PC-HELP.CZ

Zdavim vsechny ... mame takovej problemek...na synkove pc nefunguji prohlizece, ani firefox ani IE nezobrazi zadnou z www stranek. Ovsem ICQ mu bezi... muzete mi nekdo poradit na co se kouknout ? Musim predeslat ze toto nas zlobi od chvile kdy se jedna nejmenovana osoba brouzdala na strankach pro dospele :roll:

Takze jsem pripraven na nejhorsi. Ale to clovek muze mlatit a stejne to neni nic platny . Diky za rady.

Na úvod pořiď HJT log, předhoď jej sem a doufej, že to je způsobený nějakou snadno likvidovatelnou potvorou.
A ohledně toho mlácení: je to jedna z nejúčinnějších hardwerových ochran a musíme ji aplikovat včas, dokud je ještě přepereme. S rostoucím věkem - naším i našich ratolestí - účinnost této HW ochrany prudce klesá. :-(

já přidám návod na vytvoření logu z Hijackthis,který potřebujeme nutně vidět.

HijackThis stahneš tady-
http://www.bleepingcomputer.com/files/M ... ckThis.zip
rozbal do vlastní složky,spusť,klikni na "Do a system scan and save a logfile"
Vygenerovaný texťák zkopíruj sem.

Tady je ten log...a s tim mlacenim...no asi jsem prosvih tu pravou chvili :roll:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at Čas: 21:44.58, on 29.6.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\KYE\GENIUS~1\mouseElf.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\RSSoft\RedSwoosh.exe
C:\Program Files\Seznam Postak\Postak.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
C:\WINDOWS\system32\spoolsv.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\Corel\Graphics9\Register\Remind32.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\YzShadow\YzShadow.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Last.fm\LastFM.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\BSplayer Pro\bsplayer.exe
C:\Documents and Settings\Uživatel\Plocha\HiJackThis_v2\HiJackThis_v2\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O3 - Toolbar: &Seznam Bezpečný Internet - {B71B15CE-3093-459C-B764-AEB2486F2273} - C:\Program Files\Urychlovace\Seznam Bezpecny Internet\SBI.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam Postak\SRank.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\KYE\GENIUS~1\mouseElf.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Red Swoosh] C:\Program Files\RSSoft\RedSwoosh.exe /S
O4 - HKLM\..\Run: [SMail] "C:\Program Files\Seznam Postak\Postak.exe"
O4 - HKLM\..\Run: [Exittimecreativelicense] C:\Documents and Settings\All Users\Data aplikací\hidebarbexittime\new16.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [BOLDIDOL] C:\DOCUME~1\UIVATE~1\DATAAP~1\FILMSA~1\sixthchinflag.exe
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Reminder-cor40212.lnk = C:\Program Files\Corel\Graphics9\Register\Remind32.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzShadow\YzShadow.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Přelož do češtiny - res://C:\Program Files\Urychlovace\Seznam Bezpecny Internet\SBI.dll/5034
O8 - Extra context menu item: Do fronty Star Downloaderu - C:\Program Files\Star Downloader\sdieenq.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Hledej v &Seznamu - res://C:\Program Files\Urychlovace\Seznam Bezpecny Internet\SBI.dll/5033
O8 - Extra context menu item: Hledej v Seznam &Fulltextu - res://C:\Program Files\Urychlovace\Seznam Bezpecny Internet\SBI.dll/5035
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F87A0F9-9AF9-4CD0-8E3B-8C7E8AB78341}: NameServer = 10.100.105.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O24 - Desktop Component 0: Aqua Real - 7db39a0d-580f-4be9-9195-8bfcd226f6c2

--
End of file - 10133 bytes

Zkontrolujte nastavení DNS serverů.

krtenek píše:Zkontrolujte nastavení DNS serverů.

Ok ...diky za radu, kouknu na to.

Ale neříkám, že je to ono, jen takový nápad. Onehdy mi totiž prohlížeče zobrazovaly chybu připojení, ale icq vesele běželo. Měl jsem špatně nastavené DNS...

nejdřív nainstaluj firewall
vyber si tady,doporučuju Comodo

zastav tuto službu
Boonty Games - BOONTY
a typ spuštění dej na zakázáno!
služby spustíš napsáním příkazu services.msc do Spustit... v nabídce START a klik na OK

ten bsplayer jestli neni koupenej tak odinstaluj

udělej log z LopFindu podle návodu tady
http://viry.cz/forum/viewtopic.php?t=34528 bod 2.
a pošli

ale začni samozřejmě bodem jedna a zkontroluj Přidat/odebrat programy

-Firewall instalovan
-Boonty Games - BOONTY zakazano

log je zde :

LopFind v3 © Čas: 0:03:40,39 Datum: so 30.06.2007

******************************************

1) Výpis obsahů Application Data složek pro zjištění podezřelých adresářů:

Svazek v jednotce C je Hadrware.
S‚riov‚ źˇslo svazku je F4AD-27F4.

Věpis adres ýe C:\Documents and Settings\Administrator\DATAAP~1

24.10.2006 ¬as: 22:29 <DIR> Real
24.10.2006 ¬as: 22:28 <DIR> Identities
24.10.2006 ¬as: 22:28 62 desktop.ini
24.10.2006 ¬as: 22:28 <DIR> Microsoft
24.10.2006 ¬as: 22:28 <DIR> ..
24.10.2006 ¬as: 22:28 <DIR> .
1 soubor…, 62 bajt…
Adres ý…: 5, Volněch bajt…: 2360721408
Svazek v jednotce C je Hadrware.
S‚riov‚ źˇslo svazku je F4AD-27F4.

Věpis adres ýe C:\Documents and Settings\All Users\DATAAP~1

29.06.2007 ¬as: 23:53 <DIR> Comodo
19.06.2007 ¬as: 17:15 <DIR> ACD Systems
28.05.2007 ¬as: 18:00 <DIR> BIZSCR
03.03.2007 ¬as: 16:36 <DIR> Adobe
29.12.2006 ¬as: 16:48 <DIR> hidebarbexittime
23.12.2006 ¬as: 20:51 <DIR> PlayFirst
20.10.2006 ¬as: 15:05 <DIR> BOONTY
01.09.2006 ¬as: 17:57 <DIR> MSScanAppDataDir
01.09.2006 ¬as: 17:36 <DIR> Microsoft Help
13.06.2006 ¬as: 15:29 4336 QTSBandwidthCache
13.06.2006 ¬as: 15:10 <DIR> Apple Computer
11.06.2006 ¬as: 21:58 <DIR> XemiComputers
21.03.2006 ¬as: 21:33 <DIR> TuneUp Software
04.03.2006 ¬as: 11:22 <DIR> Windows Genuine Advantage
13.01.2006 ¬as: 23:30 <DIR> Pinnacle
08.12.2005 ¬as: 22:45 <DIR> Macromedia
11.11.2005 ¬as: 17:37 <DIR> DVD Shrink
02.10.2005 ¬as: 19:28 <DIR> CyberLink
27.07.2005 ¬as: 10:36 <DIR> Trymedia
10.03.2005 ¬as: 19:08 <DIR> Spybot - Search & Destroy
02.03.2005 ¬as: 19:17 <DIR> Skype
20.02.2005 ¬as: 18:45 <DIR> QuickTime
19.11.2004 ¬as: 11:22 62 desktop.ini
19.11.2004 ¬as: 11:22 <DIR> Microsoft
19.11.2004 ¬as: 11:22 <DIR> .
19.11.2004 ¬as: 11:22 <DIR> ..
2 soubor…, 4398 bajt…
Adres ý…: 24, Volněch bajt…: 2360717312
Svazek v jednotce C je Hadrware.
S‚riov‚ źˇslo svazku je F4AD-27F4.

Věpis adres ýe C:\Documents and Settings\U§ivatel\DATAAP~1
Lucas (12:06 AM) :
19.11.2004 ¬as: 11:22 62 desktop.ini
19.11.2004 ¬as: 11:22 <DIR> ..
19.11.2004 ¬as: 11:22 <DIR> Microsoft
19.11.2004 ¬as: 11:22 <DIR> .
1 soubor…, 62 bajt…
Adres ý…: 3, Volněch bajt…: 2360713216
Svazek v jednotce C je Hadrware.
S‚riov‚ źˇslo svazku je F4AD-27F4.

Věpis adres ýe C:\Documents and Settings\LocalService\DATAAP~1

19.11.2004 ¬as: 10:34 <DIR> ..
19.11.2004 ¬as: 10:34 <DIR> Microsoft
19.11.2004 ¬as: 10:34 <DIR> .
0 soubor…, 0 bajt…
Adres ý…: 3, Volněch bajt…: 2360713216
Svazek v jednotce C je Hadrware.
S‚riov‚ źˇslo svazku je F4AD-27F4.

Věpis adres ýe C:\Documents and Settings\NetworkService\DATAAP~1

19.11.2004 ¬as: 10:34 <DIR> ..
19.11.2004 ¬as: 10:34 <DIR> Microsoft
19.11.2004 ¬as: 10:34 <DIR> .
0 soubor…, 0 bajt…
Adres ý…: 3, Volněch bajt…: 2360713216

******************************************

2) Vyhledávání a odstranění podezřelých .job souborů:

a) Soubory přítomné v C:\WINDOWS\tasks\ adresáři:

Svazek v jednotce C je Hadrware.
S‚riov‚ źˇslo svazku je F4AD-27F4.

Věpis adres ýe C:\WINDOWS\Tasks

21.03.2006 ¬as: 21:34 396 1-Click Maintenance.job
19.11.2004 ¬as: 10:31 6 SA.DAT
19.11.2004 ¬as: 10:29 65 desktop.ini
19.11.2004 ¬as: 10:29 <DIR> ..
19.11.2004 ¬as: 10:29 <DIR> .
3 soubor…, 467 bajt…
Adres ý…: 2, Volněch bajt…: 2˙360˙709˙120

------------------------------------------

b) Zjišťování vlastností přítomných .job souborů:

[TRACE] Enumerating jobs and queues
[TRACE] Activating job '1-Click Maintenance.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe'
Parameters: '/schedulestart'
WorkingDirectory: ''
Comment: 'Runs 1-Click Maintenance at specified times'
Creator: 'Uživatel'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 06/29/2007 17:15:00
NextRun: 07/06/2007 17:15:00
StartError: S_OK
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 0
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Weekly
WeeksInterval: 1
DaysOfTheWeek: .....F.
StartDate: 06/01/2005
EndDate: 06/03/2010
StartTime: 17:15
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

------------------------------------------

c) Nalezené a odstraněné nežádoucí soubory:

------------------------------------------

d) Soubory přítomné v adresáři po vymazání:

Svazek v jednotce C je Hadrware.
S‚riov‚ źˇslo svazku je F4AD-27F4.

Věpis adres ýe C:\WINDOWS\Tasks

21.03.2006 ¬as: 21:34 396 1-Click Maintenance.job
19.11.2004 ¬as: 10:31 6 SA.DAT
19.11.2004 ¬as: 10:29 65 desktop.ini
19.11.2004 ¬as: 10:29 <DIR> ..
19.11.2004 ¬as: 10:29 <DIR> .
3 soubor…, 467 bajt…
Adres ý…: 2, Volněch bajt…: 2˙360˙709˙120

******************************************

3) Vyhledávání podvodných programů ve složce Program Files:

Adresář C:\Program Files\Torrent101 Přítomen !

odinstaluj Torrent101 a smaž jeho složku v program files

fixni
v okně programu HJT zaškrtni nalevo u položek co napíšu a potom klik na Fix checked

O3 - Toolbar: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [Exittimecreativelicense] C:\Documents and Settings\All Users\Data aplikací\hidebarbexittime\new16.exe
O4 - HKCU\..\Run: [BOLDIDOL] C:\DOCUME~1\UIVATE~1\DATAAP~1\FILMSA~1\sixthchinflag.exe

odstraň tu službu Boonty Games - BOONTY
takto

_neo píše:spustíte program HJT a kliknete na tlačítko Open the Misc Tools section následně klikněte na tlačítko Delete an NT service. Objeví se okno kde zadáte jméno služby kterou chcete smazat a klikněte na tlačítko OK.

použij Avenger
http://www.viry.cz/forum/viewtopic.php?t=21484

a tento skript

Kód: Vybrat vše

Files to delete:
[BOLDIDOL] C:\DOCUME~1\UIVATE~1\DATAAP~1\FILMSA~1\sixthchinflag.exe 

Folders to delete:
C:\Documents and Settings\All Users\Data aplikací\hidebarbexittime

po restartu pošli log z Avengeru a log z hijackthis

-Torrent 101 odstranen
-V HJT fixnuto dle navodu
-odstranena služba Boonty Games
-pouzit avenger a uvedeny skript
-restart

....ten avenger mi hlasil nejaky problem...viz nize

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Syntax error in line --- no registry value to delete found. Line will be ignored.
Error code: 0
Line: HKLM\Software\Microsoft\Windows\C

//////////////////////////////////////////

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\jaxissts

*******************

Fatal error: integrity of Services key failed verification check! Security may be fatally compromised. Exiting immediately.

Could not open script file! Status: 0xc0000034 Abort!

.............................................................................................................................................................

HiJackThis LOG ::

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at Čas: 13:04.45, on 30.6.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\KYE\GENIUS~1\mouseElf.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Seznam Postak\Postak.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\Corel\Graphics9\Register\Remind32.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\YzShadow\YzShadow.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Comodo\Firewall\cpfupdat.exe
C:\Documents and Settings\Uživatel\Plocha\Lukáš\HiJackThis v2\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Seznam Bezpečný Internet - {B71B15CE-3093-459C-B764-AEB2486F2273} - C:\Program Files\Urychlovace\Seznam Bezpecny Internet\SBI.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam Postak\SRank.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\KYE\GENIUS~1\mouseElf.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SMail] "C:\Program Files\Seznam Postak\Postak.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
O4 - HKCU\..\Run: [BOLDIDOL] C:\DOCUME~1\UIVATE~1\DATAAP~1\FILMSA~1\sixthchinflag.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Reminder-cor40212.lnk = C:\Program Files\Corel\Graphics9\Register\Remind32.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzShadow\YzShadow.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Přelož do češtiny - res://C:\Program Files\Urychlovace\Seznam Bezpecny Internet\SBI.dll/5034
O8 - Extra context menu item: Do fronty Star Downloaderu - C:\Program Files\Star Downloader\sdieenq.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Hledej v &Seznamu - res://C:\Program Files\Urychlovace\Seznam Bezpecny Internet\SBI.dll/5033
O8 - Extra context menu item: Hledej v Seznam &Fulltextu - res://C:\Program Files\Urychlovace\Seznam Bezpecny Internet\SBI.dll/5035
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F87A0F9-9AF9-4CD0-8E3B-8C7E8AB78341}: NameServer = 10.100.105.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O24 - Desktop Component 0: Aqua Real - 7db39a0d-580f-4be9-9195-8bfcd226f6c2

--
End of file - 9635 bytes

!!! nevim co je tohle : sixthchinflag.exe ale firewall COMODO mi hlasil nejakej problem v souvislosti s timto a s DNS servrem na portu 53 ohledne IE viz obrazek nize.

C:\DOCUME~1\UIVATE~1\DATAAP~1\FILMSA~1\sixthchinflag.exe

nech to zkontrolovat tady
http://scanner.virus.org/

do okna Procházet,zkopíruj metodou ctrl+c ctrl+v celej tučnej text

hoď sem výsledky

PC-HELP.CZ

Problém s připojením.

Problém s připojením.