Jak odstranit Win32.TROJAN DOWNLOADER.ZLOB

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

Michal Horák
nováček
Příspěvky: 5
Registrován: říjen 06
Pohlaví: Nespecifikováno
Stav:
Offline

Jak odstranit Win32.TROJAN DOWNLOADER.ZLOB

Příspěvekod Michal Horák » 21 říj 2006 15:45

Hezky pozdrav vsem,

potreboval bych od nekoho zkuseneho pomoci, nikdy jsem jeste nemel vir v PC, az ted. :( Dostal se mi do PC tento malware - Win32.TROJAN DOWNLOADER.ZLOB a nevim, jak sa ho zbavit. Zkousel jsem NOD32 a taky ADWARE, ale porad mi tam zustava. :cry: V exploreru mi porad vyskakuje cizi domovska stranka a ikona, ze mam virus v PC...uz si nevim pomoci, jsem v tomto zelenac :o , stahnul jsem si SmitfraudFix.exe, zkusim ho pouzit v nouzovem rezimu, ale nechci to pokazit.
Byl bych vdecny, kdyby mi nekdo mohl poradit.
Dekuju moc.
Zdravi, Michal

Zde posilam log file:

Logfile of HijackThis v1.99.1
Scan saved at 15:30:19, on 21.10.2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\issearch.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\WinAntiVirus Pro 2006\uwa6pcw.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\f\LOCALS~1\Temp\Rar$EX01.593\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://10.0.0.138/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - C:\WINDOWS\System32\ixt0.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinAntiVirusPro2006] "C:\Program Files\WinAntiVirus Pro 2006\WinAV.exe" /min
O4 - HKLM\..\Run: [uwa6pcw] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\uwa6pcw.exe" -c
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O18 - Protocol: bw+0 - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Firewall service (FWSvc) - Unknown owner - C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

Reklama
Uživatelský avatar
Guivan5
Level 2.5
Level 2.5
Příspěvky: 251
Registrován: září 06
Bydliště: Praha 8
Pohlaví: Nespecifikováno
Stav:
Offline
Kontakt:

Příspěvekod Guivan5 » 21 říj 2006 16:19

O18 - Protocol: bw+0 - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {D650E90F-103F-458A-B8CA-BAD227F2C759} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

:shock: co to je???
HDD 250 GB, ATI Radeon X1550 512 MB, 1024 MB RAM, Intel Pentium D820 2,8Ghz...
Windows XP Media Center Edition SP2, Spyware Terminator, NOD32 2.7, Zone Alarm
HiJackThis, CCleaner, MWAV,Jottiscan, KillBox, VirusTotall
TweakUI

Michal Horák
nováček
Příspěvky: 5
Registrován: říjen 06
Pohlaví: Nespecifikováno
Stav:
Offline

Příspěvekod Michal Horák » 21 říj 2006 17:08

Ahoj,
tohoto messengera nepouzivam ani nevim k cemu to je :o , proto jsem ho odstranil, ale myslim, ze to neby nasledek TROJANU...

jinak diky moc za odpoved, ted jsem pouzil na vlastni pest :idea: Smitfraudfix. Jsem proste nedockavej a uz jsem to nemohl vydrzet. :evil: Odstranilo se mi automaticke vyskakovani nezname stranky v exploreru, ci-li explorer jiz funguje OK, zda se mi, ze jiz vse funguje jak ma, zadne zpomalovani systemu, ani ADWARE mi ho tam uz nenasel.

Jeste posilam log, kouknete, zda je vse ok, nedokazu to posoudit, jeste jednou dik. :smile: :

Logfile of HijackThis v1.99.1
Scan saved at 17:07:29, on 21.10.2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\f\LOCALS~1\Temp\Rar$EX00.281\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://10.0.0.138/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Firewall service (FWSvc) - Unknown owner - C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

Uživatelský avatar
mijaja
Tvůrce článků
Level 6.5
Level 6.5
Příspěvky: 4136
Registrován: září 05
Bydliště: Zlín
Pohlaví: Muž
Stav:
Offline
Kontakt:

Příspěvekod mijaja » 21 říj 2006 17:17

No v první řadě si odinstaluj WinAntiVirus Pro 2006 - je na seznamu škodlivého softu a obsahuje šmejdy!
Máš tam NOD32 a pokud je v plné a placené verzi, nic lepšího nenajdeš. Nainstaluj si alternativní prohlížeč namísto Internet Exploreru.
Stáhni si a nainstaluj Service Pack 2, stáhni si Ccleaner (v podpisu) a nainstaluj. Všechno mám v odkazech.
Vypni Obnovu systému (klávesa Windows+Pause/Break - a v okně Vlastnosti systému - karta Obnovení systému zaškrtnout okénko Vypnout nástroj obnovení systému na všech jednotkách.

Restartuj do nouzového režimu, odpoj se od internetu - nejlépe i kabel z síťovky nebo nespouštěj žádný browser. Tohle si raději vytiskni, nebo ulož na plochu v Notepadu.

V Taskmanageru (CTRL+ALT+DEL - záložka Procesy - tlačítko Ukončit proces) zastav procesy:

C:\WINDOWS\System32\issearch.exe - šmejd
C:\Program Files\Common Files\WinAntiVirus Pro 2006\uwa6pcw.exe - šmejd

Až to budeš mít, spusť znovu HijackThis a zaškrtni v něm okénka před řádky:

O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - C:\WINDOWS\System32\ixt0.dll - šmejd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinAntiVirusPro2006] "C:\Program Files\WinAntiVirus Pro 2006\WinAV.exe" /min
O4 - HKLM\..\Run: [uwa6pcw] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\uwa6pcw.exe" -c


Tuhle službu zastav ve Službách systému Windows:

nabídka Start>>Spustit- do okénka napiš services.msc a zmáčkni Enter.

O23 - Service: Firewall service (FWSvc) - Unknown owner - C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe (file missing)

označíš příslušný řádek a pravým myšítkem přepni na Vlastnosti a v roletce Typ spouštění dej zakázáno.

Spusť Ccleaner a dej vyčistit windows, aplikace i registry. Potom nakoukni do složek Temp a Temporary Internet Files ve všech profilech Documents and Settings a Windows, jestli jsou prázdné a vysyp koš. Restartuj do normálu a dej nový log na kontrolu.


2Guivan5 - položky O18 - Protocol:...... patří k myším, klávesnicím a webkamerám od Logitechu.

Michal Horák
nováček
Příspěvky: 5
Registrován: říjen 06
Pohlaví: Nespecifikováno
Stav:
Offline

Příspěvekod Michal Horák » 21 říj 2006 18:35

Mijaja jses profik! Perfektni rady, diky moc, udelal jsem vse, jak jsi napsal a uz je to snad uplne v poradku. :D
Vse mi zmizelo, nainstaloval jsem CCleaner a pouzil ho, mel jsem tam hodne necistot... Zamyslim se nad jinym prohlizecem. A nainstaluju si Service pack 2.
Jedine, co mi neslo bylo toto:
Spustil jsem Services.msc, ale radek
O23 - Service: Firewall service (FWSvc) - Unknown owner - C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe (file missing)
nebo podobny radek jsem NENASEL!??

Vse ale jiz funguje skvele, jedine, co zbylo z logu je tedy :
O23 - Service: Firewall service (FWSvc) - Unknown owner - C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe (file missing), jinak OK.

Zde je log:

Logfile of HijackThis v1.99.1
Scan saved at 18:28:12, on 21.10.2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Documents and Settings\f\Plocha\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://10.0.0.138/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Firewall service (FWSvc) - Unknown owner - C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

Uživatelský avatar
mijaja
Tvůrce článků
Level 6.5
Level 6.5
Příspěvky: 4136
Registrován: září 05
Bydliště: Zlín
Pohlaví: Muž
Stav:
Offline
Kontakt:

Příspěvekod mijaja » 21 říj 2006 18:40

Asi takhle - on v těch službách nebude ten řádek přesně v tom znění, jak je psán v Hijackthisu. Tam bude třeba jen to slůvko FWSvc.exe, nebo WinAntiVirus, nebo WAV Pro 2006 - nevím, jak ti ho wokna ve službách označí. Ale pokud tam něco takového je, napiš první název sem a podumáme, jestli by to bylo ono. Potom bys to zastavil.

Michal Horák
nováček
Příspěvky: 5
Registrován: říjen 06
Pohlaví: Nespecifikováno
Stav:
Offline

Příspěvekod Michal Horák » 21 říj 2006 18:53

Prosel jsem radku po radce v rozsirenem modu, ale nic takoveho jsem tam nenasel. Zkusim to jeste jednou a opravdu dukladne. I kdybych nic nenasel, nemelo by to nic zpusobit, o nic tedy nejde, tak ja jdu na to a za chvili dam vedet. Je to asi 100 radku...

Zatim dik,
Michal

Uživatelský avatar
mijaja
Tvůrce článků
Level 6.5
Level 6.5
Příspěvky: 4136
Registrován: září 05
Bydliště: Zlín
Pohlaví: Muž
Stav:
Offline
Kontakt:

Příspěvekod mijaja » 21 říj 2006 18:56

Jestli jsi ten WinAntiVirus odinstaloval po mém prvním příspěvku, je možné, že už budeš tuto službu hledat zbytečně. Udělej tedy ještě jeden log Hijackthisu a uvidíme.

Michal Horák
nováček
Příspěvky: 5
Registrován: říjen 06
Pohlaví: Nespecifikováno
Stav:
Offline

Příspěvekod Michal Horák » 21 říj 2006 19:05

Ahoj Mijaja,

:D Tak to bylo hodne rychly, uz jsem to nasel, ja se opravdu prekoukl, byl tam ta mrska jako:
Popis: Firewall service of WinAntiVirus Pro 2006 checks all
Cesta: C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe /service

Zastavil jsem ho...

TISICERE DIKY, meli by ti zvednout Rate! :wink:
Cau Michal


Jeste muj log:

Logfile of HijackThis v1.99.1
Scan saved at 18:57:33, on 21.10.2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\mmc.exe
C:\Documents and Settings\f\Plocha\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://10.0.0.138/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe



Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 6 hostů