Sviňa Trojan - prosím pomozte | 10.09.2008 0:05:23 | |||||||||||||||||||
Jirka | ||||||||||||||||||||
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:01: VIRUS ALERT!, on 10.9.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\WgaTray.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Everyday Auto Backup\AutoBackup.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\PopTray-Květenský\PopTray.exe C:\WINDOWS\explorer.exe C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Opera\opera.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://tiscali.cz/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.1.250:8080/default/login.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\TRANSLAT\WEBIE.DLL O4 - HKLM\..\Run: [SysGuard] "C:\Program Files\SysGuard\sysguard.exe" /l O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Everyday Auto Backup] C:\Program Files\Everyday Auto Backup\AutoBackup.exe /1 O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program File | ||||||||||||||||||||
odpovědět | ||||||||||||||||||||
RE: Sviňa Trojan - prosím pomozte | 10.09.2008 9:27:29 | |||||||||||||||||||
Raptor | http://raptor.cestiny.cz | |||||||||||||||||||
Virus Alert, co? Ani nepotrebuju videt zbytek logu :-) Stahnout Combofix, ulozit na plochu, spustit, nechat bezet (bude asi i restart), potom vzit log a poslat emailem spolecne s hijackthis logem. | ||||||||||||||||||||
odpovědět | ||||||||||||||||||||