1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Hijacking my homepage

Discussion in 'Virus & Other Malware Removal' started by petrbosek, Aug 9, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. petrbosek

    petrbosek Thread Starter

    Joined:
    Aug 9, 2006
    Messages:
    7
    Hello

    When I start my browser (IE 6.0. If I use Mozilla, it works without problems as usually), I can't see my home page, but there's a web page of http://www.securitynetpage.com/
    Could you help me please.

    Does it mean, I have a virus on my PC, or is that some kind of spyware?? Or should I be afraid, someone could see my passwords??

    Thanks a lot for fast reply.

    Petr Bosek
     
  2. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Click here to download HJTsetup.exe:

    http://www.thespykiller.co.uk/forum/index.php?action=tpmod;dl=item5
    Scroll down to the download section

    Save HJTsetup.exe to your desktop.

    Double click on the HJTsetup.exe icon on your desktop.
    By default it will install to C:\Program Files\Hijack This.
    Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
    Put a check by Create a desktop icon then click Next again.
    Continue to follow the rest of the prompts from there.
    At the final dialogue box click Finish and it will launch Hijack This.
    Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
    Click Save to save the log file and then the log will open in notepad.
    Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    Come back here to this thread and Paste the log in your next reply.
    DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
     
  3. petrbosek

    petrbosek Thread Starter

    Joined:
    Aug 9, 2006
    Messages:
    7
    Logfile of HijackThis v1.99.1
    Scan saved at 17:11:28, on 9.8.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    D:\Program Files\Alwil Software\Avast4\ashServ.exe
    D:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
    D:\WINDOWS\Explorer.EXE
    D:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
    D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    D:\WINDOWS\system32\igfxtray.exe
    D:\WINDOWS\system32\hkcmd.exe
    D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    D:\WINDOWS\SOUNDMAN.EXE
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\PDF\pdfSaver\pdfSaver3.exe
    D:\Program Files\VitalSigns\Net.Medic\Program\netMedic.exe
    D:\PROGRA~1\VITALS~1\Net.Medic\Program\syshook.exe
    D:\Program Files\Mozilla Firefox\firefox.exe
    D:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1da7dbe8-c51b-4ae4-bc6e-21863349b0b4} - D:\Program Files\Media-Codec\isaddon.dll
    O3 - Toolbar: &Seznam Bezpečný Internet - {B71B15CE-3093-459C-B764-AEB2486F2273} - D:\Program Files\Seznam Bezpecny Internet\SBI.dll
    O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Toolbar\01.01.1601.0\cs-cz\msntb.dll
    O4 - HKLM\..\Run: [SeznamAntidialer] D:\Program Files\Seznam Bezpecny Internet\SBIAntiDialer.exe
    O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [pdfSaver3] "D:\Program Files\PDF\pdfSaver\pdfSaver3.exe"
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Net.Medic.lnk = D:\Program Files\VitalSigns\Net.Medic\Program\netMedic.exe
    O8 - Extra context menu item: &Přelož do češtiny - res://D:\Program Files\Seznam Bezpecny Internet\SBI.dll/5034
    O8 - Extra context menu item: Hledej v &Seznamu - res://D:\Program Files\Seznam Bezpecny Internet\SBI.dll/5033
    O8 - Extra context menu item: Hledej v Seznam &Fulltextu - res://D:\Program Files\Seznam Bezpecny Internet\SBI.dll/5035
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1155131658312
    O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/1056423.exe
    O20 - Winlogon Notify: igfxcui - D:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: hubbsi - {7b1eeccd-0a6d-4ad5-8ac1-4af5722b3885} - D:\WINDOWS\system32\vwlummc.dll (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - D:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
    O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - D:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
    O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe

    Thanks for your interest and for a really fast answer...
    Petr
     
  4. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

    Please download SmitfraudFix (by S!Ri)
    Extract the content (a folder named SmitfraudFix) to your Desktop.

    Next, please reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, a menu with options should appear;
    • Select the first option, to run Windows in Safe Mode, then press "Enter".
    • Choose your usual account.
    Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
    Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

    You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

    The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

    The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

    A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new hijack log.

    The report can also be found at the root of the system drive, usually at C:\rapport.txt

    Warning: running option #2 on a non infected computer will remove your Desktop background.
     
  5. petrbosek

    petrbosek Thread Starter

    Joined:
    Aug 9, 2006
    Messages:
    7
    SmitFraudFix v2.81

    Scan done at 17:53:00,85, st 09.08.2006
    Run from D:\Documents and Settings\User\Plocha
    OS: Microsoft Windows XP [Verze 5.1.2600] - Windows_NT
    Fix ran in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "hubbsi"="{7b1eeccd-0a6d-4ad5-8ac1-4af5722b3885}"


    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri

    D:\WINDOWS\system32\vwlummc.dll -> Missing File


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

    D:\Program Files\Media-Codec\ Deleted

    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» End
     
  6. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Download the trial version of Ewido Security Suite http://www.ewido.net/en/download/ (W2K/XP Only)
    · Install ewido.
    · Run the application
    · Clickon scanner
    · then select the "Settings" tab.
    · Once in the Settings screen click on "Recommended actions" and then select "Delete".
    · Select "Automatically generate report after every scan"
    · Un-Select "Only if threats were found"
    · Click Complete System Scan and the scan will begin.
    · When the scan is finished, Set all items to delete
    · Apply all actions
    · look at the bottom of the screen and click the Save report button.
    · Save the report to your C: Drive
    This will take some time to run!
    RE-Boot
    Post that log and a new HiJack log
     
  7. petrbosek

    petrbosek Thread Starter

    Joined:
    Aug 9, 2006
    Messages:
    7
    ---------------------------------------------------------
    ewido anti-spyware - report o výsledku scanování
    ---------------------------------------------------------

    + Vytvořen v: 19:06:01 9.8.2006

    + Výsledek scanování:



    HKU\S-1-5-21-343818398-1202660629-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1DA7DBE8-C51B-4AE4-BC6E-21863349B0B4} -> Adware.Generic : Nebyla provedena žádná akce.


    ::Konec reportu

    -------------------------------------------------------------------------------------------------

    Logfile of HijackThis v1.99.1
    Scan saved at 19:07:59, on 9.8.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    D:\Program Files\Alwil Software\Avast4\ashServ.exe
    D:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
    D:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
    D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    D:\WINDOWS\Explorer.EXE
    D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    D:\WINDOWS\system32\igfxtray.exe
    D:\WINDOWS\system32\hkcmd.exe
    D:\WINDOWS\SOUNDMAN.EXE
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\PDF\pdfSaver\pdfSaver3.exe
    D:\Program Files\VitalSigns\Net.Medic\Program\netMedic.exe
    D:\PROGRA~1\VITALS~1\Net.Medic\Program\syshook.exe
    D:\Program Files\Internet Explorer\iexplore.exe
    D:\Program Files\ewido anti-spyware 4.0\guard.exe
    D:\Program Files\ewido anti-spyware 4.0\ewido.exe
    D:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O3 - Toolbar: &Seznam Bezpečný Internet - {B71B15CE-3093-459C-B764-AEB2486F2273} - D:\Program Files\Seznam Bezpecny Internet\SBI.dll
    O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Toolbar\01.01.1601.0\cs-cz\msntb.dll
    O4 - HKLM\..\Run: [SeznamAntidialer] D:\Program Files\Seznam Bezpecny Internet\SBIAntiDialer.exe
    O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [!ewido] "D:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [pdfSaver3] "D:\Program Files\PDF\pdfSaver\pdfSaver3.exe"
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Net.Medic.lnk = D:\Program Files\VitalSigns\Net.Medic\Program\netMedic.exe
    O8 - Extra context menu item: &Přelož do češtiny - res://D:\Program Files\Seznam Bezpecny Internet\SBI.dll/5034
    O8 - Extra context menu item: Hledej v &Seznamu - res://D:\Program Files\Seznam Bezpecny Internet\SBI.dll/5033
    O8 - Extra context menu item: Hledej v Seznam &Fulltextu - res://D:\Program Files\Seznam Bezpecny Internet\SBI.dll/5035
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1155131658312
    O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/1056423.exe
    O20 - Winlogon Notify: igfxcui - D:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - D:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
    O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - D:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
    O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
     
  8. petrbosek

    petrbosek Thread Starter

    Joined:
    Aug 9, 2006
    Messages:
    7
    I didn't reboot after the scan by ewido.

    Hang on, I'll send it again...

    Petr
     
  9. petrbosek

    petrbosek Thread Starter

    Joined:
    Aug 9, 2006
    Messages:
    7
    ---------------------------------------------------------
    ewido anti-spyware - report o výsledku scanování
    ---------------------------------------------------------

    + Vytvořen v: 19:06:01 9.8.2006

    + Výsledek scanování:



    HKU\S-1-5-21-343818398-1202660629-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1DA7DBE8-C51B-4AE4-BC6E-21863349B0B4} -> Adware.Generic : Nebyla provedena žádná akce.


    ::Konec reportu



    --------------------------------------------------------------------------------------------------

    Logfile of HijackThis v1.99.1
    Scan saved at 19:17:35, on 9.8.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    D:\Program Files\Alwil Software\Avast4\ashServ.exe
    D:\Program Files\ewido anti-spyware 4.0\guard.exe
    D:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
    D:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
    D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    D:\WINDOWS\Explorer.EXE
    D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    D:\WINDOWS\system32\igfxtray.exe
    D:\WINDOWS\system32\hkcmd.exe
    D:\WINDOWS\SOUNDMAN.EXE
    D:\Program Files\ewido anti-spyware 4.0\ewido.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\PDF\pdfSaver\pdfSaver3.exe
    D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    D:\Program Files\VitalSigns\Net.Medic\Program\netMedic.exe
    D:\PROGRA~1\VITALS~1\Net.Medic\Program\syshook.exe
    D:\WINDOWS\system32\wuauclt.exe
    D:\Program Files\Internet Explorer\iexplore.exe
    D:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O3 - Toolbar: &Seznam Bezpečný Internet - {B71B15CE-3093-459C-B764-AEB2486F2273} - D:\Program Files\Seznam Bezpecny Internet\SBI.dll
    O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Toolbar\01.01.1601.0\cs-cz\msntb.dll
    O4 - HKLM\..\Run: [SeznamAntidialer] D:\Program Files\Seznam Bezpecny Internet\SBIAntiDialer.exe
    O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [!ewido] "D:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [pdfSaver3] "D:\Program Files\PDF\pdfSaver\pdfSaver3.exe"
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Net.Medic.lnk = D:\Program Files\VitalSigns\Net.Medic\Program\netMedic.exe
    O8 - Extra context menu item: &Přelož do češtiny - res://D:\Program Files\Seznam Bezpecny Internet\SBI.dll/5034
    O8 - Extra context menu item: Hledej v &Seznamu - res://D:\Program Files\Seznam Bezpecny Internet\SBI.dll/5033
    O8 - Extra context menu item: Hledej v Seznam &Fulltextu - res://D:\Program Files\Seznam Bezpecny Internet\SBI.dll/5035
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1155131658312
    O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/1056423.exe
    O20 - Winlogon Notify: igfxcui - D:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - D:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
    O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - D:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
    O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
     
  10. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
  11. petrbosek

    petrbosek Thread Starter

    Joined:
    Aug 9, 2006
    Messages:
    7
    It's the last problem, I'm worried about...

    Do you think, I should change my password. Or could anybody see passwords saved on my PC during the time, we have had this problem??

    Thanks a lot for your answer and your help.

    Petr
     
  12. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Obviously I can't read the message - Just keep an eye out, obviously changing the password can't hurt
     
  13. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Solved Hijacking homepage
  1. PhoenixNEW
    Replies:
    0
    Views:
    238
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/490770

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice