[ Príspevkov: 52 ] 1, 2
AutorSpráva
Offline

Užívateľ
Užívateľ
asi virus

Registrovaný: 07.08.07
Prihlásený: 12.03.17
Príspevky: 1010
Témy: 90 | 90
NapísalOffline : 28.10.2007 17:35 | asi virus

mam asi nejaky virus, nejde mi otvorit spravca uloh a na plochu mi to furt hadze nejake ikony antivirakov a vyhadzuje IE s nejakou strankou o zabezpeceni a tak
tu je log z hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 17:32:44, on 28. 10. 2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\pocitac\Plocha\net\llle\LLE.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Documents and Settings\pocitac\Plocha\net\llle\LLE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\OETRN.EXE
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\pocitac\Plocha\net\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MSVPS System - {077F45D5-5CC9-4FC8-A7BB-9D79836A6066} - C:\WINDOWS\movctrlnkd.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: The nssfrch - {AC9BBDB2-8FCD-49C8-96F7-CC3CF7B453CD} - C:\WINDOWS\nssfrch.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LPT LED Effect] C:\Documents and Settings\pocitac\Plocha\net\llle\LLE.exe hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [Virtual DAEMON Manager] C:\Program Files\DAEMON Tools\daemon.exe
O4 - HKCU\..\Run: [LLE] C:\Documents and Settings\pocitac\Plocha\net\llle\LLE.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OEXPRESS] C:\WINDOWS\OETRN.EXE
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Načítať použitie &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 6556494139
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6556482499
O17 - HKLM\System\CCS\Services\Tcpip\..\{568E68B0-140A-415F-8311-029FA6E8EB5E}: NameServer = 10.0.0.2,10.2.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{D0678DFA-E1C0-42FF-980B-FACCED82145A}: NameServer = 10.0.0.2,10.2.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{568E68B0-140A-415F-8311-029FA6E8EB5E}: NameServer = 10.0.0.2,10.2.1.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: rasplmrt - C:\WINDOWS\system32\rasplmrt.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: bxsbang - {CF4F96FA-7050-44D3-BCBA-5EC491619DA1} - C:\WINDOWS\bxsbang.dll
O21 - SSODL: ocgrep - {09E203DC-3C0D-4D9F-AF9E-20C83E565BA6} - C:\WINDOWS\ocgrep.dll
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 28.01.07
Prihlásený: 02.12.07
Príspevky: 1706
Témy: 25 | 25
NapísalOffline : 28.10.2007 19:17 | asi virus

Fixni:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
O2 - BHO: MSVPS System - {077F45D5-5CC9-4FC8-A7BB-9D79836A6066} - C:\WINDOWS\movctrlnkd.dll
O3 - Toolbar: The nssfrch - {AC9BBDB2-8FCD-49C8-96F7-CC3CF7B453CD} - C:\WINDOWS\nssfrch.dll
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O20 - Winlogon Notify: rasplmrt - C:\WINDOWS\system32\rasplmrt.dll (file missing)
O21 - SSODL: bxsbang - {CF4F96FA-7050-44D3-BCBA-5EC491619DA1} - C:\WINDOWS\bxsbang.dll
O21 - SSODL: ocgrep - {09E203DC-3C0D-4D9F-AF9E-20C83E565BA6} - C:\WINDOWS\ocgrep.dll


Stiahnite Avenger -–>
http://swandog46.geekstogo.com/avenger.exe

Spustiť – „Input script manually“ – Lupa – Skopírovať kód – „Done“ – Semafor – Potvrdiť – Nasleduje reštart PC – Vložte nový log
Kód:
Files to delete:
C:\WINDOWS\ocgrep.dll
C:\WINDOWS\bxsbang.dll
C:\WINDOWS\movctrlnkd.dll
C:\WINDOWS\nssfrch.dll



Potom mi prosím pošli zbalený adresár Avenger, ktorý bude na disku C podľa návodu =>

http://www.pcforum.sk/ako-mi-zasielat-s ... 23559.html

Dík


Offline

Užívateľ
Užívateľ
asi virus

Registrovaný: 07.08.07
Prihlásený: 12.03.17
Príspevky: 1010
Témy: 90 | 90
Napísal autor témyOffline : 28.10.2007 20:27 | asi virus

tu je novy log, ked som robil to co si napisal tak sa mi zmenilo pozadie na take cervene a ked som klikol hocikam na polochu tak ma to hodilu zas na tu stranku, ked som spravil to co si napisal a restartoval tak to vobec nepomohlo, ma to dost sere

Logfile of HijackThis v1.99.1
Scan saved at 20:25:57, on 28. 10. 2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\pocitac\Plocha\net\llle\LLE.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Documents and Settings\pocitac\Plocha\net\llle\LLE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\OETRN.EXE
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\pocitac\Plocha\net\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MSVPS System - {077F45D5-5CC9-4FC8-A7BB-9D79836A6066} - C:\WINDOWS\movctrlnkd.dll (file missing)
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: The nssfrch - {AC9BBDB2-8FCD-49C8-96F7-CC3CF7B453CD} - C:\WINDOWS\nssfrch.dll (file missing)
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LPT LED Effect] C:\Documents and Settings\pocitac\Plocha\net\llle\LLE.exe hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [Virtual DAEMON Manager] C:\Program Files\DAEMON Tools\daemon.exe
O4 - HKCU\..\Run: [LLE] C:\Documents and Settings\pocitac\Plocha\net\llle\LLE.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OEXPRESS] C:\WINDOWS\OETRN.EXE
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Načítať použitie &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 6556494139
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6556482499
O17 - HKLM\System\CCS\Services\Tcpip\..\{568E68B0-140A-415F-8311-029FA6E8EB5E}: NameServer = 10.0.0.2,10.2.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{D0678DFA-E1C0-42FF-980B-FACCED82145A}: NameServer = 10.0.0.2,10.2.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{568E68B0-140A-415F-8311-029FA6E8EB5E}: NameServer = 10.0.0.2,10.2.1.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: ocgrep - {902EFDD0-4A28-4B80-AC54-33BE4B36327D} - C:\WINDOWS\ocgrep.dll (file missing)
O21 - SSODL: bxsbang - {AD1534F6-0000-4EE3-90CB-41BBD540B104} - C:\WINDOWS\bxsbang.dll (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 28.03.07
Prihlásený: 31.10.07
Príspevky: 40
Témy: 2 | 2
NapísalOffline : 28.10.2007 20:38 | asi virus

http://www.trendsecure.com/portal/en-US ... hijackthis

Urobte novy log s HijackThis 2 . Moze ist o nakazu Vundo .


Offline

Užívateľ
Užívateľ
asi virus

Registrovaný: 07.08.07
Prihlásený: 12.03.17
Príspevky: 1010
Témy: 90 | 90
Napísal autor témyOffline : 28.10.2007 20:46 | asi virus

tu je log z hjt2
dufam ze to pomoze
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:47:01, on 28. 10. 2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\pocitac\Plocha\net\llle\LLE.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Documents and Settings\pocitac\Plocha\net\llle\LLE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\OETRN.EXE
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LPT LED Effect] C:\Documents and Settings\pocitac\Plocha\net\llle\LLE.exe hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [wtxgiwpw] C:\tvmpakws.bat
O4 - HKCU\..\Run: [Virtual DAEMON Manager] C:\Program Files\DAEMON Tools\daemon.exe
O4 - HKCU\..\Run: [LLE] C:\Documents and Settings\pocitac\Plocha\net\llle\LLE.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OEXPRESS] C:\WINDOWS\OETRN.EXE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Načítať použitie &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 6556494139
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6556482499
O17 - HKLM\System\CCS\Services\Tcpip\..\{568E68B0-140A-415F-8311-029FA6E8EB5E}: NameServer = 10.0.0.2,10.2.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{D0678DFA-E1C0-42FF-980B-FACCED82145A}: NameServer = 10.0.0.2,10.2.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{568E68B0-140A-415F-8311-029FA6E8EB5E}: NameServer = 10.0.0.2,10.2.1.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: bxsbang - {AD1534F6-0000-4EE3-90CB-41BBD540B104} - C:\WINDOWS\bxsbang.dll (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 8400 bytes


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 28.03.07
Prihlásený: 31.10.07
Príspevky: 40
Témy: 2 | 2
NapísalOffline : 28.10.2007 20:54 | asi virus

No , tak vundo tam nieje , kolega to pravdepodobne vyriesil .:

Toto fix :
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O21 - SSODL: bxsbang - {AD1534F6-0000-4EE3-90CB-41BBD540B104} - C:\WINDOWS\bxsbang.dll (file missing)
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

Vloz sem log z ComboFix

:arrow: ::: Stáhněte si ComboFix :::

Během skenování se neděste, Váš počítač bude restartován
Po restartu aplikace vytvoří log, uložený v C(nebo jiny systemovy disk):/Combofix.txt, jeho obsah vložte sem.


// Rbot: Odkedy som ti ja kolega?


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 28.01.07
Prihlásený: 02.12.07
Príspevky: 1706
Témy: 25 | 25
NapísalOffline : 28.10.2007 21:27 | asi virus

Chvíľu tu nie som a už tu je totálny chaos, kopírovanie z iných stránok...


Fixni:

O4 - HKLM\..\Run: [wtxgiwpw] C:\tvmpakws.bat
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O21 - SSODL: bxsbang - {AD1534F6-0000-4EE3-90CB-41BBD540B104} - C:\WINDOWS\bxsbang.dll (file missing)
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm


Do Avengeru:
Kód:
Files to delete:
C:\tvmpakws.bat


Takisto si prosím poslať. Dík


Offline

Užívateľ
Užívateľ
asi virus

Registrovaný: 07.08.07
Prihlásený: 12.03.17
Príspevky: 1010
Témy: 90 | 90
Napísal autor témyOffline : 28.10.2007 21:32 | asi virus

takze uz to vyzera ze uz je to ok, dik vam za pomoc ale stala sa mi takato vec, na ikonach na ploche co su knim popisky s nazvom zrazu nemam priehladne
asi virus
predtym som to mal priehladne a teraz je to modre, neviete co stym ???

tu je este ten log z combofixu

ComboFix 07-10-28.2 - pocitac 2007-10-28 21:14:46.1 - NTFSx86
Running from: C:\Documents and Settings\pocitac\Plocha\net\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\pocitac\Data aplikací\macromedia\Flash Player\#SharedObjects\G2PJR5NE\www.broadcaster.com
C:\Documents and Settings\pocitac\Data aplikací\macromedia\Flash Player\#SharedObjects\G2PJR5NE\www.broadcaster.com\played_list.sol
C:\Documents and Settings\pocitac\Data aplikací\macromedia\Flash Player\#SharedObjects\G2PJR5NE\www.broadcaster.com\video_queue.sol
C:\Documents and Settings\pocitac\Data aplikací\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\pocitac\Data aplikací\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\pocitac\Oblíbené položky\Error Cleaner.url
C:\Documents and Settings\pocitac\Oblíbené položky\Privacy Protector.url
C:\Documents and Settings\pocitac\Oblíbené položky\Spyware&Malware Protection.url
C:\Program Files\Sothink Glanda\Templates\Album\Calendar\_desktop.ini
C:\Program Files\Sothink Glanda\Templates\Album\cube\_desktop.ini
C:\Program Files\Sothink Glanda\Templates\Album\frame\_desktop.ini
C:\Program Files\Sothink Glanda\Templates\Album\Fresh\_desktop.ini
C:\Program Files\Sothink Glanda\Templates\Album\MAC_style\_desktop.ini
C:\Program Files\Sothink Glanda\Templates\Album\Mail\_desktop.ini
C:\Program Files\Sothink Glanda\Templates\Album\number\_desktop.ini
C:\Program Files\Sothink Glanda\Templates\Album\player\_desktop.ini
C:\Program Files\Sothink Glanda\Templates\Album\snow\_desktop.ini
C:\Program Files\Sothink Glanda\Templates\Album\xmasstar\_desktop.ini
C:\Program Files\VideoAccessCodec
C:\Program Files\VideoAccessCodec\install.ico
C:\Program Files\VideoAccessCodec\Uninstall.exe
C:\Program Files\VideoAccessCodec\VideoAccessCodec.ocx
C:\WINDOWS\dat.txt
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\rs.txt
C:\WINDOWS\system32\nvrssk.dll
C:\WINDOWS\system32\nvrssl.dll
C:\WINDOWS\system32\sysdm.exe

.
((((((((((((((((((((((((( Files Created from 2007-09-28 to 2007-10-28 )))))))))))))))))))))))))))))))
.

2007-10-28 21:09 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-28 21:05 60,416 --a------ C:\WINDOWS\system32\drivers\jhnpbgjk.sys
2007-10-28 21:05 1,080 --a------ C:\muklxall.bat
2007-10-28 20:46 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-28 20:30 60,416 --a------ C:\WINDOWS\system32\drivers\rwmlkjkp.sys
2007-10-28 20:30 1,080 --a------ C:\tvmpakws.bat
2007-10-28 20:24 283 --a------ C:\rem.reg
2007-10-28 20:21 60,416 --a------ C:\WINDOWS\system32\drivers\ljpyhfxe.sys
2007-10-28 20:21 1,080 --a------ C:\rsalmrdb.bat
2007-10-28 12:09 <DIR> d-------- C:\Program Files\Kyodai Mahjongg
2007-10-28 12:07 <DIR> d-------- C:\Program Files\Real
2007-10-28 12:05 106,496 --a------ C:\WINDOWS\kthemup.exe
2007-10-28 12:01 <DIR> d-------- C:\Program Files\ReflexiveArcade
2007-10-19 13:19 <DIR> d-------- C:\naevius_temp_folder
2007-10-14 13:35 297,984 --a------ C:\WINDOWS\unin0405.exe
2007-10-14 13:34 <DIR> d-------- C:\LXKZ600
2007-10-12 13:51 52,352 --a------ C:\WINDOWS\system32\drivers\i8042prt.sys
2007-10-12 13:51 52,352 --a--c--- C:\WINDOWS\system32\dllcache\i8042prt.sys
2007-10-11 15:47 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2007-10-11 15:46 <DIR> d-------- C:\Program Files\Spyware Terminator
2007-10-03 16:57 <DIR> d-------- C:\Program Files\Elaborate Bytes
2007-09-30 22:30 <DIR> dr-h----- C:\Documents and Settings\pocitac\Data aplikací\SecuROM
2007-09-30 22:30 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-09-30 22:26 22,328 --a------ C:\Documents and Settings\pocitac\Data aplikací\PnkBstrK.sys
2007-09-28 14:18 <DIR> d-------- C:\Documents and Settings\pocitac\Data aplikací\Nero
2007-09-28 14:11 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Nero

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-26 15:22 --------- d-----w C:\Program Files\totalcmd
2013-06-25 19:02 --------- d-----w C:\Program Files\Ubisoft
2013-06-24 17:36 --------- d-----w C:\Documents and Settings\pocitac\Data aplikací\Blueberry
2013-06-23 18:04 2,944 ----a-w C:\WINDOWS\system32\drivers\bbcap.sys
2013-06-23 18:04 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Blueberry
2013-06-23 18:03 --------- d-----w C:\Program Files\Common Files\Blueberry Software
2013-06-23 18:03 --------- d-----w C:\Program Files\Blueberry Software
2013-06-23 18:03 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\{06CB4BE7-FE57-4F52-B26F-0DD54A008B74}
2013-06-23 17:50 --------- d-----w C:\Program Files\3ivx
2013-06-22 17:46 --------- d-----w C:\Program Files\Uniblue
2013-06-22 17:46 --------- d-----w C:\Documents and Settings\pocitac\Data aplikací\Uniblue
2013-06-22 16:49 --------- d-----w C:\Program Files\ashampoo
2013-06-17 18:30 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2013-06-17 12:25 --------- d-----w C:\Program Files\PDFCreator
2013-06-15 12:00 --------- d-----w C:\Program Files\AgemSoft
2013-06-15 11:50 --------- d-----w C:\Documents and Settings\pocitac\Data aplikací\LANGMaster
2013-06-11 16:27 --------- d-----w C:\Program Files\Common Files\Macromedia
2013-06-11 16:24 --------- d-----w C:\Program Files\Macromedia
2013-06-10 09:38 --------- d-----w C:\Program Files\MSN Games
2013-06-10 09:37 --------- d-----w C:\Program Files\Luxor_at
2013-06-10 09:11 --------- d-----w C:\Program Files\bfgclient
2013-06-10 09:11 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\BigFishGamesCache
2013-06-08 15:59 --------- d-----w C:\Documents and Settings\pocitac\Data aplikací\Hamachi
2013-06-08 15:36 17,480 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2013-06-08 15:36 --------- d-----w C:\Program Files\Hamachi
2013-06-01 16:17 --------- d-----w C:\Program Files\Rockstar Games
2013-06-01 15:12 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\TuneUp Software
2013-05-29 19:12 --------- d-----w C:\Documents and Settings\pocitac\Data aplikací\AdobeUM
2013-05-29 17:12 --------- d-----w C:\Program Files\MachrSoft
2013-05-25 14:26 --------- d-----w C:\Program Files\Game_Maker6
2013-05-24 18:56 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\FLEXnet
2013-05-24 18:49 --------- d-----w C:\Program Files\Common Files\Adobe
2013-05-24 18:33 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2013-05-23 13:59 --------- d-----w C:\Program Files\Common Files\AVSMedia
2013-05-23 13:55 --------- d-----w C:\Program Files\AVSMedia
2013-05-20 16:35 --------- d-----w C:\Documents and Settings\pocitac\Data aplikací\Lavasoft
2013-05-20 15:21 --------- d-----w C:\Program Files\Lavasoft
2013-05-20 15:21 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2013-05-18 15:02 --------- d-----w C:\Program Files\Common Files\Stardock
2013-05-18 14:59 --------- d-----w C:\Program Files\Stardock
2013-05-18 14:53 502,208 ----a-w C:\WINDOWS\system32\drivers\amon.sys
2007-10-28 12:22 --------- d-----w C:\Documents and Settings\pocitac\Data aplikací\U3
2007-10-28 12:13 --------- d-----w C:\Documents and Settings\pocitac\Data aplikací\Skype
2007-10-28 11:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-19 15:51 --------- d-----w C:\Program Files\Common Files\Ahead
2007-10-19 15:03 --------- d-----w C:\Program Files\Nero
2007-10-11 15:18 --------- d-----w C:\Program Files\DAEMON Tools
2007-10-08 19:45 --------- d-----w C:\Documents and Settings\pocitac\Data aplikací\BSplayer PRO
2007-09-30 21:26 674,600 ----a-w C:\WINDOWS\system32\pbsvc.exe
2007-09-30 21:26 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-09-30 21:26 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-09-30 21:26 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-09-27 14:42 --------- d-----w C:\Program Files\SystemRequirementsLab
2007-09-22 14:04 --------- d-----w C:\Program Files\YouTube Downloader
2007-09-22 14:04 --------- d-----w C:\Documents and Settings\pocitac\Data aplikací\uTorrent
2007-09-22 13:39 --------- d-----w C:\Documents and Settings\pocitac\Data aplikací\for move dart
2007-09-16 15:58 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\view name beep for
2007-09-13 20:10 --------- d-----w C:\Program Files\for move dart
2007-09-10 12:09 --------- d-----w C:\Program Files\MOBILedit!
2007-09-06 14:36 --------- d-----w C:\Documents and Settings\pocitac\Data aplikací\Hemera
2007-09-06 13:09 --------- d-----w C:\Documents and Settings\pocitac\Data aplikací\Ulead Systems
2007-09-06 13:06 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2007-09-06 13:04 --------- d-----w C:\Program Files\Ulead Systems
2007-09-06 13:04 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-09-06 13:03 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Ulead Systems
2007-09-06 13:00 --------- d-----w C:\Program Files\Hemera
2007-09-06 12:58 --------- d-----w C:\Program Files\Windows Media Components
2007-09-05 23:22 289,144 ----a-w C:\WINDOWS\system32\VCCLSID.exe
2007-09-05 19:58 --------- d-----w C:\Program Files\Valve
2007-08-04 20:04 3,202,885 ---h--w C:\WINDOWS\youtube_converter.exe
2007-07-01 11:58:29 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007070120070702\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2006-03-03 21:41]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-17 14:49 C:\WINDOWS\system32\bthprops.cpl]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 21:43]
"nwiz"="nwiz.exe" [2006-08-11 21:43 C:\WINDOWS\system32\nwiz.exe]
"LPT LED Effect"="C:\Documents and Settings\pocitac\Plocha\net\llle\LLE.exe" [2005-10-02 00:05]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Virtual DAEMON Manager"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 15:57]
"LLE"="C:\Documents and Settings\pocitac\Plocha\net\llle\LLE.EXE" [2005-10-02 00:05]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 14:49]
"OEXPRESS"="C:\WINDOWS\OETRN.EXE" [2013-06-07 19:32]

C:\Documents and Settings\pocitac\Nabídka Start\Programy\Po spuštění\
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2013-05-18 16:02:58]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ball byte]
C:\DOCUME~1\pocitac\DATAAP~1\FORMOV~1\OnlineProxyPhone.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
"C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe

R0 sojubus;sojubus;C:\WINDOWS\system32\DRIVERS\sojubus.sys
R0 sojuscsi;sojuscsi;C:\WINDOWS\system32\DRIVERS\sojuscsi.sys
R1 hwinterface;hwinterface;C:\WINDOWS\system32\Drivers\hwinterface.sys
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
S1 bbcap;bbcap;C:\WINDOWS\system32\DRIVERS\bbcap.sys
S3 Nvrcsew;Nvrcsew;C:\WINDOWS\system32\drivers\btcusb.sys

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{606db9da-ece5-11db-80d5-00301b24a83b}]
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Open(0)\command - Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6830b2ef-263c-11dc-818b-0011f6064dc7}]
AutoRun\command - M:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2007-10-26 16:16:59 C:\WINDOWS\Tasks\1-Click Maintenance.job"
"2013-06-22 17:09:48 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2013-06-22 17:09:47 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2013-06-22 17:54:10 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1239 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-28 21:22:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-28 21:23:45 - machine was rebooted
.
--- E O F ---


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 28.01.07
Prihlásený: 02.12.07
Príspevky: 1706
Témy: 25 | 25
NapísalOffline : 28.10.2007 21:49 | asi virus

Otvor Poznámkový blok a vlož do neho toto:
Kód:
Collect::
C:\muklxall.bat
C:\tvmpakws.bat
C:\rem.reg
C:\rsalmrdb.bat


Potom sprav toto:

asi virus

Na ploche sa vytvorí archív ZIP. Ten zabaľ podľa návodu a odošli.

http://www.pcforum.sk/ako-mi-zasielat-s ... 23559.html

Dík


Tieto súbory otestuj na www.virustotal.com a vlož sem výsledky:

C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007070120070702\index.dat
C:\WINDOWS\system32\drivers\rwmlkjkp.sys
C:\DOCUME~1\pocitac\DATAAP~1\FORMOV~1\OnlineProxyPhone.exe
C:\WINDOWS\system32\drivers\ljpyhfxe.sys
C:\WINDOWS\kthemup.exe
C:\WINDOWS\system32\VCCLSID.exe
C:\WINDOWS\system32\drivers\jhnpbgjk.sys
C:\WINDOWS\youtube_converter.exe


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 28.01.07
Prihlásený: 02.12.07
Príspevky: 1706
Témy: 25 | 25
NapísalOffline : 28.10.2007 23:12 | asi virus

molotow píše:
na ikonach na ploche co su knim popisky s nazvom zrazu nemam priehladne

predtym som to mal priehladne a teraz je to modre, neviete co stym ???

Tento počítač - Vlastnosti => Upresniť => Výkon - nastavenie => Použiť odtieň ikôn na ploche


+ Zabaľ a pošli podľa návodu adresár Qoobox, ktorý je na disku C =>

http://www.pcforum.sk/ako-mi-zasielat-s ... 23559.html

Díki ;)


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 28.01.07
Prihlásený: 02.12.07
Príspevky: 1706
Témy: 25 | 25
NapísalOffline : 29.10.2007 15:44 | asi virus

BUBU1 => nepleť sa do začatého riešenia problémov (radšej do žiadnych) :cop: :waggle:


Offline

Užívateľ
Užívateľ
asi virus

Registrovaný: 07.08.07
Prihlásený: 12.03.17
Príspevky: 1010
Témy: 90 | 90
Napísal autor témyOffline : 29.10.2007 15:51 | asi virus

tie veci ti poslem az vecer lebo teraz nemam cas
dik za pomoc


Offline

Užívateľ
Užívateľ
asi virus

Registrovaný: 07.08.07
Prihlásený: 12.03.17
Príspevky: 1010
Témy: 90 | 90
Napísal autor témyOffline : 31.10.2007 10:59 | asi virus

Rbot píše:
Otvor Poznámkový blok a vlož do neho toto:
Kód:
Collect::
C:\muklxall.bat
C:\tvmpakws.bat
C:\rem.reg
C:\rsalmrdb.bat


Potom sprav toto:

asi virus

Na ploche sa vytvorí archív ZIP. Ten zabaľ podľa návodu a odošli.

http://www.pcforum.sk/ako-mi-zasielat-s ... 23559.html

Dík


Tieto súbory otestuj na www.virustotal.com a vlož sem výsledky:

C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007070120070702\index.dat
C:\WINDOWS\system32\drivers\rwmlkjkp.sys
C:\DOCUME~1\pocitac\DATAAP~1\FORMOV~1\OnlineProxyPhone.exe
C:\WINDOWS\system32\drivers\ljpyhfxe.sys
C:\WINDOWS\kthemup.exe
C:\WINDOWS\system32\VCCLSID.exe
C:\WINDOWS\system32\drivers\jhnpbgjk.sys
C:\WINDOWS\youtube_converter.exe



som chcel spravit tu vec s tym avengerom ale nejak to neslo tak ti poslem aspon tie vysledky z virustotal


Offline

Užívateľ
Užívateľ
asi virus

Registrovaný: 07.08.07
Prihlásený: 12.03.17
Príspevky: 1010
Témy: 90 | 90
Napísal autor témyOffline : 31.10.2007 11:52 | asi virus

Soubor index.dat přijatý 2007.10.31 10:59:14 (CET)
Současný stav: Dokončeno
Výsledek: 0/31 (0%)

Soubor rwmlkjkp.sys přijatý 2007.10.31 10:59:38 (CET)
Současný stav: Dokončeno
Výsledek: 0/32 (0%)

Soubor ljpyhfxe.sys přijatý 2007.10.31 11:03:44 (CET)
Současný stav: Dokončeno
Výsledek: 0/32 (0%)

Soubor VCCLSID.exe přijatý 2007.10.31 11:18:55 (CET)
Současný stav: Dokončeno
Výsledek: 2/32 (6.25%)

Soubor jhnpbgjk.sys přijatý 2007.10.31 11:19:24 (CET)
Současný stav: Dokončeno
Výsledek: 0/32 (0%)

Soubor youtube_converter.exe přijatý 2007.10.31 11:19:29 (CET)
Současný stav: Dokončeno
Výsledek: 1/30 (3.34%)


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 28.01.07
Prihlásený: 02.12.07
Príspevky: 1706
Témy: 25 | 25
NapísalOffline : 31.10.2007 12:38 | asi virus

Otvor Poznámkový blok a vlož do neho toto:

Kód:
Collect::
C:\muklxall.bat
C:\tvmpakws.bat
C:\rem.reg
C:\rsalmrdb.bat
C:\WINDOWS\system32\VCCLSID.exe
C:\WINDOWS\youtube_converter.exe



Ulož to ako CFScript.txt a sprav toto:

asi virus

Na ploche sa vytvorí archív ZIP. Ten zabaľ podľa návodu a odošli.

http://www.pcforum.sk/ako-mi-zasielat-s ... 23559.html

Dík

//: Sprav to na ploche


Offline

Užívateľ
Užívateľ
asi virus

Registrovaný: 07.08.07
Prihlásený: 12.03.17
Príspevky: 1010
Témy: 90 | 90
Napísal autor témyOffline : 31.10.2007 19:16 | asi virus

vzdy ked to spravim tak sa mi ten combofix otvori


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 28.01.07
Prihlásený: 02.12.07
Príspevky: 1706
Témy: 25 | 25
NapísalOffline : 31.10.2007 19:21 | asi virus

Vlož z neho log. :)


Offline

Užívateľ
Užívateľ
asi virus

Registrovaný: 07.08.07
Prihlásený: 12.03.17
Príspevky: 1010
Témy: 90 | 90
Napísal autor témyOffline : 01.11.2007 11:35 | asi virus

a kde ten log najdem ???


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 28.01.07
Prihlásený: 02.12.07
Príspevky: 1706
Témy: 25 | 25
NapísalOffline : 01.11.2007 19:55 | asi virus

C:\ComboFix.txt


+ Zabaľ adresár qoobox, ktorý je na disku C a pošli podľa návodu =>

http://www.pcforum.sk/ako-mi-zasielat-s ... 23559.html


Offline

Užívateľ
Užívateľ
asi virus

Registrovaný: 07.08.07
Prihlásený: 12.03.17
Príspevky: 1010
Témy: 90 | 90
Napísal autor témyOffline : 01.11.2007 21:55 | asi virus

mam combofix2.exe, moze byt ??


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 28.01.07
Prihlásený: 02.12.07
Príspevky: 1706
Témy: 25 | 25
NapísalOffline : 01.11.2007 21:58 | asi virus

Chcem ten aktuálny.


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 29.11.07
Príspevky: 14
Témy: 1 | 1
NapísalOffline : 29.11.2007 13:37 | asi virus

Mám ten istý problém. Mohli by ste mi preveriť log z HijackThis?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:36, on 2007-11-29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Comodo\Firewall\cfp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Trayler\Trayler.exe
C:\Program Files\DU Meter\DUMeterSvc.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\Ladislav Gallay\Dokumenty\HiJackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Podpora odkazu pre aplikáciu Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: MSVPS System - {ACB1497A-9869-44DE-8EBF-7CA6FAC1C2A5} - C:\WINDOWS\popnetksd.dll
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\cfp.exe" -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Trayler XP.lnk = C:\Program Files\Trayler\Trayler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &Search - ?p=ZN
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O21 - SSODL: sapnet - {E1F4FAEC-04FF-4B5D-B3BB-C80D6A342915} - C:\WINDOWS\sapnet.dll
O21 - SSODL: rmvgor - {0F9E43B1-479B-4554-8C01-425E7CB008D3} - C:\WINDOWS\rmvgor.dll
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 7842 bytes


Aj keď som už niekoľko krát fixol
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
stále to tam je. ďakujem za pomoc...


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 29.11.07
Príspevky: 14
Témy: 1 | 1
NapísalOffline : 29.11.2007 14:19 | asi virus

Už ma to neotravuje. Tu je log z hijackthis. Aj tak by som bol ale rád, keby ste mi ho preverili. Ďakujem

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:17, on 2007-11-29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\DU Meter\DUMeterSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Comodo\Firewall\cfp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Trayler\Trayler.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\Ladislav Gallay\Dokumenty\HiJackThis\HijackThis.exe

O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Podpora odkazu pre aplikáciu Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\cfp.exe" -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Trayler XP.lnk = C:\Program Files\Trayler\Trayler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &Search - ?p=ZN
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O21 - SSODL: sapnet - {E1F4FAEC-04FF-4B5D-B3BB-C80D6A342915} - C:\WINDOWS\sapnet.dll
O21 - SSODL: rmvgor - {0F9E43B1-479B-4554-8C01-425E7CB008D3} - C:\WINDOWS\rmvgor.dll
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 7499 bytes


_________________
Tento profil nepoužívam. Pozrite si profil Laykou
Offline

Užívateľ
Užívateľ
asi virus

Registrovaný: 29.08.07
Prihlásený: 25.11.17
Príspevky: 1701
Témy: 208 | 208
Bydlisko: PO - BA
NapísalOffline : 30.11.2007 16:37 | asi virus

ja mam tiez nieco take a neviem sa toho zbavit pls poradte
na starom konte nemozem nic spravit secko mam zablokovane - spravca, internet, vsetky programy, hry, nedostanem sa ani do ovladacivh panelov atd...
tu je to co mam na ploche (ked na to kliknem tak mi nabehne tiez ta stranka ze mam infikovany pc a ze si ho mam preskenovat...)


asi virus


_________________
NB HP ProBook 450 G0 CPU: Intel Core i5 3230M Pamäť: 2x 4GB DDR3L 1600MHz VGA: AMD Radeon HD8750M & Intel HD4000 HDD: 750GB SATA2 LCD: 15.6" HD & 27" iiyama XB2783HSU Repro: Logitech Z-2300 2.1 OS: Win7 Ultimate x64
Phone Lenovo P70
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 29.11.07
Príspevky: 14
Témy: 1 | 1
NapísalOffline : 30.11.2007 16:41 | asi virus

Chod myšou úplne nahor. Zobrazí sa ti taká lišta. Na nej nájdeš (vpravo) také x. Tým zavreš to nechutné červené okno. Ináč zistil som, že je to obyčajná stránka (to čo vidíš vlastne internetový prehliadač Internet Explorer, len bol asi JavaScriptom upravený.) Teraz zmaž adresár C:/Windows/privacy_dangerous - ináč v ňom nájdeš aj tie obrázky, ktoré vidíš na ploche


_________________
Tento profil nepoužívam. Pozrite si profil Laykou
Offline

Užívateľ
Užívateľ
asi virus

Registrovaný: 29.08.07
Prihlásený: 25.11.17
Príspevky: 1701
Témy: 208 | 208
Bydlisko: PO - BA
NapísalOffline : 30.11.2007 16:56 | asi virus

diki moc, a co to ostatne?


_________________
NB HP ProBook 450 G0 CPU: Intel Core i5 3230M Pamäť: 2x 4GB DDR3L 1600MHz VGA: AMD Radeon HD8750M & Intel HD4000 HDD: 750GB SATA2 LCD: 15.6" HD & 27" iiyama XB2783HSU Repro: Logitech Z-2300 2.1 OS: Win7 Ultimate x64
Phone Lenovo P70
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 29.11.07
Príspevky: 14
Témy: 1 | 1
NapísalOffline : 30.11.2007 16:58 | asi virus

Daj sem log z HijackThis


_________________
Tento profil nepoužívam. Pozrite si profil Laykou
Offline

Užívateľ
Užívateľ
asi virus

Registrovaný: 29.08.07
Prihlásený: 25.11.17
Príspevky: 1701
Témy: 208 | 208
Bydlisko: PO - BA
NapísalOffline : 30.11.2007 17:13 | asi virus

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:11:09, on 30.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\program files\winamp toolbar\WinampTbServer.exe
D:\DANO\PROGRAMY\NAINSTALOVANÉ\HijackThis\HijackThis.exe
C:\WINDOWS\System32\svchost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dsl.sk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: MSVPS System - {7E745F86-6B67-45D3-922A-878167A9D258} - C:\WINDOWS\werbetnor.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: The hdtip - {7E259026-2CBD-4F42-AB62-230C0D4ABDAD} - C:\WINDOWS\hdtip.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\DANO\PROGRAMY\NAINSTALOVANÉ\NOKIA PC Suite\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "D:\DANO\PROGRAMY\NAINSTALOVANÉ\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [mmkpafsw] C:\swlkrjph.bat
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\DANO\PROGRAMY\NAINSTALOVANÉ\ICQ 5.1\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\DANO\PROGRAMY\NAINSTALOVANÉ\ICQ 5.1\ICQLite.exe
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwa ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: pmkret - {49058A77-B0DE-4F81-AA31-356FAE66A72F} - C:\WINDOWS\pmkret.dll
O21 - SSODL: gormet - {25117F1D-374E-4304-8759-022538E54F6E} - C:\WINDOWS\gormet.dll (file missing)
O21 - SSODL: msmhost - {C28765D3-3937-4744-ABB7-4249CA9A9D19} - C:\WINDOWS\msmhost.dll (file missing)
O21 - SSODL: msmdev - {8AEA4B7E-5433-46CE-8B8A-9407D4A53688} - C:\WINDOWS\msmdev.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - D:\DANO\PROGRAMY\NAINSTALOVANÉ\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATI WebPAM (ATIWebPAM) - Unknown owner - C:\Program Files\ATI\WebPAM\jetty\extra\win32\Wrapper.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8839 bytes

a este by som chcel podotknut ze mi ide strasne pomaly pc - konkretne si myslim ze to je hdd (vsetko mi seka aj kurzor mysky a pomaly pracuje atd...)


_________________
NB HP ProBook 450 G0 CPU: Intel Core i5 3230M Pamäť: 2x 4GB DDR3L 1600MHz VGA: AMD Radeon HD8750M & Intel HD4000 HDD: 750GB SATA2 LCD: 15.6" HD & 27" iiyama XB2783HSU Repro: Logitech Z-2300 2.1 OS: Win7 Ultimate x64
Phone Lenovo P70
Offline

Skúsený užívateľ
Skúsený užívateľ
asi virus

Registrovaný: 10.07.07
Prihlásený: 02.11.17
Príspevky: 1060
Témy: 0 | 0
Bydlisko: Bratislava
NapísalOffline : 30.11.2007 21:41 | asi virus

_D4NW3R_:

najskor daj
Start spustit a pis: cmd [enter]
notepad c:\swlkrjph.bat [enter]
obsah notepad oznac [ctrl+a] a skopiruj a vloz do fora
Az ked to budes mat stiahni: http://siri.urz.free.fr/Fix/SmitfraudFix.exe a chod do nudzoveho rezimu a spusti ho s volbou 2 ..na dalsie otazky daj "Y"
a potom v normalnom rezime posli novy log z hijackthis a z C:\rapport.txt


_________________
Nebo je modre, voda je mokra...
Offline

Užívateľ
Užívateľ
asi virus

Registrovaný: 29.08.07
Prihlásený: 25.11.17
Príspevky: 1701
Témy: 208 | 208
Bydlisko: PO - BA
NapísalOffline : 01.12.2007 10:44 | asi virus

Roberbo píše:
_D4NW3R_:

najskor daj
Start spustit a pis: cmd [enter]
notepad c:\swlkrjph.bat [enter]
obsah notepad oznac [ctrl+a] a skopiruj a vloz do fora


co mam napisat do toho prikazoveho riadku?


_________________
NB HP ProBook 450 G0 CPU: Intel Core i5 3230M Pamäť: 2x 4GB DDR3L 1600MHz VGA: AMD Radeon HD8750M & Intel HD4000 HDD: 750GB SATA2 LCD: 15.6" HD & 27" iiyama XB2783HSU Repro: Logitech Z-2300 2.1 OS: Win7 Ultimate x64
Phone Lenovo P70
 [ Príspevkov: 52 ] 1, 2


asi virus



Podobné témy

 Témy  Odpovede  Zobrazenia  Posledný príspevok 
V tomto fóre nie sú ďalšie neprečítané témy.

Asi virus

v Antivíry a antispywary

8

809

14.08.2006 23:58

Johnnny

V tomto fóre nie sú ďalšie neprečítané témy.

asi virus

v Antivíry a antispywary

1

417

28.12.2007 22:36

br4n0

V tomto fóre nie sú ďalšie neprečítané témy.

asi virus 2

v Antivíry a antispywary

7

491

01.12.2007 19:07

Gergej

V tomto fóre nie sú ďalšie neprečítané témy.

Asi nejaky virus :(

v Antivíry a antispywary

5

496

19.11.2008 8:26

ataraXia

V tomto fóre nie sú ďalšie neprečítané témy.

Asi vírus, neviem odstrániť

v Antivíry a antispywary

8

372

16.06.2014 21:48

liveman

V tomto fóre nie sú ďalšie neprečítané témy.

Mozilla Firefox - asi nejaký vírus

v Sieťové a internetové programy

3

202

07.03.2015 11:12

Megi

V tomto fóre nie sú ďalšie neprečítané témy.

Pomoc.(Asi) mám vírus v pc.

v Antivíry a antispywary

6

271

06.01.2013 19:01

personal compuper

V tomto fóre nie sú ďalšie neprečítané témy.

Mrtvej virus, dobrej virus!

v Novinky

8

352

25.07.2007 20:55

tairikuokami

V tomto fóre nie sú ďalšie neprečítané témy.

Spyware-asi??

v Antivíry a antispywary

6

1079

10.09.2007 20:02

Rbot

V tomto fóre nie sú ďalšie neprečítané témy.

virus?

v Operačné systémy Microsoft

3

429

15.08.2008 23:52

BBUlet

V tomto fóre nie sú ďalšie neprečítané témy.

virus

v Antivíry a antispywary

2

1043

28.12.2008 15:59

uUsErR

V tomto fóre nie sú ďalšie neprečítané témy.

virus ??

v Antivíry a antispywary

2

104

28.03.2014 18:56

SKRiPT

V tomto fóre nie sú ďalšie neprečítané témy.

virus???

v Antivíry a antispywary

7

1159

09.10.2006 15:24

stanielka

V tomto fóre nie sú ďalšie neprečítané témy.

virus!

v Antivíry a antispywary

10

1064

09.01.2008 19:21

J&K

V tomto fóre nie sú ďalšie neprečítané témy.

Virus

v Pevné disky a radiče

1

67

13.11.2014 21:05

Mandy

V tomto fóre nie sú ďalšie neprečítané témy.

virus

v Operačné systémy Unix a Linux

7

747

25.09.2006 23:23

Whistler



© 2005 - 2017 PCforum, edited by JanoF