trojan vir

willy51 · Příspěvek od **willy51** » 10 črc 2009 13:02

Zdravím,
som mierna počítačova lama, takže sa pokúsim svoj problém čo najlepšie vysvetliť:). Včera mi nod32 ohlásil vírus, ktorý sa nedal liečiť, bola dostupná iba možnosť zmazať. Zmazal som. Vtom mi nahlásilo chybu v súbore service.exe, a spustila sa tabuľka s odpočítavaním jednej minúty do ukončenia systému a reštartu počítača. Teraz sa to objavuje po každom zapnutí pc (odpočítavanie), niekedy sa po tej minúte pc vypne, niekedy nie. Prestalo fungovať icq aj mozilla, opera beží s ťažkosťami (tu na fórum sa mi našťastie podarilo dostať). Preto by som potreboval poradiť, čo ďalej. Za odpovede dopredu vďaka.

Damned · Příspěvek od **Damned** » 10 črc 2009 14:11

V případě, že se ti zapne odpočítávání dej:

Po začátku odpočítávání dej Start->Spustit a napište "shutdown -a" (bez uvozovek). Odpočítávání přestane. Foneticky: šutdownmezerapomlčkaa.

Z mého podpisu si stáhni prográmek Hijackthis a podle návodu udělej z něho log a vlož ho sem.
Při stahování souboru HijackThis.exe ho přejmenuj. To je: až se ti zobrazí místo pro uložení a název souboru Hijackthis.exe, přejmenuj ho třeba na Tomáš.exe. Tento přejmenovaný soubor poté spusť podle návodu na Hijackthis.

willy51 · Příspěvek od **willy51** » 10 črc 2009 14:45

Dúfam, že som to urobil správne. Tu je log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:34:40, on 10.7.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\Explorer.EXE
H:\PROGRA~1\MEDIAK~1\MagicKey.exe
H:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
H:\Program Files\ASUS\GamerOSD\GamerOSD.exe
H:\Program Files\Winamp\winampa.exe
H:\PROGRA~1\MEDIAK~1\OSD.exe
H:\WINDOWS\system32\RUNDLL32.EXE
H:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
H:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
H:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
H:\Program Files\DAEMON Tools Lite\daemon.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\ICQ6.5\ICQ.exe
H:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
H:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
H:\WINDOWS\ATKKBService.exe
H:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
H:\Program Files\ICQ6Toolbar\ICQ Service.exe
H:\WINDOWS\runservice.exe
H:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\system32\PnkBstrA.exe
H:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\PC Connectivity Solution\ServiceLayer.exe
H:\WINDOWS\system32\imapi.exe
H:\WINDOWS\system32\wscntfy.exe
H:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
H:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
H:\WINDOWS\system32\dwwin.exe
H:\Program Files\Opera\opera.exe
H:\WINDOWS\system32\dumprep.exe
H:\WINDOWS\system32\dwwin.exe
H:\Program Files\Internet Explorer\IEXPLORE.EXE
H:\WINDOWS\system32\dumprep.exe
H:\WINDOWS\system32\dwwin.exe
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?SearchSource ... =CT1750559" onclick="window.open(this.href);return false;
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - H:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - H:\Program Files\BS_Player\tbBS_1.dll
F2 - REG:system.ini: UserInit=H:\WINDOWS\system32\userinit.exe
O1 - Hosts: 38.113.174.32 http://www.google-analytics.com" onclick="window.open(this.href);return false;
O1 - Hosts: 38.113.170.200 ads1.msn.com
O1 - Hosts: 38.113.174.32 dehp.myspace.com
O1 - Hosts: 38.113.174.32 demr.myspace.com
O1 - Hosts: 38.113.174.32 desk.myspace.com
O1 - Hosts: 38.113.174.32 delb.myspace.com
O1 - Hosts: 38.113.174.32 delb2.myspace.com
O1 - Hosts: 38.113.174.32 debr.myspace.com
O1 - Hosts: 38.113.170.200 rad.msn.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - H:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Cole2k Media Toolbar Helper - {5499BCB1-5641-4A4C-9F75-462D4D8D0DA0} - H:\Program Files\Cole2k Media Toolbar\v3.3.0.1\Cole2k_Media_Toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - h:\program files\google\googletoolbar1.dll
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - H:\Program Files\BS_Player\tbBS_1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\program files\google\googletoolbar1.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - H:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - H:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Cole2k Media Toolbar - {8AE33802-00D3-4F1B-B5C7-6FEE34E402CE} - H:\Program Files\Cole2k Media Toolbar\v3.3.0.1\Cole2k_Media_Toolbar.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - H:\Program Files\BS_Player\tbBS_1.dll
O4 - HKLM\..\Run: [MagicKey] H:\PROGRA~1\MEDIAK~1\MagicKey.exe
O4 - HKLM\..\Run: [HDAudDeck] H:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [ASUSGamerOSD] H:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [WinampAgent] "H:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PCSuiteTrayApplication] H:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "H:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [egui] "H:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - HKCU\..\Run: [Google Desktop Search] "H:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [DAEMON Tools Lite] "H:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [EA Core] H:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ICQ] "H:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] H:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = H:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = H:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: &Google Search - res://H" onclick="window.open(this.href);return false;:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://H" onclick="window.open(this.href);return false;:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://H" onclick="window.open(this.href);return false;:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://H" onclick="window.open(this.href);return false;:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://H" onclick="window.open(this.href);return false;:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://H" onclick="window.open(this.href);return false;:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - H:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - H:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - H:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab" onclick="window.open(this.href);return false;
O17 - HKLM\System\CCS\Services\Tcpip\..\{41C04E3C-606D-4C4E-8D6C-3E91063BB482}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - H:\WINDOWS\ATKKBService.exe
O23 - Service: Služba inteligentního přenosu na pozadí (BITS) - Unknown owner - H:\WINDOWS\
O23 - Service: ESET HTTP Server (ehttpsrv) - ESET - H:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - H:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: ICQ Service - Unknown owner - H:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - H:\WINDOWS\runservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - H:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - H:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - H:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Automatické aktualizace (wuauserv) - Unknown owner - H:\WINDOWS\

--
End of file - 9337 bytes

Damned · Příspěvek od **Damned** » 10 črc 2009 15:09

Spusť si služby ( Start-->> Nástroje pro správu-->> Služby a zastav službu "Služba inteligentního přenosu na pozadí (BITS)"" a poté ji nastav na ruční spouštění. Viz obrázek.
*****************************************************************************************************************************************
Odinstaluj si:

ICQ6Toolbar
BS_Player (BS_Player Toolbar)
Cole2k Media Toolbar
DAEMON Tools Toolbar
*****************************************************************************************************************************************
Spusť HJT, vypni prohlížeče, odpoj se od internetu a fixni (zatrhnout políčko před hodnotou, zmáčknout
"Fix checked"):

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?SearchSource" onclick="window.open(this.href);return false; ... =CT1750559
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - H:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - H:\Program Files\BS_Player\tbBS_1.dll
O1 - Hosts: 38.113.174.32 http://www.google-analytics.com" onclick="window.open(this.href);return false;
O1 - Hosts: 38.113.170.200 ads1.msn.com
O1 - Hosts: 38.113.174.32 dehp.myspace.com
O1 - Hosts: 38.113.174.32 demr.myspace.com
O1 - Hosts: 38.113.174.32 desk.myspace.com
O1 - Hosts: 38.113.174.32 delb.myspace.com
O1 - Hosts: 38.113.174.32 delb2.myspace.com
O1 - Hosts: 38.113.174.32 debr.myspace.com
O1 - Hosts: 38.113.170.200 rad.msn.com
O2 - BHO: Cole2k Media Toolbar Helper - {5499BCB1-5641-4A4C-9F75-462D4D8D0DA0} - H:\Program Files\Cole2k Media Toolbar\v3.3.0.1\Cole2k_Media_Toolbar.dll
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - H:\Program Files\BS_Player\tbBS_1.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - H:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - H:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Cole2k Media Toolbar - {8AE33802-00D3-4F1B-B5C7-6FEE34E402CE} - H:\Program Files\Cole2k Media Toolbar\v3.3.0.1\Cole2k_Media_Toolbar.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - H:\Program Files\BS_Player\tbBS_1.dll
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
*****************************************************************************************************************************************
Stáhni si :Dr. Web CureIt
dej update , po aktualizaci dej start.
Tlacitky dole muzeš soubor léčit, smazat, přesunout nebo přejmenovat. Po dokončení vytvoří log a ten mi sem potom vlož.

willy51 · Příspěvek od **willy51** » 10 črc 2009 15:56

Uff nejak nemožem nájsť to "Služba inteligentního přenosu na pozadí". Neviem nájsť "nástroje pro správu". Aj ten log sa medzitým zmenil, keďže som musel reštartovať pc a opať spustiť HiJackThis. Tu je:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:37:23, on 10.7.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\ATKKBService.exe
H:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
H:\WINDOWS\runservice.exe
H:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\system32\PnkBstrA.exe
H:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\Explorer.EXE
H:\PROGRA~1\MEDIAK~1\MagicKey.exe
H:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
H:\Program Files\ASUS\GamerOSD\GamerOSD.exe
H:\Program Files\Winamp\winampa.exe
H:\PROGRA~1\MEDIAK~1\OSD.exe
H:\WINDOWS\system32\RUNDLL32.EXE
H:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
H:\Program Files\PC Connectivity Solution\ServiceLayer.exe
H:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
H:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
H:\Program Files\DAEMON Tools Lite\daemon.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
H:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
H:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
H:\Program Files\ICQ6.5\ICQ.exe
H:\Program Files\Opera\opera.exe
H:\Program Files\Trend Micro\vilco\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/skinit/icq/" onclick="window.open(this.href);return false;
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=H:\WINDOWS\system32\userinit.exe
O1 - Hosts: 38.113.174.32 http://www.google-analytics.com" onclick="window.open(this.href);return false;
O1 - Hosts: 38.113.170.200 ads1.msn.com
O1 - Hosts: 38.113.174.32 dehp.myspace.com
O1 - Hosts: 38.113.174.32 demr.myspace.com
O1 - Hosts: 38.113.174.32 desk.myspace.com
O1 - Hosts: 38.113.174.32 delb.myspace.com
O1 - Hosts: 38.113.174.32 delb2.myspace.com
O1 - Hosts: 38.113.174.32 debr.myspace.com
O1 - Hosts: 38.113.170.200 rad.msn.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - H:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - h:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [MagicKey] H:\PROGRA~1\MEDIAK~1\MagicKey.exe
O4 - HKLM\..\Run: [HDAudDeck] H:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [ASUSGamerOSD] H:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [WinampAgent] "H:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PCSuiteTrayApplication] H:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "H:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [egui] "H:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - HKCU\..\Run: [Google Desktop Search] "H:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [DAEMON Tools Lite] "H:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [EA Core] H:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ICQ] "H:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] H:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = H:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = H:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: &Google Search - res://H" onclick="window.open(this.href);return false;:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://H" onclick="window.open(this.href);return false;:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://H" onclick="window.open(this.href);return false;:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://H" onclick="window.open(this.href);return false;:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://H" onclick="window.open(this.href);return false;:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://H" onclick="window.open(this.href);return false;:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - H:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - H:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - H:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab" onclick="window.open(this.href);return false;
O17 - HKLM\System\CCS\Services\Tcpip\..\{41C04E3C-606D-4C4E-8D6C-3E91063BB482}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - H:\WINDOWS\ATKKBService.exe
O23 - Service: Služba inteligentního přenosu na pozadí (BITS) - Unknown owner - H:\WINDOWS\
O23 - Service: ESET HTTP Server (ehttpsrv) - ESET - H:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - H:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - H:\WINDOWS\runservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - H:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - H:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - H:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Automatické aktualizace (wuauserv) - Unknown owner - H:\WINDOWS\

--
End of file - 7793 bytes

Damned · Příspěvek od **Damned** » 10 črc 2009 16:10

Start--> pravým klikni do Nabídky, zobrazí se odkaz na Vlastnosti. Klikni na něj, zobrazí se "Vlastnosti Hlavního...." a pak postupuj podle obrázku (červená linka).

Vše potvrď a po zavření. Klikni na Start a v pravé části nabídky budeš mít "Nástroje pro správu" a rozvinovací nabídce "Služby".

willy51 · Příspěvek od **willy51** » 10 črc 2009 16:21

Už som to našiel,ale...pri spustení mi hlási: V počítačí Local Computer nelze spustit službu Služba inteligentního přenosu na pozadí. Medzi obrázkom a mojim oknom je rozdiel v "Cesta ke spustitelnému souboru". U mňa je tam: "%fystemRoot%\system32\svchost.exe -k netsvcs" a nejde to zmeniť.

Taktiež čo s tým novým logom od HJT? Už nemožem zaškrtnúť niektoré políčka, lebo tam nie sú (aktuálny je ten druhý log, čo som vkladal)

PS: Vďaka za trpezlivosť so mnou

Damned · Příspěvek od **Damned** » 10 črc 2009 16:35

Pokud si odinstaloval ty toolbary, už tam nebudou ty O4. Ty host smaže/opraví ComboFix.

Zkus si zde
http://www.edisk.cz/stahni/06710/tools.rar_3.6MB.html" onclick="window.open(this.href);return false;

Rozbal si archív do svého adresáře. Soubory jsou záměrně pojmenované jinak než původní v návodech, tak se nediv.
Zkus pak spustit.
itr - RSIT
buss - DDS
VerTerm= Combofix
spusť VerTerm, a poté sem vlož z něho log.

Návod na Combofix (VerTerm):
ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Můžeš použít také i v nouz. režimu, pokud nepůjde spustit v normálním režimu.

willy51 · Příspěvek od **willy51** » 10 črc 2009 17:15

Log z ComboFix:

ComboFix 09-07-09.08 - Vilo 10.07.2009 16:48.1.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2047.1369 [GMT 2:00]
Spuštěný z: h:\documents and settings\Vilo\Plocha\tools\tools\VerTerm.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

h:\windows\system32\drivers\c52630dd.sys
h:\windows\system32\lowsec
h:\windows\system32\lowsec\local.ds
h:\windows\system32\lowsec\user.ds

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_c52630dd

((((((((((((((((((((((((( Soubory vytvořené od 2009-06-10 do 2009-07-10 )))))))))))))))))))))))))))))))
.

2009-07-10 14:32 . 2009-07-10 14:32 -------- d-----w- H:\rsit
2009-07-10 12:33 . 2009-07-10 13:37 -------- d-----w- h:\program files\Trend Micro
2009-07-09 14:08 . 2009-07-09 14:08 -------- d-----w- h:\program files\ESET
2009-07-09 12:29 . 2009-07-09 12:29 -------- d-----w- h:\program files\GCH Guitar academy
2009-07-09 12:25 . 2009-07-09 12:25 -------- d-----w- h:\program files\GuitarFX 3
2009-07-03 14:47 . 2009-07-03 14:47 -------- d-----w- h:\program files\Microsoft WSE
2009-06-26 13:45 . 2009-06-26 13:45 -------- d-----w- h:\program files\SFERA
2009-06-26 13:45 . 2009-06-26 13:45 332989 ----a-w- h:\windows\system32\Jetix.scr
2009-06-15 16:19 . 2009-06-15 16:19 0 ----a-w- h:\windows\nsreg.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-10 14:58 . 2009-02-24 10:44 1289 --sha-w- h:\windows\system32\mmf.sys
2009-07-10 13:34 . 2009-04-19 19:39 -------- d-----w- h:\program files\Cole2k Media Toolbar
2009-07-10 13:32 . 2008-10-29 16:08 -------- d-----w- h:\program files\DAEMON Tools Toolbar
2009-07-10 12:50 . 2001-10-25 14:00 69580 ----a-w- h:\windows\system32\perfc005.dat
2009-07-10 12:50 . 2001-10-25 14:00 392568 ----a-w- h:\windows\system32\perfh005.dat
2009-07-03 14:25 . 2008-08-26 09:07 -------- d-----w- h:\program files\Electronic Arts
2009-07-03 14:24 . 2008-07-31 17:26 -------- d--h--w- h:\program files\InstallShield Installation Information
2009-06-21 12:46 . 2008-07-31 17:44 196608 ----a-w- h:\windows\system32\drivers\nStandard.bin
2009-05-27 15:40 . 2009-05-27 15:40 -------- d-----w- h:\program files\QIP
2009-05-22 13:25 . 2009-05-22 13:25 -------- d-----w- h:\program files\InTune
2009-05-02 19:51 . 2009-05-02 19:48 80007 ----a-w- h:\windows\War3Unin.dat
2009-05-02 19:51 . 2009-05-02 19:48 2829 ----a-w- h:\windows\War3Unin.pif
2009-05-02 19:51 . 2009-05-02 19:48 139264 ----a-w- h:\windows\War3Unin.exe
2009-04-21 12:02 . 2009-04-21 12:02 48 ---ha-w- h:\windows\system32\ezsidmv.dat
2009-04-14 09:13 . 2009-04-14 09:13 216064 ----a-w- h:\windows\iun3405.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Desktop Search"="h:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-07-31 120320]
"DAEMON Tools Lite"="h:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"EA Core"="h:\program files\Electronic Arts\EADM\Core.exe" [2008-07-22 2772992]
"ctfmon.exe"="h:\windows\system32\ctfmon.exe" [2004-08-17 15360]
"ICQ"="h:\program files\ICQ6.5\ICQ.exe" [2009-03-01 172792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MagicKey"="h:\progra~1\MEDIAK~1\MagicKey.exe" [2004-03-15 45056]
"HDAudDeck"="h:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-01-14 29753344]
"ASUSGamerOSD"="h:\program files\ASUS\GamerOSD\GamerOSD.exe" [2007-09-13 380928]
"WinampAgent"="h:\program files\Winamp\winampa.exe" [2008-01-15 37376]
"NvCplDaemon"="h:\windows\system32\NvCpl.dll" [2007-09-16 8491008]
"NvMediaCenter"="h:\windows\system32\NvMcTray.dll" [2007-09-16 81920]
"PCSuiteTrayApplication"="h:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]
"Adobe Photo Downloader"="h:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"egui"="h:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"nwiz"="nwiz.exe" - h:\windows\system32\nwiz.exe [2007-09-16 1626112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="h:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
"Nokia.PCSync"="h:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]

h:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - h:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
InterVideo WinCinema Manager.lnk - h:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-7-31 303104]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"h:\\Program Files\\Sierra\\FEAR\\FEAR.exe"=
"h:\\WINDOWS\\system32\\PnkBstrA.exe"=
"h:\\WINDOWS\\system32\\PnkBstrB.exe"=
"h:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"h:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"h:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"h:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"h:\\Program Files\\ICQ6.5\\ICQ.exe"=
"h:\\Program Files\\EA SPORTS\\FIFA 07\\fifa07.exe"=
"h:\\hry\\warcraft 3\\Warcraft III\\war3.exe"=
"h:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 ehdrv;ehdrv;h:\windows\system32\drivers\ehdrv.sys [6.2.2009 14:23 106208]
R1 epfwtdir;epfwtdir;h:\windows\system32\drivers\epfwtdir.sys [6.2.2009 14:24 93336]
R2 ekrn;ESET Service;h:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [6.2.2009 14:23 727720]
R2 LicCtrlService;LicCtrl Service;h:\windows\Runservice.exe [24.2.2009 12:44 2560]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;h:\windows\system32\drivers\viahduaa.sys [31.7.2008 19:36 215936]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-ASUS SmartDoctor - c:\program files\ASUS\SmartDoctor\SmartDoctor.exe

.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/" onclick="window.open(this.href);return false;%s
IE: &Google Search - h:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - h:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - h:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xportovať do programu Microsoft Excel - h:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Similar Pages - h:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - h:\program files\Google\GoogleToolbar1.dll/cmtrans.html
LSP: h:\program files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll
TCP: {41C04E3C-606D-4C4E-8D6C-3E91063BB482} = 208.67.222.222,208.67.220.220
FF - ProfilePath - h:\documents and settings\Vilo\Data aplikací\Mozilla\Firefox\Profiles\mbijfjh8.default\
FF - plugin: h:\windows\system32\C2MP\npdivx32.dll

---- NASTAVENÍ FIREFOXU ----
h:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net" onclick="window.open(this.href);return false;
Rootkit scan 2009-07-10 16:58
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = h:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222]
"1"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,c9,e0,20,43,a1,23,f2,
e3
"2"=hex:f1,df,16,de,80,08,0e,2a,78,a4,28,cb,d2,56,ff,58,a6,09,d8,fb,43,e9,d5,
e7,16,83,71,61,5d,be,d8,25
"3"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,2b,92,4b,0d,22,14,9d,
cb,e3,f8,73,90,7d,a4,36,0d,7e,db,3a,16,4c,1a,45,81,b1,a5,77,31,f5,50,d6,e8

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222\48236A7EED3B8895E98434D6DCE253AC]
"1"=hex:08,26,de,b9,bd,1e,cc,2a,55,96,fd,b8,7e,1b,23,82,71,bb,5a,5f,e0,12,25,
42,0c,3f,30,d4,d3,b8,cd,35,d5,a9,6f,e0,2c,05,4e,14
"2"=hex:58,92,5a,34,3f,c6,a5,c5
"3"=hex:a3,4d,5c,d2,fe,75,65,8b,5a,3b,ad,16,6a,47,58,cb,e7,12,90,e7,19,31,d3,
4e,6a,6c,45,01,9a,bb,9c,94,70,38,3d,f8,02,58,8f,c7,65,6c,33,6e,01,ab,24,e9,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:08,26,de,b9,bd,1e,cc,2a,55,96,fd,b8,7e,1b,23,82,71,bb,5a,5f,e0,12,25,
42,0c,3f,30,d4,d3,b8,cd,35,61,5a,c0,6c,22,7e,83,13,6e,44,91,28,69,cc,01,dd
"8"=hex:f2,80,0d,7f,fe,b9,cf,0a,62,bc,95,c6,fe,82,c9,e7,7a,39,50,43,38,08,ae,
25,34,fe,c5,b3,14,04,32,c8
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:a7,d5,9c,a7,24,6a,5a,bc
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222\B144CCE307E78EB6EE53CA2196E4D0A2]
"1"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,60,42,a5,db,24,eb,e2,
b0,36,d7,56,53,fe,9f,3d,f9
"2"=hex:8c,23,2d,03,75,bd,a0,cd
"3"=hex:89,8a,74,86,09,98,71,d4,16,e8,e2,9b,1e,d2,90,60,88,3e,e0,61,4a,a1,c5,
59,3f,e9,d9,46,57,4a,8d,d8,50,05,f4,b6,c1,b6,2d,ee,67,48,fe,54,df,a8,d1,7d,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:6b,96,68,24,0f,2f,9e,94,e8,ce,54,f3,3b,80,63,3a,1b,c3,e7,ed,44,3a,1d,
97,9f,f9,03,77,68,81,1b,0c,34,a2,88,30,12,be,09,a0
"8"=hex:be,1e,1b,5b,46,ce,bd,af,06,c0,57,de,a3,1c,52,0a,b6,95,00,63,ba,3d,d1,
21,f3,59,b1,30,47,70,f4,7c
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:07,96,b3,35,9e,5a,1a,0b
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(2636)
h:\program files\ESET\ESET NOD32 Antivirus\eplgHooks.dll
h:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
h:\windows\ATKKBService.exe
h:\windows\system32\rundll32.exe
h:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
h:\windows\system32\nvsvc32.exe
h:\windows\system32\PnkBstrA.exe
h:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
h:\program files\Google\Google Desktop Search\GoogleDesktopIndex.exe
h:\program files\PC Connectivity Solution\ServiceLayer.exe
h:\program files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
.
**************************************************************************
.
Celkový čas: 2009-07-10 17:04 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-07-10 15:04

Před spuštěním: Volných bajtů: 55 839 813 632
Po spuštění: Volných bajtů: 69 533 798 400

211

Damned · Příspěvek od **Damned** » 10 črc 2009 17:42

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

Folder::
h:\program files\Cole2k Media Toolbar
h:\program files\DAEMON Tools Toolbar

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT a popiš chování počítače

willy51 · Příspěvek od **willy51** » 11 črc 2009 11:52

Ospravedlňujem sa, že až dnes. Počítač sa chová zatiaľ normálne, mozilla naskočila, odpočítavanie minúty už nenastáva.

Log z ComboFix:

ComboFix 09-07-09.08 - Vilo 11.07.2009 11:27.2.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2047.1571 [GMT 2:00]
Spuštěný z: h:\documents and settings\Vilo\Plocha\VerTerm.exe
Použité ovládací přepínače :: h:\documents and settings\Vilo\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

h:\program files\Cole2k Media Toolbar
h:\program files\DAEMON Tools Toolbar
h:\program files\DAEMON Tools Toolbar\_DTLite.xml

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-06-11 do 2009-07-11 )))))))))))))))))))))))))))))))
.

2009-07-10 14:32 . 2009-07-10 14:32 -------- d-----w- H:\rsit
2009-07-10 12:33 . 2009-07-10 13:37 -------- d-----w- h:\program files\Trend Micro
2009-07-09 14:08 . 2009-07-09 14:08 -------- d-----w- h:\program files\ESET
2009-07-09 12:29 . 2009-07-09 12:29 -------- d-----w- h:\program files\GCH Guitar academy
2009-07-09 12:25 . 2009-07-09 12:25 -------- d-----w- h:\program files\GuitarFX 3
2009-07-03 14:47 . 2009-07-03 14:47 -------- d-----w- h:\program files\Microsoft WSE
2009-06-26 13:45 . 2009-06-26 13:45 -------- d-----w- h:\program files\SFERA
2009-06-26 13:45 . 2009-06-26 13:45 332989 ----a-w- h:\windows\system32\Jetix.scr
2009-06-15 16:19 . 2009-06-15 16:19 0 ----a-w- h:\windows\nsreg.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-11 09:24 . 2001-10-25 14:00 69580 ----a-w- h:\windows\system32\perfc005.dat
2009-07-11 09:24 . 2001-10-25 14:00 392568 ----a-w- h:\windows\system32\perfh005.dat
2009-07-11 09:20 . 2009-02-24 10:44 1289 --sha-w- h:\windows\system32\mmf.sys
2009-07-03 14:25 . 2008-08-26 09:07 -------- d-----w- h:\program files\Electronic Arts
2009-07-03 14:24 . 2008-07-31 17:26 -------- d--h--w- h:\program files\InstallShield Installation Information
2009-06-21 12:46 . 2008-07-31 17:44 196608 ----a-w- h:\windows\system32\drivers\nStandard.bin
2009-05-27 15:40 . 2009-05-27 15:40 -------- d-----w- h:\program files\QIP
2009-05-22 13:25 . 2009-05-22 13:25 -------- d-----w- h:\program files\InTune
2009-05-02 19:51 . 2009-05-02 19:48 80007 ----a-w- h:\windows\War3Unin.dat
2009-05-02 19:51 . 2009-05-02 19:48 2829 ----a-w- h:\windows\War3Unin.pif
2009-05-02 19:51 . 2009-05-02 19:48 139264 ----a-w- h:\windows\War3Unin.exe
2009-04-21 12:02 . 2009-04-21 12:02 48 ---ha-w- h:\windows\system32\ezsidmv.dat
2009-04-14 09:13 . 2009-04-14 09:13 216064 ----a-w- h:\windows\iun3405.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-07-10_15.00.31 )))))))))))))))))))))))))))))))))))))))))
.
- 2001-10-25 14:00 . 2009-07-10 12:50 59440 h:\windows\system32\perfc009.dat
+ 2001-10-25 14:00 . 2009-07-11 09:24 59440 h:\windows\system32\perfc009.dat
+ 2001-10-25 14:00 . 2009-07-11 09:24 395200 h:\windows\system32\perfh009.dat
- 2001-10-25 14:00 . 2009-07-10 12:50 395200 h:\windows\system32\perfh009.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Desktop Search"="h:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-07-31 120320]
"DAEMON Tools Lite"="h:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"EA Core"="h:\program files\Electronic Arts\EADM\Core.exe" [2008-07-22 2772992]
"ctfmon.exe"="h:\windows\system32\ctfmon.exe" [2004-08-17 15360]
"ICQ"="h:\program files\ICQ6.5\ICQ.exe" [2009-03-01 172792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MagicKey"="h:\progra~1\MEDIAK~1\MagicKey.exe" [2004-03-15 45056]
"HDAudDeck"="h:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-01-14 29753344]
"ASUSGamerOSD"="h:\program files\ASUS\GamerOSD\GamerOSD.exe" [2007-09-13 380928]
"WinampAgent"="h:\program files\Winamp\winampa.exe" [2008-01-15 37376]
"NvCplDaemon"="h:\windows\system32\NvCpl.dll" [2007-09-16 8491008]
"NvMediaCenter"="h:\windows\system32\NvMcTray.dll" [2007-09-16 81920]
"PCSuiteTrayApplication"="h:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]
"Adobe Photo Downloader"="h:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"egui"="h:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"nwiz"="nwiz.exe" - h:\windows\system32\nwiz.exe [2007-09-16 1626112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="h:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
"Nokia.PCSync"="h:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]

h:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - h:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
InterVideo WinCinema Manager.lnk - h:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-7-31 303104]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"h:\\Program Files\\Sierra\\FEAR\\FEAR.exe"=
"h:\\WINDOWS\\system32\\PnkBstrA.exe"=
"h:\\WINDOWS\\system32\\PnkBstrB.exe"=
"h:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"h:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"h:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"h:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"h:\\Program Files\\ICQ6.5\\ICQ.exe"=
"h:\\Program Files\\EA SPORTS\\FIFA 07\\fifa07.exe"=
"h:\\hry\\warcraft 3\\Warcraft III\\war3.exe"=
"h:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 ehdrv;ehdrv;h:\windows\system32\drivers\ehdrv.sys [6.2.2009 14:23 106208]
R1 epfwtdir;epfwtdir;h:\windows\system32\drivers\epfwtdir.sys [6.2.2009 14:24 93336]
R2 ekrn;ESET Service;h:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [6.2.2009 14:23 727720]
R2 LicCtrlService;LicCtrl Service;h:\windows\Runservice.exe [24.2.2009 12:44 2560]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;h:\windows\system32\drivers\viahduaa.sys [31.7.2008 19:36 215936]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/" onclick="window.open(this.href);return false;%s
IE: &Google Search - h:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - h:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - h:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xportovať do programu Microsoft Excel - h:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Similar Pages - h:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - h:\program files\Google\GoogleToolbar1.dll/cmtrans.html
LSP: h:\program files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll
TCP: {41C04E3C-606D-4C4E-8D6C-3E91063BB482} = 208.67.222.222,208.67.220.220
FF - ProfilePath - h:\documents and settings\Vilo\Data aplikací\Mozilla\Firefox\Profiles\mbijfjh8.default\
FF - plugin: h:\windows\system32\C2MP\npdivx32.dll

---- NASTAVENÍ FIREFOXU ----
h:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net" onclick="window.open(this.href);return false;
Rootkit scan 2009-07-11 11:35
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = h:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222]
"1"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,c9,e0,20,43,a1,23,f2,
e3
"2"=hex:f1,df,16,de,80,08,0e,2a,78,a4,28,cb,d2,56,ff,58,a6,09,d8,fb,43,e9,d5,
e7,16,83,71,61,5d,be,d8,25
"3"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,2b,92,4b,0d,22,14,9d,
cb,e3,f8,73,90,7d,a4,36,0d,7e,db,3a,16,4c,1a,45,81,b1,a5,77,31,f5,50,d6,e8

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222\48236A7EED3B8895E98434D6DCE253AC]
"1"=hex:08,26,de,b9,bd,1e,cc,2a,55,96,fd,b8,7e,1b,23,82,71,bb,5a,5f,e0,12,25,
42,0c,3f,30,d4,d3,b8,cd,35,d5,a9,6f,e0,2c,05,4e,14
"2"=hex:58,92,5a,34,3f,c6,a5,c5
"3"=hex:a3,4d,5c,d2,fe,75,65,8b,5a,3b,ad,16,6a,47,58,cb,e7,12,90,e7,19,31,d3,
4e,6a,6c,45,01,9a,bb,9c,94,70,38,3d,f8,02,58,8f,c7,65,6c,33,6e,01,ab,24,e9,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:08,26,de,b9,bd,1e,cc,2a,55,96,fd,b8,7e,1b,23,82,71,bb,5a,5f,e0,12,25,
42,0c,3f,30,d4,d3,b8,cd,35,61,5a,c0,6c,22,7e,83,13,6e,44,91,28,69,cc,01,dd
"8"=hex:f2,80,0d,7f,fe,b9,cf,0a,62,bc,95,c6,fe,82,c9,e7,7a,39,50,43,38,08,ae,
25,34,fe,c5,b3,14,04,32,c8
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:a7,d5,9c,a7,24,6a,5a,bc
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222\B144CCE307E78EB6EE53CA2196E4D0A2]
"1"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,60,42,a5,db,24,eb,e2,
b0,36,d7,56,53,fe,9f,3d,f9
"2"=hex:8c,23,2d,03,75,bd,a0,cd
"3"=hex:89,8a,74,86,09,98,71,d4,16,e8,e2,9b,1e,d2,90,60,88,3e,e0,61,4a,a1,c5,
59,3f,e9,d9,46,57,4a,8d,d8,50,05,f4,b6,c1,b6,2d,ee,67,48,fe,54,df,a8,d1,7d,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:6b,96,68,24,0f,2f,9e,94,e8,ce,54,f3,3b,80,63,3a,1b,c3,e7,ed,44,3a,1d,
97,9f,f9,03,77,68,81,1b,0c,34,a2,88,30,12,be,09,a0
"8"=hex:be,1e,1b,5b,46,ce,bd,af,06,c0,57,de,a3,1c,52,0a,b6,95,00,63,ba,3d,d1,
21,f3,59,b1,30,47,70,f4,7c
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:07,96,b3,35,9e,5a,1a,0b
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
Celkový čas: 2009-07-11 11:37
ComboFix-quarantined-files.txt 2009-07-11 09:37
ComboFix2.txt 2009-07-10 15:04

Před spuštěním: Volných bajtů: 69 526 904 832
Po spuštění: Volných bajtů: 69 486 358 528

194

Log z HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:38:12, on 11.7.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\ATKKBService.exe
H:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
H:\WINDOWS\runservice.exe
H:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\system32\PnkBstrA.exe
H:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
H:\Program Files\ASUS\GamerOSD\GamerOSD.exe
H:\Program Files\Winamp\winampa.exe
H:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
H:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
H:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
H:\Program Files\DAEMON Tools Lite\daemon.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\ICQ6.5\ICQ.exe
H:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
H:\Program Files\PC Connectivity Solution\ServiceLayer.exe
H:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
H:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
H:\WINDOWS\system32\notepad.exe
H:\WINDOWS\explorer.exe
H:\Program Files\Trend Micro\vilco\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157" onclick="window.open(this.href);return false;
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896" onclick="window.open(this.href);return false;
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896" onclick="window.open(this.href);return false;
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - H:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - h:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [MagicKey] H:\PROGRA~1\MEDIAK~1\MagicKey.exe
O4 - HKLM\..\Run: [HDAudDeck] H:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [ASUSGamerOSD] H:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [WinampAgent] "H:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PCSuiteTrayApplication] H:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "H:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [egui] "H:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Google Desktop Search] "H:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [DAEMON Tools Lite] "H:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [EA Core] H:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ICQ] "H:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] H:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = H:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = H:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: &Google Search - res://H" onclick="window.open(this.href);return false;:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://H" onclick="window.open(this.href);return false;:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://H" onclick="window.open(this.href);return false;:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://H" onclick="window.open(this.href);return false;:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://H" onclick="window.open(this.href);return false;:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://H" onclick="window.open(this.href);return false;:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - H:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - H:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - H:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab" onclick="window.open(this.href);return false;
O17 - HKLM\System\CCS\Services\Tcpip\..\{41C04E3C-606D-4C4E-8D6C-3E91063BB482}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - H:\WINDOWS\ATKKBService.exe
O23 - Service: ESET HTTP Server (ehttpsrv) - ESET - H:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - H:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - H:\WINDOWS\runservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - H:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - H:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - H:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 7163 bytes

Damned · Příspěvek od **Damned** » 11 črc 2009 12:33

Vir ani jiný hovádko tam již nevidím.

Odinstaluj ComboFix.
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš->spustíš

(pozn.Pokud máš AVG, před stažením T-Cleaneru a po dobu čištění deaktivuj AVG, následně T-Cleaner smaž
a zapni si AVG.)

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache,
cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer,
Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Označ topic za vyřešený (zelená fajfka) a měj se.

PC-HELP.CZ

CNEWS

trojan vir

trojan vir

Re: trojan vir

Re: trojan vir

Re: trojan vir

Re: trojan vir

Re: trojan vir

Re: trojan vir

Re: trojan vir

Re: trojan vir

Re: trojan vir

Re: trojan vir

Re: trojan vir