0 12.18.2006 no virus found
F-Prot 3.16f 12.15.2006 no virus found
F-Prot4 4.2.1.29 12.15.2006 no virus found
Ikarus T3.1.0.26 12.18.2006 no virus found
Kaspersky 4.0.2.24 12.18.2006 no virus found
McAfee 4920 12.15.2006 no virus found
Microsoft 1.1804 12.15.2006 no virus found
NOD32v2 1924 12.15.2006 no virus found
Norman 5.80.02 12.15.2006 no virus found
Panda 9.0.0.4 12.17.2006 no virus found
Prevx1 V2 12.18.2006 no virus found
Sophos 4.12.0 12.17.2006 no virus found
Sunbelt 2.2.907.0 11.30.2006 no virus found
TheHacker 6.0.3.133 12.16.2006 no virus found
UNA 1.83 12.15.2006 no virus found
VBA32 3.11.1 12.18.2006 no virus found
VirusBuster 4.3.19:9 12.17.2006 no virus found
Aditional Information
File size: 26624 bytes
MD5: 0bc8288dea0bffc6dc38667d8d4f8959
SHA1: b7670768f708c4b9f649497fe2851e400f61ca12
Nový log z hgijack
Logfile of HijackThis v1.99.1
Scan saved at 12:57:42, on 18.12.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\OETRN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\petr\Plocha\Antiviry\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1029
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [OEXPRESS] C:\WINDOWS\OETRN.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Stáhnout Free Download Managerem - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Stáhnout vybrané Free Download Managerem - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Stáhnout vše Free Download Managerem - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{386DBF95-BA2E-4432-B8BC-3D3111FE31B5}: NameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{386DBF95-BA2E-4432-B8BC-3D3111FE31B5}: NameServer = 192.168.0.1
O17 - HKLM\System\CS4\Services\Tcpip\..\{386DBF95-BA2E-4432-B8BC-3D3111FE31B5}: NameServer = 192.168.0.1
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
a upravený log z MWAV.Ten mě zděsil.Hold dětičky se činí.Šmejdy co schází do počtu jsem smazal.Byly v archivech.Co ale s těma co zbyly?
C:\Documents and Settings\All Users\Data aplikací\webroot\spy sweeper\install.dat
Mon Dec 18 10:20:17 2006 => System found infected with zlob Trojan-Downloader (install.dat)! Action taken: No Action Taken.
Mon Dec 18 10:37:03 2006 => File C:\Documents and Settings\Verèa.PT\Local Settings\Temporary Internet Files\Content.IE5\E7CRWN6H\popup[1].htm infected by "Trojan-Clicker.HTML.Agent.a" Virus! Action Taken: No Action Taken.
Mon Dec 18 10:38:43 2006 => File C:\Documents and Settings\Verèa.PT\Local Settings\Temporary Internet Files\Content.IE5\UTOJQTE5\popup[1].htm infected by "Trojan-Clicker.HTML.Agent.a" Virus! Action Taken: No Action Taken.
Mon Dec 18 11:06:41 2006 => File C:\System Volume Information\_restore{D58E0C29-4856-4297-AA34-8AD5FBE5B92F}\RP25\A0007078.exe infected by "Trojan-Downloader.Win32.INService.gen" Virus! Action Taken: No Action Taken.
Mon Dec 18 11:16:18 2006 => File C:\System Volume Information\_restore{D58E0C29-4856-4297-AA34-8AD5FBE5B92F}\RP67\A0014596.dll infected by "Trojan-Downloader.Win32.Small.dzp" Virus! Action Taken: No Action Taken.
Mon Dec 18 11:17:00 2006 => File C:\System Volume Information\_restore{D58E0C29-4856-4297-AA34-8AD5FBE5B92F}\RP70\A0018405.exe infected by "Backdoor.Win32.Beastdoor.av" Virus! Action Taken: No Action Taken.
Mon Dec 18 11:17:00 2006 => File C:\System Volume Information\_restore{D58E0C29-4856-4297-AA34-8AD5FBE5B92F}\RP70\A0018406.exe infected by "Trojan-Spy.Win32.Agent.ph" Virus! Action Taken: No Action Taken.
Mon Dec 18 11:17:01 2006 => File C:\System Volume Information\_restore{D58E0C29-4856-4297-AA34-8AD5FBE5B92F}\RP70\A0018408.scr infected by "Trojan-Dropper.Win32.MultiJoiner.16" Virus! Action Taken: No Action Taken.
Mon Dec 18 11:19:59 2006 => File C:\System Volume Information\_restore{D58E0C29-4856-4297-AA34-8AD5FBE5B92F}\RP81\A0025896.exe infected by "Trojan-Spy.Win32.Agent.ph" Virus! Action Taken: No Action Taken.
Mon Dec 18 11:34:28 2006 => Total Objects Scanned: 117600
Mon Dec 18 11:34:28 2006 => Total Critical Objects: 37
Mon Dec 18 11:34:28 2006 => Total Disinfected Objects: 0
Mon Dec 18 11:34:28 2006 => Total Objects Renamed: 0
Mon Dec 18 11:34:28 2006 => Total Deleted Objects: 0
Mon Dec 18 11:34:28 2006 => Total Errors: 570
Mon Dec 18 11:34:28 2006 => Time Elapsed: 01:17:14
Mon Dec 18 11:34:28 2006 => Virus Database Date: 12/18/2006
Mon Dec 18 11:34:28 2006 => Virus Database Count: 251626
Proč na ně nereaguje antivir?
Soubor OETRN.exe je čistej tady je výpis
STATUS: FINISHEDComplete scanning result of "OETRN.EXE", received in VirusTotal at 12.18.2006, 07:53:50 (CET).
Antivirus Version Update Result
AntiVir 7.3.0.19 12.15.2006 no virus found
Authentium 4.93.8 12.15.2006 no virus found
Avast 4.7.892.0 12.16.2006 no virus found
AVG 386 12.17.2006 no virus found
BitDefender 7.2 12.18.2006 no virus found
CAT-QuickHeal 8.00 12.17.2006 no virus found
ClamAV devel-20060426 12.17.2006 no virus found
DrWeb 4.33 12.18.2006 no virus found
eSafe 7.0.14.0 12.17.2006 no virus found
eTrust-InoculateIT 23.73.88 12.18.2006 no virus found
eTrust-Vet 30.3.3254 12.15.2006 no virus found
Ewido 4.0 12.17.2006 no virus found
Fortinet 2.82.0.0 12.18.2006 no virus found
F-Prot 3.16f 12.15.2006 no virus found
F-Prot4 4.2.1.29 12.15.2006 no virus found
Ikarus T3.1.0.26 12.18.2006 no virus found
Kaspersky 4.0.2.24 12.18.2006 no virus found
McAfee 4920 12.15.2006 no virus found
Microsoft 1.1804 12.15.2006 no virus found
NOD32v2 1924 12.15.2006 no virus found
Norman 5.80.02 12.15.2006 no virus found
Panda 9.0.0.4 12.17.2006 no virus found
Prevx1 V2 12.18.2006 no virus found
Sophos 4.12.0 12.17.2006 no virus found
Sunbelt 2.2.907.0 11.30.2006 no virus found
TheHacker 6.0.3.133 12.16.2006 no virus found
UNA 1.83 12.15.2006 no virus found
VBA32 3.11.1 12.18.2006 no virus found
VirusBuster 4.3.19:9 12.17.2006 no virus found
Aditional Information
File size: 26624 bytes
MD5: 0bc8288dea0bffc6dc38667d8d4f8959
SHA1: b7670768f708c4b9f649497fe2851e400f61ca12
Nový log z hgijack
Logfile of HijackThis v1.99.1
Scan saved at 12:57:42, on 18.12.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\OETRN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\petr\Plocha\Antiviry\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1029
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [OEXPRESS] C:\WINDOWS\OETRN.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Stáhnout Free Download Managerem - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Stáhnout vybrané Free Download Managerem - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Stáhnout vše Free Download Managerem - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{386DBF95-BA2E-4432-B8BC-3D3111FE31B5}: NameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{386DBF95-BA2E-4432-B8BC-3D3111FE31B5}: NameServer = 192.168.0.1
O17 - HKLM\System\CS4\Services\Tcpip\..\{386DBF95-BA2E-4432-B8BC-3D3111FE31B5}: NameServer = 192.168.0.1
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
a upravený log z MWAV.Ten mě zděsil.Hold dětičky se činí.Šmejdy co schází do počtu jsem smazal.Byly v archivech.Co ale s těma co zbyly?
C:\Documents and Settings\All Users\Data aplikací\webroot\spy sweeper\install.dat
Mon Dec 18 10:20:17 2006 => System found infected with zlob Trojan-Downloader (install.dat)! Action taken: No Action Taken.
Mon Dec 18 10:37:03 2006 => File C:\Documents and Settings\Verèa.PT\Local Settings\Temporary Internet Files\Content.IE5\E7CRWN6H\popup[1].htm infected by "Trojan-Clicker.HTML.Agent.a" Virus! Action Taken: No Action Taken.
Mon Dec 18 10:38:43 2006 => File C:\Documents and Settings\Verèa.PT\Local Settings\Temporary Internet Files\Content.IE5\UTOJQTE5\popup[1].htm infected by "Trojan-Clicker.HTML.Agent.a" Virus! Action Taken: No Action Taken.
Mon Dec 18 11:06:41 2006 => File C:\System Volume Information\_restore{D58E0C29-4856-4297-AA34-8AD5FBE5B92F}\RP25\A0007078.exe infected by "Trojan-Downloader.Win32.INService.gen" Virus! Action Taken: No Action Taken.
Mon Dec 18 11:16:18 2006 => File C:\System Volume Information\_restore{D58E0C29-4856-4297-AA34-8AD5FBE5B92F}\RP67\A0014596.dll infected by "Trojan-Downloader.Win32.Small.dzp" Virus! Action Taken: No Action Taken.
Mon Dec 18 11:17:00 2006 => File C:\System Volume Information\_restore{D58E0C29-4856-4297-AA34-8AD5FBE5B92F}\RP70\A0018405.exe infected by "Backdoor.Win32.Beastdoor.av" Virus! Action Taken: No Action Taken.
Mon Dec 18 11:17:00 2006 => File C:\System Volume Information\_restore{D58E0C29-4856-4297-AA34-8AD5FBE5B92F}\RP70\A0018406.exe infected by "Trojan-Spy.Win32.Agent.ph" Virus! Action Taken: No Action Taken.
Mon Dec 18 11:17:01 2006 => File C:\System Volume Information\_restore{D58E0C29-4856-4297-AA34-8AD5FBE5B92F}\RP70\A0018408.scr infected by "Trojan-Dropper.Win32.MultiJoiner.16" Virus! Action Taken: No Action Taken.
Mon Dec 18 11:19:59 2006 => File C:\System Volume Information\_restore{D58E0C29-4856-4297-AA34-8AD5FBE5B92F}\RP81\A0025896.exe infected by "Trojan-Spy.Win32.Agent.ph" Virus! Action Taken: No Action Taken.
Mon Dec 18 11:34:28 2006 => Total Objects Scanned: 117600
Mon Dec 18 11:34:28 2006 => Total Critical Objects: 37
Mon Dec 18 11:34:28 2006 => Total Disinfected Objects: 0
Mon Dec 18 11:34:28 2006 => Total Objects Renamed: 0
Mon Dec 18 11:34:28 2006 => Total Deleted Objects: 0
Mon Dec 18 11:34:28 2006 => Total Errors: 570
Mon Dec 18 11:34:28 2006 => Time Elapsed: 01:17:14
Mon Dec 18 11:34:28 2006 => Virus Database Date: 12/18/2006
Mon Dec 18 11:34:28 2006 => Virus Database Count: 251626
Proč na ně nereaguje antivir?
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Stáhni si CCleaner a pročisti jím Pc (Čistič a Problémy).
Vypni obnovu systému (tak se zbavíš infekce která je zde: C:\System Volume Information\_restore), pak restartuj Pc až najedeš zpátky do windows tak ji můžeš zapnout zpět.
Pak udělej nový log z Mwav a dej ho sem uvidíme co tam zbylo. Na log z HJT se ti pak mrknu zároveň s novým logem z Mwav.
Vypni obnovu systému (tak se zbavíš infekce která je zde: C:\System Volume Information\_restore), pak restartuj Pc až najedeš zpátky do windows tak ji můžeš zapnout zpět.
Pak udělej nový log z Mwav a dej ho sem uvidíme co tam zbylo. Na log z HJT se ti pak mrknu zároveň s novým logem z Mwav.
Zabralo to!! V logu mwav po vyrušení Smitfrauda zbylo tohle
Mon Dec 18 15:49:06 2006 => System found infected with smitfraud Browser Hijacker (mp3.url)! Action taken: No Action Taken.
Mon Dec 18 16:06:09 2006 => Scanning File C:\Documents and Settings\Verèa.PT\Local Settings\Temporary Internet Files\Content.IE5\E7CRWN6H\popup[1].htm
Mon Dec 18 16:06:09 2006 => File C:\Documents and Settings\Verèa.PT\Local Settings\Temporary Internet Files\Content.IE5\E7CRWN6H\popup[1].htm infected by "Trojan-Clicker.HTML.Agent.a" Virus! Action Taken: No Action Taken.
Mon Dec 18 16:08:04 2006 => Scanning File C:\Documents and Settings\Verèa.PT\Local Settings\Temporary Internet Files\Content.IE5\UTOJQTE5\popup[1].htm
Mon Dec 18 16:08:04 2006 => File C:\Documents and Settings\Verèa.PT\Local Settings\Temporary Internet Files\Content.IE5\UTOJQTE5\popup[1].htm infected by "Trojan-Clicker.HTML.Agent.a" Virus! Action Taken: No Action Taken.
Mon Dec 18 16:48:36 2006 => Total Objects Scanned: 102361
Mon Dec 18 16:48:36 2006 => Total Critical Objects: 13
Mon Dec 18 16:48:36 2006 => Total Disinfected Objects: 0
Mon Dec 18 16:48:36 2006 => Total Objects Renamed: 0
Mon Dec 18 16:48:36 2006 => Total Deleted Objects: 0
Mon Dec 18 16:48:36 2006 => Total Errors: 171
Mon Dec 18 16:48:36 2006 => Time Elapsed: 01:02:39
Mon Dec 18 16:48:36 2006 => Virus Database Date: 12/16/2006
Mon Dec 18 16:48:36 2006 => Virus Database Count: 251300
Mon Dec 18 16:48:36 2006 => Scan Completed.
Hijack:
Logfile of HijackThis v1.99.1
Scan saved at 17:16:59, on 18.12.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\OETRN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\petr\Plocha\Antiviry\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1029
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [OEXPRESS] C:\WINDOWS\OETRN.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Stáhnout Free Download Managerem - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Stáhnout vybrané Free Download Managerem - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Stáhnout vše Free Download Managerem - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{386DBF95-BA2E-4432-B8BC-3D3111FE31B5}: NameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{386DBF95-BA2E-4432-B8BC-3D3111FE31B5}: NameServer = 192.168.0.1
O17 - HKLM\System\CS4\Services\Tcpip\..\{386DBF95-BA2E-4432-B8BC-3D3111FE31B5}: NameServer = 192.168.0.1
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
Mon Dec 18 15:49:06 2006 => System found infected with smitfraud Browser Hijacker (mp3.url)! Action taken: No Action Taken.
Mon Dec 18 16:06:09 2006 => Scanning File C:\Documents and Settings\Verèa.PT\Local Settings\Temporary Internet Files\Content.IE5\E7CRWN6H\popup[1].htm
Mon Dec 18 16:06:09 2006 => File C:\Documents and Settings\Verèa.PT\Local Settings\Temporary Internet Files\Content.IE5\E7CRWN6H\popup[1].htm infected by "Trojan-Clicker.HTML.Agent.a" Virus! Action Taken: No Action Taken.
Mon Dec 18 16:08:04 2006 => Scanning File C:\Documents and Settings\Verèa.PT\Local Settings\Temporary Internet Files\Content.IE5\UTOJQTE5\popup[1].htm
Mon Dec 18 16:08:04 2006 => File C:\Documents and Settings\Verèa.PT\Local Settings\Temporary Internet Files\Content.IE5\UTOJQTE5\popup[1].htm infected by "Trojan-Clicker.HTML.Agent.a" Virus! Action Taken: No Action Taken.
Mon Dec 18 16:48:36 2006 => Total Objects Scanned: 102361
Mon Dec 18 16:48:36 2006 => Total Critical Objects: 13
Mon Dec 18 16:48:36 2006 => Total Disinfected Objects: 0
Mon Dec 18 16:48:36 2006 => Total Objects Renamed: 0
Mon Dec 18 16:48:36 2006 => Total Deleted Objects: 0
Mon Dec 18 16:48:36 2006 => Total Errors: 171
Mon Dec 18 16:48:36 2006 => Time Elapsed: 01:02:39
Mon Dec 18 16:48:36 2006 => Virus Database Date: 12/16/2006
Mon Dec 18 16:48:36 2006 => Virus Database Count: 251300
Mon Dec 18 16:48:36 2006 => Scan Completed.
Hijack:
Logfile of HijackThis v1.99.1
Scan saved at 17:16:59, on 18.12.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\OETRN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\petr\Plocha\Antiviry\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1029
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [OEXPRESS] C:\WINDOWS\OETRN.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Stáhnout Free Download Managerem - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Stáhnout vybrané Free Download Managerem - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Stáhnout vše Free Download Managerem - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{386DBF95-BA2E-4432-B8BC-3D3111FE31B5}: NameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{386DBF95-BA2E-4432-B8BC-3D3111FE31B5}: NameServer = 192.168.0.1
O17 - HKLM\System\CS4\Services\Tcpip\..\{386DBF95-BA2E-4432-B8BC-3D3111FE31B5}: NameServer = 192.168.0.1
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Zkus pc ještě jednou projet SmitFraudFix-em. Pokud ho už nemáš tak si ho znovu stáhni: SmitFraudFix (bylo přidáno odstranění pár klíčů z registru a souborů co si vytvořil AntiVermins)
Spustíš SmitFraudFix - objeví se modrá obrazovka aplikace a stiskneš volbu 4. Proběhne update programu (po updatu bys měl mít verzi 2.131).
Po té opět na obrazovce s menu stiskni volubu 2. Nechej proskenovat počítač.
Pokud budeš dotázán, zda povolíš čištění registrů (Do you want to clean the registry ?), stiskni klávesu Y (pozor na záměnu Y a Z na klávesnici)
Pokud budeš dotázán na odstranění zavirovaných souborů z počítače (Replace infected file ?), stiskneš opět klávesu Y.
Log z HJT by měl být už v pořádku. Jen ještě v Mwav něco detekuje a nedal jsi sem všechno co našel tak to zkusíme jinak. Spusť znovu Mwav. Na úvodní obrazovce klikni na tlačítko Clear Log tím smažeš případné staré logy. Pak spusť Scan. Po proběhnutí kontroly klikni na tlačítko View log otevře se ti okno s logem ten ulož někam na disk. Pak ho zabal třeba do zipu a dej ho jako přílohu ke svému příspěvku.
Spustíš SmitFraudFix - objeví se modrá obrazovka aplikace a stiskneš volbu 4. Proběhne update programu (po updatu bys měl mít verzi 2.131).
Po té opět na obrazovce s menu stiskni volubu 2. Nechej proskenovat počítač.
Pokud budeš dotázán, zda povolíš čištění registrů (Do you want to clean the registry ?), stiskni klávesu Y (pozor na záměnu Y a Z na klávesnici)
Pokud budeš dotázán na odstranění zavirovaných souborů z počítače (Replace infected file ?), stiskneš opět klávesu Y.
Log z HJT by měl být už v pořádku. Jen ještě v Mwav něco detekuje a nedal jsi sem všechno co našel tak to zkusíme jinak. Spusť znovu Mwav. Na úvodní obrazovce klikni na tlačítko Clear Log tím smažeš případné staré logy. Pak spusť Scan. Po proběhnutí kontroly klikni na tlačítko View log otevře se ti okno s logem ten ulož někam na disk. Pak ho zabal třeba do zipu a dej ho jako přílohu ke svému příspěvku.
Tady je výpis z Virus log information.To co je tučně to opravdu nevím co je.(Nestcape na compu nemám)Výpis z MWAV nejde poslat,je větší než je povoleno.
C:\Documents and Settings\petr\Plocha\Antiviry\SmitfraudFix\Reboot.exe tagged as "not-a-virus:RiskTool.Win32.Reboot.f". Action Taken: No Action Taken.
C:\Documents andSettings\petr\Plocha\Antiviry\SmitfraudFix\SmitfraudFix.zip tagged as "not-a-virus:RiskTool.Win32.Reboot.f". Action Taken: No Action Taken.File
C:\Documents and Settings\petr\Plocha\Antiviry\SmitfraudFix.rar tagged as "not-a-virus:RiskTool.Win32.Reboot.f". Action Taken: No Action Taken.
C:\Documents and Settings\petr\Plocha\SmitfraudFix\Reboot.exe tagged as "not-a-virus:RiskTool.Win32.Reboot.f". Action Taken: No Action Taken.
C:\Documents and Settings\petr\Plocha\SmitfraudFix\SmitfraudFix.zip tagged as "not-a-virus:RiskTool.Win32.Reboot.f". Action Taken: No Action Taken.
C:\Documents and Settings\petr\Plocha\SmitfraudFix.exe tagged as "not-a-virus:RiskTool.Win32.Reboot.f". Action Taken: No Action Taken.
Object "smitfraud Browser Hijacker" found in File System! Action Taken: No Action Taken.
Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object ""D:\data\cdw32.exe"". Action Taken: No Action Taken.
Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object "D:\data\cdw32.exe". Action Taken: No Action Taken.
File
C:\Documents and Settings\petr\Plocha\Antiviry\SmitfraudFix\Reboot.exe tagged as "not-a-virus:RiskTool.Win32.Reboot.f". Action Taken: No Action Taken.
C:\Documents and Settings\petr\Plocha\Antiviry\SmitfraudFix\SmitfraudFix.zip tagged as "not-a-virus:RiskTool.Win32.Reboot.f". Action Taken: No Action Taken.
C:\Documents and Settings\petr\Plocha\Antiviry\SmitfraudFix.rar tagged as "not-a-virus:RiskTool.Win32.Reboot.f". Action Taken: No Action Taken.
C:\Documents and Settings\petr\Plocha\SmitfraudFix\Reboot.exe tagged as "not-a-virus:RiskTool.Win32.Reboot.f". Action Taken: No Action Taken.
C:\Documents and Settings\petr\Plocha\SmitfraudFix\SmitfraudFix.zip tagged as "not-a-virus:RiskTool.Win32.Reboot.f". Action Taken: No Action Taken.
C:\Documents and Settings\petr\Plocha\SmitfraudFix.exe tagged as "not-a-virus:RiskTool.Win32.Reboot.f". Action Taken: No Action Taken.
C:\Documents and Settings\Verèa.PT\Local Settings\Temporary Internet Files\Content.IE5\E7CRWN6H\popup[1].htm infected by "Trojan-Clicker.HTML.Agent.a" Virus! Action Taken: No Action Taken.
C:\Documents and Settings\Verèa.PT\Local Settings\Temporary Internet Files\Content.IE5\UTOJQTE5\popup[1].htm infected by "Trojan-Clicker.HTML.Agent.a" Virus! Action Taken: No Action Taken.
File
C:\Program Files\DAEMON Tools\SetupDTSB.exe tagged as not-a-virus:AdTool.Win32.WhenU.a. No Action Taken.
C:\System Volume Information\_restore{D58E0C29-4856-4297-AA34-8AD5FBE5B92F}\RP1\A0000172.exe tagged as "not-a-virus:RiskTool.Win32.Reboot.f". Action Taken: No Action Taken.
C:\Documents and Settings\petr\Plocha\Antiviry\SmitfraudFix\Reboot.exe tagged as "not-a-virus:RiskTool.Win32.Reboot.f". Action Taken: No Action Taken.
C:\Documents andSettings\petr\Plocha\Antiviry\SmitfraudFix\SmitfraudFix.zip tagged as "not-a-virus:RiskTool.Win32.Reboot.f". Action Taken: No Action Taken.File
C:\Documents and Settings\petr\Plocha\Antiviry\SmitfraudFix.rar tagged as "not-a-virus:RiskTool.Win32.Reboot.f". Action Taken: No Action Taken.
C:\Documents and Settings\petr\Plocha\SmitfraudFix\Reboot.exe tagged as "not-a-virus:RiskTool.Win32.Reboot.f". Action Taken: No Action Taken.
C:\Documents and Settings\petr\Plocha\SmitfraudFix\SmitfraudFix.zip tagged as "not-a-virus:RiskTool.Win32.Reboot.f". Action Taken: No Action Taken.
C:\Documents and Settings\petr\Plocha\SmitfraudFix.exe tagged as "not-a-virus:RiskTool.Win32.Reboot.f". Action Taken: No Action Taken.
Object "smitfraud Browser Hijacker" found in File System! Action Taken: No Action Taken.
Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object ""D:\data\cdw32.exe"". Action Taken: No Action Taken.
Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object "D:\data\cdw32.exe". Action Taken: No Action Taken.
File
C:\Documents and Settings\petr\Plocha\Antiviry\SmitfraudFix\Reboot.exe tagged as "not-a-virus:RiskTool.Win32.Reboot.f". Action Taken: No Action Taken.
C:\Documents and Settings\petr\Plocha\Antiviry\SmitfraudFix\SmitfraudFix.zip tagged as "not-a-virus:RiskTool.Win32.Reboot.f". Action Taken: No Action Taken.
C:\Documents and Settings\petr\Plocha\Antiviry\SmitfraudFix.rar tagged as "not-a-virus:RiskTool.Win32.Reboot.f". Action Taken: No Action Taken.
C:\Documents and Settings\petr\Plocha\SmitfraudFix\Reboot.exe tagged as "not-a-virus:RiskTool.Win32.Reboot.f". Action Taken: No Action Taken.
C:\Documents and Settings\petr\Plocha\SmitfraudFix\SmitfraudFix.zip tagged as "not-a-virus:RiskTool.Win32.Reboot.f". Action Taken: No Action Taken.
C:\Documents and Settings\petr\Plocha\SmitfraudFix.exe tagged as "not-a-virus:RiskTool.Win32.Reboot.f". Action Taken: No Action Taken.
C:\Documents and Settings\Verèa.PT\Local Settings\Temporary Internet Files\Content.IE5\E7CRWN6H\popup[1].htm infected by "Trojan-Clicker.HTML.Agent.a" Virus! Action Taken: No Action Taken.
C:\Documents and Settings\Verèa.PT\Local Settings\Temporary Internet Files\Content.IE5\UTOJQTE5\popup[1].htm infected by "Trojan-Clicker.HTML.Agent.a" Virus! Action Taken: No Action Taken.
File
C:\Program Files\DAEMON Tools\SetupDTSB.exe tagged as not-a-virus:AdTool.Win32.WhenU.a. No Action Taken.
C:\System Volume Information\_restore{D58E0C29-4856-4297-AA34-8AD5FBE5B92F}\RP1\A0000172.exe tagged as "not-a-virus:RiskTool.Win32.Reboot.f". Action Taken: No Action Taken.
Mrmla píše:Výpis z MWAV nejde poslat,je větší než je povoleno.
Výpis z MWavu musíš upravit podle tohoto návodu.
Největší životní moudro je,vědět na koho se VYSRAT a před kým POSRAT .
_______________________________________
Když píšu bez diakritiky ta je to z:
G1 Android.Root. rom Canyogen 3.6.2 Theme HTC Hero 1.4.0; SonyEricsson XperiaX10; HTC Wilfire
_______________________________________
Když píšu bez diakritiky ta je to z:
G1 Android.Root. rom Canyogen 3.6.2 Theme HTC Hero 1.4.0; SonyEricsson XperiaX10; HTC Wilfire
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
To je chybný záznam v registrech s tím moc nenaděláš.
Tady tyto položky patří k Smitfraudfix
Vymaž tento soubor označený červeně: C:\Program Files\DAEMON Tools\SetupDTSB.exe
Když to nejde sem vložit tak můžeš mi poslat log na mejla (zabal ho třeba do zipu) poslal sem ti ho přes SZ.
Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object ""D:\data\cdw32.exe"". Action Taken: No Action Taken.
Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object "D:\data\cdw32.exe". Action Taken: No Action Taken.
Tady tyto položky patří k Smitfraudfix
->když vymažeš Smitfraudfix na ploše tak ve výpisu nebudou figurovat.C:\Documents and Settings\petr\Plocha\Antiviry\SmitfraudFix\Reboot.exe tagged as "not-a-virus:RiskTool.Win32.Reboot.f". Action Taken: No Action Taken.
C:\Documents andSettings\petr\Plocha\Antiviry\SmitfraudFix\SmitfraudFix.zip tagged as "not-a-virus:RiskTool.Win32.Reboot.f". Action Taken: No Action Taken.File
C:\Documents and Settings\petr\Plocha\Antiviry\SmitfraudFix.rar tagged as "not-a-virus:RiskTool.Win32.Reboot.f". Action Taken: No Action Taken.
C:\Documents and Settings\petr\Plocha\SmitfraudFix\Reboot.exe tagged as "not-a-virus:RiskTool.Win32.Reboot.f". Action Taken: No Action Taken.
C:\Documents and Settings\petr\Plocha\SmitfraudFix\SmitfraudFix.zip tagged as "not-a-virus:RiskTool.Win32.Reboot.f". Action Taken: No Action Taken.
C:\Documents and Settings\petr\Plocha\SmitfraudFix.exe tagged as "not-a-virus:RiskTool.Win32.Reboot.f". Action Taken: No Action Taken.
C:\Documents and Settings\petr\Plocha\Antiviry\SmitfraudFix\Reboot.exe tagged as "not-a-virus:RiskTool.Win32.Reboot.f". Action Taken: No Action Taken.
C:\Documents and Settings\petr\Plocha\Antiviry\SmitfraudFix\SmitfraudFix.zip tagged as "not-a-virus:RiskTool.Win32.Reboot.f". Action Taken: No Action Taken.
C:\Documents and Settings\petr\Plocha\Antiviry\SmitfraudFix.rar tagged as "not-a-virus:RiskTool.Win32.Reboot.f". Action Taken: No Action Taken.
C:\Documents and Settings\petr\Plocha\SmitfraudFix\Reboot.exe tagged as "not-a-virus:RiskTool.Win32.Reboot.f". Action Taken: No Action Taken.
C:\Documents and Settings\petr\Plocha\SmitfraudFix\SmitfraudFix.zip tagged as "not-a-virus:RiskTool.Win32.Reboot.f". Action Taken: No Action Taken.
C:\Documents and Settings\petr\Plocha\SmitfraudFix.exe tagged as "not-a-virus:RiskTool.Win32.Reboot.f". Action Taken: No Action Taken.
Vymaž tento soubor označený červeně: C:\Program Files\DAEMON Tools\SetupDTSB.exe
Když to nejde sem vložit tak můžeš mi poslat log na mejla (zabal ho třeba do zipu) poslal sem ti ho přes SZ.
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 7 hostů