Trojské koně!!! (vyřešeno)

[Body]

Mám zavirovaný počítač, prosím moc o radu. Jedná se pravděpodobně o Trojské koně, když zapnu jakkýkoli antivirový program, vir jej automaticky vypne, a nebo pokud napíšu něco, co souvisí s virama do vyhledávače na internetu, automaticky se vypne celý internet. Počítač často taky zamrzává. Jedinný program Kazaap dokáže tyto Trojské koně identifikovat, ale nejdou smazat. Jsou to: UserInit Trojan Loader, Windows shell Trojan Loader a Unkown Trojan Loader. Jsou uloženy někde v registrech, první dva ve složce Winlogon, a ten poslední ve složce user shell folders. Moc se omlouvám, pokud z tohoto popisu je něco nesrozumitelné, ale jsem laik, co se týče počítačů.

Přidávám HiJackThis:
Logfile of HijackThis v1.99.1
Scan saved at 16:10:50, on 28.9.2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\mguard.exe
C:\WINDOWS\Explorer.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\program files\FSI\F-Prot\fpavupdm.exe
C:\WINDOWS\System32\dllcache\makaveli.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Documents and Settings\Pavlínka\Local Settings\Temp\Dočasný adresář 2 pro hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\program files\ICQToolbar\toolbaru.dll
F2 - REG:system.ini: Shell=Explorer.exe mguard.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,mguard.exe
O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {67e71de8-b50e-4ecd-ba47-a0b3caf0fd6e} - (no file)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\program files\ICQToolbar\toolbaru.dll
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - D:\Program Files\Seznam\Postak\SRank.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Seznam Lištička - {B71B15CE-3093-459C-B764-AEB2486F2273} - D:\Program Files\Seznam Listicka\Toolbar.dll
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Ms Java for Windows NT] mguard.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Ms Java for Windows NT] mguard.exe
O4 - HKCU\..\RunServices: [Windows Kernel System Service] wkssvr.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Přelož do češtiny - res://D:\Program Files\Seznam Listicka\Toolbar.dll/5034
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Hledej v &Seznamu - res://D:\Program Files\Seznam Listicka\Toolbar.dll/5033
O8 - Extra context menu item: Hledej v Seznam &Fulltextu - res://D:\Program Files\Seznam Listicka\Toolbar.dll/5035
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://www.systemdoctor.com/download/20 ... nstall.cab
O16 - DPF: {1E1B286C-88FF-11D2-8D96-D7ACAC95951F} - http://66.194.67.102/banner/with-report ... nerads.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner.com/.freeware/insta ... rstart.cab
O16 - DPF: {3190CE28-0B6E-4133-A7D3-87D29CB92120} (ToolbarInetInstall Control) - http://www.listicka.cz/toolbar.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {65D72393-E210-4A2A-B8E0-10AC45986770} (GWebInstallControl Object) - http://recruit.netmonitor.cz/WebInstaller.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1137230342
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.shockwave.com/content/luxor/mjolauncher.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://ovanet.cz/activex/AxisCamControl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspott ... nstall.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB62B8E2-7415-406A-B89F-CC928CAE54D5}: NameServer = 62.129.50.20,85.135.32.100
O20 - AppInit_DLLs:
O20 - Winlogon Notify: pacmgr - pacmgr.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: F-Prot Antivirus Update Monitor - FRISK Software - D:\program files\FSI\F-Prot\fpavupdm.exe
O23 - Service: hpdj - HP - C:\DOCUME~1\Ales\LOCALS~1\Temp\hpdj.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Makaveli Branded - Unknown owner - C:\WINDOWS\System32\dllcache\makaveli.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - D:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - D:\program files\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe






Opravdu všem moc děkuji!!!!

[Reklama]

[fredik]

Ukonči v taskmageru (ctrl+alt+delete) proces mguard.exe

Vytvoř si na disku adresář a rozbal si hijackthis do něj místo do temp-u.
fixni v HJT:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: Shell=Explorer.exe mguard.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,mguard.exe
O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - (no file)
O4 - HKLM\..\Run: [Ms Java for Windows NT] mguard.exe
O4 - HKCU\..\Run: [Ms Java for Windows NT] mguard.exe
O4 - HKCU\..\RunServices: [Windows Kernel System Service] wkssvr.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O20 - Winlogon Notify: pacmgr - pacmgr.dll (file missing)

Stáhni si a projeď pc programem mwava vlož z něj log podle návodu.

Otestuj soubor C:\WINDOWS\System32\dllcache\makaveli.exe na Virustotal a vlož sem jeho výsledek.

Po té vlož znova log z HJT.

[besst]

zničit je můžeš i s antivirem... MicroWorld Escan = kladivo na všechny šmejdy!

[mikel]

Nediv se, že máš zavšivený počítač, když nezáplatuješ wokna. Musíš si nainstalovat SP1 a SP2 + záplaty po SP2!
Začni fixnutím tohoto v Hijacku:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: Shell=Explorer.exe mguard.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,mguard.exe
O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - (no file)
O2 - BHO: (no name) - {67e71de8-b50e-4ecd-ba47-a0b3caf0fd6e} - (no file)
O4 - HKLM\..\Run: [Ms Java for Windows NT] mguard.exe
O4 - HKCU\..\Run: [Ms Java for Windows NT] mguard.exe
O4 - HKCU\..\RunServices: [Windows Kernel System Service] wkssvr.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://www.systemdoctor.com/download/20 ... nstall.cab
O16 - DPF: {1E1B286C-88FF-11D2-8D96-D7ACAC95951F} - http://66.194.67.102/banner/with-report ... nerads.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner.com/.freeware/insta ... rstart.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {65D72393-E210-4A2A-B8E0-10AC45986770} (GWebInstallControl Object) - http://recruit.netmonitor.cz/WebInstaller.dll
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.shockwave.com/content/luxor/mjolauncher.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://ovanet.cz/activex/AxisCamControl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspott ... nstall.cab
O20 - AppInit_DLLs:
O20 - Winlogon Notify: pacmgr - pacmgr.dll (file missing)

A pak pokračuje mazání.
Nejprve si otevři Správce úloh (Ctrl+Alt+Del) a zastav tyto procesy:
mguard.exe
fpavupdm.exe
makaveli.exe

Do Start/Spustit napiš services.msc a potvrď. Pravým myšítkem zastav tyto služby a nastav typ spouštění na Zakázáno:
F-Prot Antivirus Update Monitor
hpdj
InCD Helper
Makaveli Branded

Potom smaž tyto soubory:
C:\WINDOWS\System32\mguard.exe
C:\WINDOWS\System32\dllcache\makaveli.exe
wkssvr.exe - musíš ho najít na disku

Pomocí CCleaneru vyčisti komp, vypni Obnovení systému (Tento počítač/Vlastnosti) a restartuj.
Udělej nový log a dej ho sem.

[Body]

Toto je log z mwaw-u:

Thu Sep 28 20:24:31 2006 => File C:\WINDOWS\System32\dllcache\makaveli.exe infected by "Backdoor.Win32.VanBot.j" Virus! Action Taken: No Action Taken.
Thu Sep 28 20:24:37 2006 => File C:\WINDOWS\system32\mguard.exe infected by "Backdoor.Win32.VanBot.d" Virus! Action Taken: No Action Taken.
Thu Sep 28 20:25:02 2006 => File C:\WINDOWS\System32\dllcache\makaveli.exe infected by "Backdoor.Win32.VanBot.j" Virus! Action Taken: No Action Taken.
Thu Sep 28 20:25:08 2006 => System found infected with mybar Spyware/Adware ({0494d0d9-f8e0-41ad-92a3-14154ece70ac})! Action taken: No Action Taken.
Thu Sep 28 20:25:10 2006 => Object "bargainbuddy Spyware/Adware" found in File System! Action Taken: No Action Taken.
Thu Sep 28 20:25:10 2006 => Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Thu Sep 28 20:25:10 2006 => Object "exactutil Spyware/Adware" found in File System! Action Taken: No Action Taken.
Thu Sep 28 20:25:10 2006 => Object "my way speedbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Thu Sep 28 20:25:12 2006 => System found infected with downloader-ak Trojan-Downloader (popcaploader.dll)! Action taken: No Action Taken.
Thu Sep 28 20:25:12 2006 => System found infected with sahagent Spyware/Adware (webinstaller.dll)! Action taken: No Action Taken.
Thu Sep 28 20:25:12 2006 => System found infected with windupdate Spyware/Adware (ide21201.vxd)! Action taken: No Action Taken.
Thu Sep 28 20:25:12 2006 => Object "my way speedbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Thu Sep 28 20:25:13 2006 => System found infected with ezula Spyware/Adware (internet.lnk)! Action taken: No Action Taken.
Thu Sep 28 20:25:17 2006 => System found infected with sahagent Spyware/Adware (webinstaller.dll)! Action taken: No Action Taken.
Thu Sep 28 20:25:17 2006 => System found infected with sahagent Spyware/Adware (webinstaller.dll)! Action taken: No Action Taken.
Thu Sep 28 20:27:36 2006 => File C:\WINDOWS\System32\40650_netapi.exe infected by "Backdoor.Win32.VanBot.d" Virus! Action Taken: No Action Taken.
Thu Sep 28 20:27:36 2006 => File C:\WINDOWS\System32\27031_redworld.exe infected by "Backdoor.Win32.VanBot.j" Virus! Action Taken: No Action Taken.
Thu Sep 28 20:27:40 2006 => File C:\WINDOWS\System32\wkssvr.exe infected by "Backdoor.Win32.VanBot.d" Virus! Action Taken: No Action Taken.
Thu Sep 28 20:27:40 2006 => File C:\WINDOWS\System32\24323_netapi.exe infected by "Backdoor.Win32.VanBot.d" Virus! Action Taken: No Action Taken.
Thu Sep 28 20:27:40 2006 => File C:\WINDOWS\System32\05747_netapi.exe infected by "Backdoor.Win32.VanBot.d" Virus! Action Taken: No Action Taken.
Thu Sep 28 20:27:41 2006 => File C:\WINDOWS\System32\87316_netapi.exe infected by "Backdoor.Win32.VanBot.d" Virus! Action Taken: No Action Taken.
Thu Sep 28 20:27:41 2006 => File C:\WINDOWS\System32\mguard.exe infected by "Backdoor.Win32.VanBot.d" Virus! Action Taken: No Action Taken.
Thu Sep 28 20:27:59 2006 => File C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\TEMPOR~1\Content.IE5\I1CFWVCT\84785_redworld[1].exe infected by "Backdoor.Win32.VanBot.j" Virus! Action Taken: No Action Taken.
Thu Sep 28 20:27:59 2006 => File C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\TEMPOR~1\Content.IE5\I1CFWVCT\84785_redworld[2].exe infected by "Backdoor.Win32.VanBot.j" Virus! Action Taken: No Action Taken.
Thu Sep 28 20:27:59 2006 => File C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\TEMPOR~1\Content.IE5\I1CFWVCT\31572_netapi[1].exe infected by "Backdoor.Win32.VanBot.d" Virus! Action Taken: No Action Taken.
Thu Sep 28 20:28:00 2006 => File C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\TEMPOR~1\Content.IE5\I1CFWVCT\84785_redworld[3].exe infected by "Backdoor.Win32.VanBot.j" Virus! Action Taken: No Action Taken.
Thu Sep 28 20:28:01 2006 => File C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\TEMPOR~1\Content.IE5\Y38LYVYX\75066_netapi[1].exe infected by "Backdoor.Win32.VanBot.d" Virus! Action Taken: No Action Taken.
Thu Sep 28 20:28:01 2006 => File C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\TEMPOR~1\Content.IE5\Y38LYVYX\53233_netapi[1].exe infected by "Backdoor.Win32.VanBot.d" Virus! Action Taken: No Action Taken.
Thu Sep 28 20:28:01 2006 => File C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\TEMPOR~1\Content.IE5\Y38LYVYX\27537_netapi[1].exe infected by "Backdoor.Win32.VanBot.d" Virus! Action Taken: No Action Taken.
Thu Sep 28 20:28:03 2006 => File C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\TEMPOR~1\Content.IE5\B8DL74OI\20233_netapi[1].exe infected by "Backdoor.Win32.VanBot.d" Virus! Action Taken: No Action Taken.
Thu Sep 28 20:28:03 2006 => File C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\TEMPOR~1\Content.IE5\B8DL74OI\62565_netapi[1].exe infected by "Backdoor.Win32.VanBot.d" Virus! Action Taken: No Action Taken.
Thu Sep 28 20:28:03 2006 => File C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\TEMPOR~1\Content.IE5\B8DL74OI\83765_netapi[1].exe infected by "Backdoor.Win32.VanBot.d" Virus! Action Taken: No Action Taken.
Thu Sep 28 20:28:03 2006 => File C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\TEMPOR~1\Content.IE5\B8DL74OI\84785_redworld[1].exe infected by "Backdoor.Win32.VanBot.j" Virus! Action Taken: No Action Taken.
Thu Sep 28 20:28:05 2006 => File C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\TEMPOR~1\Content.IE5\OX2N0P6Z\84785_redworld[1].exe infected by "Backdoor.Win32.VanBot.j" Virus! Action Taken: No Action Taken.
Thu Sep 28 20:28:05 2006 => File C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\TEMPOR~1\Content.IE5\OX2N0P6Z\36285_netapi[1].exe infected by "Backdoor.Win32.VanBot.d" Virus! Action Taken: No Action Taken.
Thu Sep 28 20:28:05 2006 => File C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\TEMPOR~1\Content.IE5\OX2N0P6Z\84785_redworld[2].exe infected by "Backdoor.Win32.VanBot.j" Virus! Action Taken: No Action Taken.
Thu Sep 28 20:28:05 2006 => File C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\TEMPOR~1\Content.IE5\OX2N0P6Z\84785_redworld[3].exe infected by "Backdoor.Win32.VanBot.j" Virus! Action Taken: No Action Taken.
Thu Sep 28 20:28:05 2006 => ***** Scanning complete. *****

Thu Sep 28 20:28:05 2006 => Total Objects Scanned: 22254
Thu Sep 28 20:28:05 2006 => Total Critical Objects: 37
Thu Sep 28 20:28:05 2006 => Total Disinfected Objects: 0
Thu Sep 28 20:28:05 2006 => Total Objects Renamed: 0
Thu Sep 28 20:28:05 2006 => Total Deleted Objects: 0
Thu Sep 28 20:28:05 2006 => Total Errors: 146
Thu Sep 28 20:28:05 2006 => Time Elapsed: 00:03:56
Thu Sep 28 20:28:05 2006 => Virus Database Date: 9/28/2006
Thu Sep 28 20:28:05 2006 => Virus Database Count: 227133

[Body]

C:\WINDOWS\System32\dllcache\makaveli.exe - ve složce System32 není soubor dllcache, ani po odkrytí skrytých souborů a složek.
přidávám log z hjt:
Logfile of HijackThis v1.99.1
Scan saved at 20:59:39, on 28.9.2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\program files\FSI\F-Prot\fpavupdm.exe
C:\WINDOWS\System32\dllcache\makaveli.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\wincmd\WINCMD32.EXE
D:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\program files\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {67e71de8-b50e-4ecd-ba47-a0b3caf0fd6e} - (no file)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\program files\ICQToolbar\toolbaru.dll
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - D:\Program Files\Seznam\Postak\SRank.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Seznam Lištička - {B71B15CE-3093-459C-B764-AEB2486F2273} - D:\Program Files\Seznam Listicka\Toolbar.dll
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Přelož do češtiny - res://D:\Program Files\Seznam Listicka\Toolbar.dll/5034
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Hledej v &Seznamu - res://D:\Program Files\Seznam Listicka\Toolbar.dll/5033
O8 - Extra context menu item: Hledej v Seznam &Fulltextu - res://D:\Program Files\Seznam Listicka\Toolbar.dll/5035
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://www.systemdoctor.com/download/20 ... nstall.cab
O16 - DPF: {1E1B286C-88FF-11D2-8D96-D7ACAC95951F} - http://66.194.67.102/banner/with-report ... nerads.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner.com/.freeware/insta ... rstart.cab
O16 - DPF: {3190CE28-0B6E-4133-A7D3-87D29CB92120} (ToolbarInetInstall Control) - http://www.listicka.cz/toolbar.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {65D72393-E210-4A2A-B8E0-10AC45986770} (GWebInstallControl Object) - http://recruit.netmonitor.cz/WebInstaller.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1137230342
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.shockwave.com/content/luxor/mjolauncher.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://ovanet.cz/activex/AxisCamControl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspott ... nstall.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB62B8E2-7415-406A-B89F-CC928CAE54D5}: NameServer = 62.129.50.20,85.135.32.100
O20 - AppInit_DLLs:
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: F-Prot Antivirus Update Monitor - FRISK Software - D:\program files\FSI\F-Prot\fpavupdm.exe
O23 - Service: hpdj - HP - C:\DOCUME~1\Ales\LOCALS~1\Temp\hpdj.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Makaveli Branded - Unknown owner - C:\WINDOWS\System32\dllcache\makaveli.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - D:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - D:\program files\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe



Zatím díky všem!!!

[Body]

Já vím, že servis packy jsou důležité. Chtěl bych je nainstalovat, ale nevím zda to jde i u neoriginálních Windows.

[fredik]

Zastav službu O23 - Service: Makaveli Branded - Unknown owner - C:\WINDOWS\System32\dllcache\makaveli.exe měla by se jmenovat Makaveli Branded
zastav ji ve Službách a nastav na Zakázáno:
Start -> Spustit... -> (napsat) services.msc>OK. V záložce služby ji najděte a ve vlastnostech nastavte typ spouštění na zakázáno.

*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*

Stáhni si Killbox a spusť jej. Objeví se malé okénko programu. Jako první je nutné vyplnit řádek "Full Path of File to Delete".

C:\WINDOWS\System32\dllcache\makaveli.exe

použijte funkci Delete on Reboot. Po té klikneš na tlačítko s obrázkem červeného kolečka s bílím křížkem a měl by následovat restart.

*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*

Najdi na disku červeně označené soubory a smaž.
C:\WINDOWS\System32\dllcache\makaveli.exe
C:\WINDOWS\system32\mguard.exe
C:\WINDOWS\System32\40650_netapi.exe
C:\WINDOWS\System32\27031_redworld.exe
C:\WINDOWS\System32\wkssvr.exe
C:\WINDOWS\System32\24323_netapi.exe
C:\WINDOWS\System32\05747_netapi.exe
C:\WINDOWS\System32\87316_netapi.exe

*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
Jak psal Mikel tak pročisti pc pomocí Ccleaneru
*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*

Fixni v HJT
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://www.systemdoctor.com/download/20 ... nstall.cab
O16 - DPF: {1E1B286C-88FF-11D2-8D96-D7ACAC95951F} - http://66.194.67.102/banner/with-report ... nerads.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner.com/.freeware/insta ... rstart.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {65D72393-E210-4A2A-B8E0-10AC45986770} (GWebInstallControl Object) - http://recruit.netmonitor.cz/WebInstaller.dll
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.shockwave.com/content/luxor/mjolauncher.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspott ... nstall.cab
O20 - AppInit_DLLs:

*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
Pak vlož znova log z HJT a řekni jestli se ti podařilo smazat všechny soubory.

Myslím že ti SP2 naistalovat nepůjde ale vyzkoušej kdyžtak alespoň doinstalovat SP1 případně pak ten SP2 jestli půjde. A také bych doporučil nainstalovat Firewall v příslušné sekci si mužes vybrat.

[Body]

Program Makaveli Branded se mi podařilo zakázat, ale ve složce system32 neexistuje složka dllcache, tímpádem sem s Killboxem ten program nevymazal.
Ani jeden z těchto programů na disku není, nevím proč.:
C:\WINDOWS\System32\dllcache\makaveli.exe
C:\WINDOWS\system32\mguard.exe
C:\WINDOWS\System32\40650_netapi.exe
C:\WINDOWS\System32\27031_redworld.exe
C:\WINDOWS\System32\wkssvr.exe
C:\WINDOWS\System32\24323_netapi.exe
C:\WINDOWS\System32\05747_netapi.exe
C:\WINDOWS\System32\87316_netapi.exe

Počítač sem pročistil v Ccleaneru a fixnul jsem v HJT.
Tady je nový log:
Logfile of HijackThis v1.99.1
Scan saved at 8:48:56, on 29.9.2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
D:\program files\FSI\F-Prot\fpavupdm.exe
C:\WINDOWS\System32\dllcache\makaveli.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\wincmd\WINCMD32.EXE
D:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\program files\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {67e71de8-b50e-4ecd-ba47-a0b3caf0fd6e} - (no file)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\program files\ICQToolbar\toolbaru.dll
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - D:\Program Files\Seznam\Postak\SRank.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Seznam Lištička - {B71B15CE-3093-459C-B764-AEB2486F2273} - D:\Program Files\Seznam Listicka\Toolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Přelož do češtiny - res://D:\Program Files\Seznam Listicka\Toolbar.dll/5034
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Hledej v &Seznamu - res://D:\Program Files\Seznam Listicka\Toolbar.dll/5033
O8 - Extra context menu item: Hledej v Seznam &Fulltextu - res://D:\Program Files\Seznam Listicka\Toolbar.dll/5035
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {3190CE28-0B6E-4133-A7D3-87D29CB92120} (ToolbarInetInstall Control) - http://www.listicka.cz/toolbar.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1137230342
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://ovanet.cz/activex/AxisCamControl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB62B8E2-7415-406A-B89F-CC928CAE54D5}: NameServer = 62.129.50.20,85.135.32.100
O23 - Service: F-Prot Antivirus Update Monitor - FRISK Software - D:\program files\FSI\F-Prot\fpavupdm.exe
O23 - Service: hpdj - HP - C:\DOCUME~1\Ales\LOCALS~1\Temp\hpdj.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - D:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - D:\program files\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

Bohužel ani jeden ze servis packů nejde nainstalovat. Zatím opravdu moc děkuji!!

[fredik]

Fixni v HJT:
O2 - BHO: (no name) - {67e71de8-b50e-4ecd-ba47-a0b3caf0fd6e} - (no file)

Zastav službu:
O23 - Service: F-Prot Antivirus Update Monitor - FRISK Software - D:\program files\FSI\F-Prot\fpavupdm.exe měla by se jmenovat F-Prot Antivirus Update Monitor
a pokud nepoužíváš InCD tak taky zastav jeho službuO23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe měla by se jmenovat InCD Helper
a nastav obě na zakázano.

S tím Killboxem nesmíš ten soubor vyhledávat. Označ to co je červenou barvou, skopíruj pomocí ctrl+c a vlož do kolonky "Full Path of File to Delete" pomocí ctrl+v. Použijte funkci Delete on Reboot. Po té klikneš na tlačítko s obrázkem červeného kolečka s bílím křížkem a měl by následovat restart.

C:\WINDOWS\System32\dllcache\makaveli.exe

Zkus znova projet pc Mwav. Pokud tam budou i nadále ty soubory co byli k vymazání, tak se pokusíme je smazat jinak když nejdou.

Ještě si doinstaluj ten Firewall.

[Body]

Firewall jsem si nainstaloval, fixnul jsem, tamty služby jsem zakázal a zastavil, všechno šlo v pohodě.
C:\WINDOWS\System32\dllcache\makaveli.exe - i tady to šlo odstranit

tady je log z Mwav-u:
System found infected with mybar Spyware/Adware ({0494d0d9-f8e0-41ad-92a3-14154ece70ac})! Action taken: No Action Taken.
Fri Sep 29 12:32:29 2006 => Object "exactutil Spyware/Adware" found in File System! Action Taken: No Action Taken.
Fri Sep 29 12:32:29 2006 => Object "my way speedbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Fri Sep 29 12:32:31 2006 => System found infected with downloader-ak Trojan-Downloader (popcaploader.dll)! Action taken: No Action Taken.
Fri Sep 29 12:32:31 2006 => System found infected with windupdate Spyware/Adware (ide21201.vxd)! Action taken: No Action Taken.
Fri Sep 29 12:32:31 2006 => Object "my way speedbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Fri Sep 29 12:32:32 2006 => System found infected with ezula Spyware/Adware (internet.lnk)! Action taken: No Action Taken.

Fri Sep 29 12:35:56 2006 => ***** Scanning complete. *****

Fri Sep 29 12:35:56 2006 => Total Objects Scanned: 22219
Fri Sep 29 12:35:56 2006 => Total Critical Objects: 7
Fri Sep 29 12:35:56 2006 => Total Disinfected Objects: 0
Fri Sep 29 12:35:56 2006 => Total Objects Renamed: 0
Fri Sep 29 12:35:56 2006 => Total Deleted Objects: 0
Fri Sep 29 12:35:56 2006 => Total Errors: 34
Fri Sep 29 12:35:56 2006 => Time Elapsed: 00:04:31
Fri Sep 29 12:35:56 2006 => Virus Database Date: 9/29/2006
Fri Sep 29 12:35:56 2006 => Virus Database Count: 227289





a tady je log z HJT:
Logfile of HijackThis v1.99.1
Scan saved at 12:39:46, on 29.9.2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\wincmd\WINCMD32.EXE
C:\Program Files\Internet Explorer\iexplore.exe
D:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\program files\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\program files\ICQToolbar\toolbaru.dll
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - D:\Program Files\Seznam\Postak\SRank.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Seznam Lištička - {B71B15CE-3093-459C-B764-AEB2486F2273} - D:\Program Files\Seznam Listicka\Toolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Přelož do češtiny - res://D:\Program Files\Seznam Listicka\Toolbar.dll/5034
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Hledej v &Seznamu - res://D:\Program Files\Seznam Listicka\Toolbar.dll/5033
O8 - Extra context menu item: Hledej v Seznam &Fulltextu - res://D:\Program Files\Seznam Listicka\Toolbar.dll/5035
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {3190CE28-0B6E-4133-A7D3-87D29CB92120} (ToolbarInetInstall Control) - http://www.listicka.cz/toolbar.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1137230342
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://ovanet.cz/activex/AxisCamControl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB62B8E2-7415-406A-B89F-CC928CAE54D5}: NameServer = 62.129.50.20,85.135.32.100
O23 - Service: hpdj - HP - C:\DOCUME~1\Ales\LOCALS~1\Temp\hpdj.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe




Vypadá to, že se to lepší, opravdu moc děkuju. Jsi zlatý člověk!!!

[Body]

Ještě jednou všem moc děkuju. Jste moc hodní lidé.