PLS Kontrola (vir) Vyřešeno

[Darthy]

Prosím o kontrolu logu z HT, eset mi našel vir jenže vždy když to vyčistí tak po restartu se tam objeví znovu takže jsou 2 příciny bud ho neodstraní, nebo se při startu PC vytvoří znovu díky nějakému spuštěnemu programu (C:\WINDOWS\system32\ljJYQgeb.dll)... díky a zde je log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:44:20, on 16.10.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\RivaTuner v2.09\RivaTuner.exe
C:\Program Files\RivaTuner v2.09\Tools\RivaTunerStatisticsServer\RivaTunerStatisticsServer.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {FD417378-F411-4B77-BBEE-4893BB670D4C} - C:\WINDOWS\system32\ljJYQgeb.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [RivaTuner] "C:\Program Files\RivaTuner v2.09\RivaTuner.exe" /T
O4 - HKLM\..\Run: [RivaTunerStatisticsServer] "C:\Program Files\RivaTuner v2.09\Tools\RivaTunerStatisticsServer\RivaTunerStatisticsServer.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{EF90FAB0-FBDB-4540-AE93-794350907A79}: NameServer = 192.168.16.1,80.78.144.6
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ljJYQgeb - C:\WINDOWS\SYSTEM32\ljJYQgeb.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 7350 bytes




\\Edit: Vypínám PC pokud bude potřeba nový scan v HJT tak to upravým a nový log vložím sem...

[Reklama]

[jaro3]

Vypni rez. ochranu u NOD32.
Stáhni si ComboFix (by sUBs)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[Darthy]

ComboFix 08-10-16.08 - Darthy 2008-10-17 16:52:02.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.1083 [GMT 2:00]
Spuštěný z: E:\Download\Programy\ComboFix.exe

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\dysidglv.exe
C:\WINDOWS\system32\eeppntsh.ini
C:\WINDOWS\system32\hstnppee.dll
C:\WINDOWS\system32\khvatnqs.exe
C:\WINDOWS\system32\ljJYQgeb.dll
C:\WINDOWS\system32\mawjebgw.exe
C:\WINDOWS\system32\nrdcttol.ini
C:\WINDOWS\system32\onXyyyxx.ini
C:\WINDOWS\system32\onXyyyxx.ini2
C:\WINDOWS\system32\qlscdjtu.dll
C:\WINDOWS\system32\Srsvwyay.ini
C:\WINDOWS\system32\Srsvwyay.ini2
C:\WINDOWS\system32\wqhbpcfc.ini
C:\WINDOWS\system32\yaywvsrS.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2008-09-17 do 2008-10-17 )))))))))))))))))))))))))))))))
.

2008-10-16 23:42 . 2008-10-16 23:42 <DIR> d-------- C:\Program Files\Sun
2008-10-16 23:42 . 2008-10-16 23:41 410,976 --a------ C:\WINDOWS\system32\deploytk.dll
2008-10-16 22:46 . 2008-10-16 22:46 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-16 18:52 . 2008-10-16 18:52 <DIR> d-------- C:\Program Files\ESET
2008-10-16 18:52 . 2008-10-16 18:52 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\ESET
2008-10-13 20:23 . 2008-10-13 21:16 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab Setup Files
2008-10-12 00:22 . 2008-10-12 00:22 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-10-11 13:23 . 2008-10-11 13:23 <DIR> d-------- C:\Documents and Settings\Darthy\Data aplikací\National Instruments
2008-10-11 13:23 . 2008-10-11 13:23 <DIR> d-------- C:\Documents and Settings\Darthy\Data aplikací\National Instruments
2008-10-11 13:23 . 2008-10-11 13:23 <DIR> d-------- C:\Documents and Settings\Darthy\Data aplikací\National Instruments
2008-10-11 13:18 . 2008-10-11 13:19 <DIR> d-------- C:\Program Files\HI-TECH Software
2008-10-11 13:16 . 2008-10-11 13:16 <DIR> d-------- C:\WINDOWS\system32\cvirte
2008-10-11 13:16 . 2008-10-11 13:18 <DIR> d-------- C:\Program Files\National Instruments
2008-10-11 13:16 . 2008-10-11 13:18 <DIR> d-------- C:\Program Files\Common Files\Merge Modules
2008-10-11 13:16 . 2008-10-11 13:18 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\National Instruments
2008-10-11 13:09 . 2008-10-11 13:09 <DIR> d-------- C:\National Instruments Downloads
2008-10-11 12:20 . 2008-10-11 12:24 <DIR> d-------- C:\Program Files\CircuitMaker 2000
2008-10-07 18:30 . 2008-10-07 22:43 <DIR> d-------- C:\Downloads
2008-09-20 17:38 . 2008-09-20 17:38 <DIR> d-------- C:\Documents and Settings\Darthy\Data aplikací\Canon
2008-09-20 17:38 . 2008-09-20 17:38 <DIR> d-------- C:\Documents and Settings\Darthy\Data aplikací\Canon
2008-09-20 17:38 . 2008-09-20 17:38 <DIR> d-------- C:\Documents and Settings\Darthy\Data aplikací\Canon
2008-09-18 20:02 . 2008-09-18 20:02 <DIR> d-------- C:\Program Files\Free M4a to MP3 Converter
2008-09-18 19:50 . 2008-09-18 19:50 <DIR> d-------- C:\Program Files\ImTOO

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-16 21:41 --------- d-----w C:\Program Files\Java
2008-10-16 16:58 --------- d-----w C:\Program Files\QIP Infium
2008-10-15 14:18 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-10-11 10:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-05 15:05 --------- d-----w C:\Documents and Settings\Darthy\Data aplikací\Audacity
2008-10-05 15:05 --------- d-----w C:\Documents and Settings\Darthy\Data aplikací\Audacity
2008-10-05 15:05 --------- d-----w C:\Documents and Settings\Darthy\Data aplikací\Audacity
2008-09-21 19:49 --------- d-----w C:\Documents and Settings\Darthy\Data aplikací\Skype
2008-09-21 19:49 --------- d-----w C:\Documents and Settings\Darthy\Data aplikací\Skype
2008-09-21 19:49 --------- d-----w C:\Documents and Settings\Darthy\Data aplikací\Skype
2008-09-21 14:16 --------- d-----w C:\Documents and Settings\Darthy\Data aplikací\Hamachi
2008-09-21 14:16 --------- d-----w C:\Documents and Settings\Darthy\Data aplikací\Hamachi
2008-09-21 14:16 --------- d-----w C:\Documents and Settings\Darthy\Data aplikací\Hamachi
2008-09-16 17:55 --------- d-----w C:\Program Files\EAGLE-4.09r2
2008-09-08 10:29 --------- d-----w C:\Program Files\Xilisoft
2008-09-06 07:15 --------- d-----w C:\Program Files\Hide IP
2008-09-06 07:06 --------- d-----w C:\Documents and Settings\Darthy\Data aplikací\HideIP
2008-09-06 07:06 --------- d-----w C:\Documents and Settings\Darthy\Data aplikací\HideIP
2008-09-06 07:06 --------- d-----w C:\Documents and Settings\Darthy\Data aplikací\HideIP
2008-09-05 19:25 --------- d-----w C:\Program Files\WinUHA
2008-08-18 13:56 --------- d-----w C:\Documents and Settings\Darthy\Data aplikací\Dev-Cpp
2008-08-18 13:56 --------- d-----w C:\Documents and Settings\Darthy\Data aplikací\Dev-Cpp
2008-08-18 13:56 --------- d-----w C:\Documents and Settings\Darthy\Data aplikací\Dev-Cpp
2008-07-19 09:00 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-07-18 07:41 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe
2008-07-18 07:41 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-07-18 07:41 22,328 ----a-w C:\Documents and Settings\Data aplikací\PnkBstrK.sys
2008-07-18 07:41 22,328 ----a-w C:\Documents and Settings\Darthy\Data aplikací\PnkBstrK.sys
2008-07-18 07:41 22,328 ----a-w C:\Documents and Settings\Darthy\Data aplikací\PnkBstrK.sys
2008-07-18 07:41 22,328 ----a-w C:\Documents and Settings\Darthy\Data aplikací\PnkBstrK.sys
2008-07-18 07:41 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-07-29 08:21 506 --sha-w C:\Program Files\USDownloader.exe.manifest
2007-02-08 08:48 133,920 ----a-w C:\Program Files\internet explorer\plugins\LV82ActiveXControl.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-10-16 136600]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 282624]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-01-20 200704]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"RivaTuner"="C:\Program Files\RivaTuner v2.09\RivaTuner.exe" [2008-04-28 2707456]
"RivaTunerStatisticsServer"="C:\Program Files\RivaTuner v2.09\Tools\RivaTunerStatisticsServer\RivaTunerStatisticsServer.exe" [2008-04-28 57344]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"WinFast Schedule"="C:\Program Files\WinFast\WFTVFM\WFWIZ.exe" [2006-10-24 368640]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
"C-Media Mixer"="Mixer.exe" [2002-07-12 C:\WINDOWS\mixer.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2008-08-10 1183744]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv32"= ir32.dll
"msacm.l3acm"= l3codecp.acm
"vidc.hfyu"= huffyuv.dll
"vidc.IV45"= Ir41_qc.dll
"msacm.divxa32"= DivXa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"C:\\Games\\Black Isle\\Lionheart\\Lionheart.exe"=
"C:\\Program Files\\Hamachi\\hamachi.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
"C:\\Games\\MotoGP2\\motogp2.exe"=
"E:\\Download\\Programy\\Mir4nda-IM-0.7.1-Pack-v2.0\\miranda32.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Nero\\Nero8\\Nero ShowTime\\ShowTime.exe"=
"C:\\Program Files\\QIP Infium\\infium.exe"=
"C:\\Games\\VALVe\\Counter-Strike Source\\hl2.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Games\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"C:\\Games\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys [2005-12-06 35328]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-07-01 34312]
R2 BT848;WinFast TV2000 XP WDM Video Capture;C:\WINDOWS\system32\drivers\wf2kvcap.sys [2006-04-20 59776]
R2 cvintdrv;cvintdrv;C:\WINDOWS\system32\drivers\cvintdrv.sys [2007-02-21 4096]
R2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [2008-10-16 152984]
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;C:\WINDOWS\system32\drivers\wf2ktunr.sys [2006-04-20 19456]
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;C:\WINDOWS\system32\drivers\wf2kxbar.sys [2006-04-20 9600]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2008-04-14 69120]
R3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS [2005-01-06 9446]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\OblivionLauncher.exe
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

BHO-{041D3DBB-4A78-4EEF-9882-BABA2DFA931a} - C:\WINDOWS\system32\qlscdjtu.dll
BHO-{04473A33-C1CD-4896-A894-F53A3973CB65} - C:\WINDOWS\system32\yaywvsrS.dll
BHO-{FD417378-F411-4B77-BBEE-4893BB670D4C} - C:\WINDOWS\system32\ljJYQgeb.dll
ShellExecuteHooks-{FD417378-F411-4B77-BBEE-4893BB670D4C} - C:\WINDOWS\system32\ljJYQgeb.dll


.
------- Doplňkový sken -------
.
FireFox -: Profile - C:\Documents and Settings\Darthy\Data aplikací\Mozilla\Firefox\Profiles\uyaxnrqb.default\
FF -: plugin - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPLV82Win32.dll
FF -: plugin - C:\WINDOWS\system32\C2MP\npdivx32.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-17 16:59:12
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
------------------------ Jiné spuštené procesy ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2008-10-17 17:03:41 - počítač byl restartován [Darthy]
ComboFix-quarantined-files.txt 2008-10-17 15:03:38

Před spuštěním: Volných bajtů: 70,109,581,312
Po spuštění: Volných bajtů: 73,975,042,048

207

[jaro3]

Tyhle programy znáš?
C:\Documents and Settings\All Users\Data aplikací\National
C:\National Instruments Downloads

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

[Darthy]

jj znám ty programy je to na vytváření el. schemat
log:

ComboFix 08-10-16.08 - Darthy 2008-10-17 20:05:46.4 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.1004 [GMT 2:00]
Spuštěný z: E:\Download\Programy\ComboFix.exe
Použité ovládací přepínače :: E:\Download\Programy\CFScript.txt
* Vytvořen nový Bod Obnovení

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((( Soubory vytvořené od 2008-09-17 do 2008-10-17 )))))))))))))))))))))))))))))))
.

2008-10-16 23:42 . 2008-10-16 23:42 <DIR> d-------- C:\Program Files\Sun
2008-10-16 23:42 . 2008-10-16 23:41 410,976 --a------ C:\WINDOWS\system32\deploytk.dll
2008-10-16 22:46 . 2008-10-16 22:46 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-16 18:52 . 2008-10-16 18:52 <DIR> d-------- C:\Program Files\ESET
2008-10-16 18:52 . 2008-10-16 18:52 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\ESET
2008-10-13 20:23 . 2008-10-13 21:16 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab Setup Files
2008-10-12 00:22 . 2008-10-12 00:22 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-10-11 13:23 . 2008-10-11 13:23 <DIR> d-------- C:\Documents and Settings\Darthy\Data aplikací\National Instruments
2008-10-11 13:23 . 2008-10-11 13:23 <DIR> d-------- C:\Documents and Settings\Darthy\Data aplikací\National Instruments
2008-10-11 13:23 . 2008-10-11 13:23 <DIR> d-------- C:\Documents and Settings\Darthy\Data aplikací\National Instruments
2008-10-11 13:18 . 2008-10-11 13:19 <DIR> d-------- C:\Program Files\HI-TECH Software
2008-10-11 13:16 . 2008-10-11 13:16 <DIR> d-------- C:\WINDOWS\system32\cvirte
2008-10-11 13:16 . 2008-10-11 13:18 <DIR> d-------- C:\Program Files\National Instruments
2008-10-11 13:16 . 2008-10-11 13:18 <DIR> d-------- C:\Program Files\Common Files\Merge Modules
2008-10-11 13:16 . 2008-10-11 13:18 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\National Instruments
2008-10-11 13:09 . 2008-10-11 13:09 <DIR> d-------- C:\National Instruments Downloads
2008-10-11 12:20 . 2008-10-11 12:24 <DIR> d-------- C:\Program Files\CircuitMaker 2000
2008-10-07 18:30 . 2008-10-07 22:43 <DIR> d-------- C:\Downloads
2008-09-20 17:38 . 2008-09-20 17:38 <DIR> d-------- C:\Documents and Settings\Darthy\Data aplikací\Canon
2008-09-20 17:38 . 2008-09-20 17:38 <DIR> d-------- C:\Documents and Settings\Darthy\Data aplikací\Canon
2008-09-20 17:38 . 2008-09-20 17:38 <DIR> d-------- C:\Documents and Settings\Darthy\Data aplikací\Canon
2008-09-18 20:02 . 2008-09-18 20:02 <DIR> d-------- C:\Program Files\Free M4a to MP3 Converter
2008-09-18 19:50 . 2008-09-18 19:50 <DIR> d-------- C:\Program Files\ImTOO

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-16 21:41 --------- d-----w C:\Program Files\Java
2008-10-16 16:58 --------- d-----w C:\Program Files\QIP Infium
2008-10-15 14:18 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-10-11 10:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-05 15:05 --------- d-----w C:\Documents and Settings\Darthy\Data aplikací\Audacity
2008-10-05 15:05 --------- d-----w C:\Documents and Settings\Darthy\Data aplikací\Audacity
2008-10-05 15:05 --------- d-----w C:\Documents and Settings\Darthy\Data aplikací\Audacity
2008-09-21 19:49 --------- d-----w C:\Documents and Settings\Darthy\Data aplikací\Skype
2008-09-21 19:49 --------- d-----w C:\Documents and Settings\Darthy\Data aplikací\Skype
2008-09-21 19:49 --------- d-----w C:\Documents and Settings\Darthy\Data aplikací\Skype
2008-09-21 14:16 --------- d-----w C:\Documents and Settings\Darthy\Data aplikací\Hamachi
2008-09-21 14:16 --------- d-----w C:\Documents and Settings\Darthy\Data aplikací\Hamachi
2008-09-21 14:16 --------- d-----w C:\Documents and Settings\Darthy\Data aplikací\Hamachi
2008-09-16 17:55 --------- d-----w C:\Program Files\EAGLE-4.09r2
2008-09-08 10:29 --------- d-----w C:\Program Files\Xilisoft
2008-09-06 07:15 --------- d-----w C:\Program Files\Hide IP
2008-09-06 07:06 --------- d-----w C:\Documents and Settings\Darthy\Data aplikací\HideIP
2008-09-06 07:06 --------- d-----w C:\Documents and Settings\Darthy\Data aplikací\HideIP
2008-09-06 07:06 --------- d-----w C:\Documents and Settings\Darthy\Data aplikací\HideIP
2008-09-05 19:25 --------- d-----w C:\Program Files\WinUHA
2008-08-18 13:56 --------- d-----w C:\Documents and Settings\Darthy\Data aplikací\Dev-Cpp
2008-08-18 13:56 --------- d-----w C:\Documents and Settings\Darthy\Data aplikací\Dev-Cpp
2008-08-18 13:56 --------- d-----w C:\Documents and Settings\Darthy\Data aplikací\Dev-Cpp
2008-07-19 09:00 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-07-18 07:41 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe
2008-07-18 07:41 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-07-18 07:41 22,328 ----a-w C:\Documents and Settings\Data aplikací\PnkBstrK.sys
2008-07-18 07:41 22,328 ----a-w C:\Documents and Settings\Darthy\Data aplikací\PnkBstrK.sys
2008-07-18 07:41 22,328 ----a-w C:\Documents and Settings\Darthy\Data aplikací\PnkBstrK.sys
2008-07-18 07:41 22,328 ----a-w C:\Documents and Settings\Darthy\Data aplikací\PnkBstrK.sys
2008-07-18 07:41 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-07-29 08:21 506 --sha-w C:\Program Files\USDownloader.exe.manifest
2007-02-08 08:48 133,920 ----a-w C:\Program Files\internet explorer\plugins\LV82ActiveXControl.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-10-16 136600]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 282624]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-01-20 200704]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"RivaTuner"="C:\Program Files\RivaTuner v2.09\RivaTuner.exe" [2008-04-28 2707456]
"RivaTunerStatisticsServer"="C:\Program Files\RivaTuner v2.09\Tools\RivaTunerStatisticsServer\RivaTunerStatisticsServer.exe" [2008-04-28 57344]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"WinFast Schedule"="C:\Program Files\WinFast\WFTVFM\WFWIZ.exe" [2006-10-24 368640]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
"C-Media Mixer"="Mixer.exe" [2002-07-12 C:\WINDOWS\mixer.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2008-08-10 1183744]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv32"= ir32.dll
"msacm.l3acm"= l3codecp.acm
"vidc.hfyu"= huffyuv.dll
"vidc.IV45"= Ir41_qc.dll
"msacm.divxa32"= DivXa32.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"C:\\Games\\Black Isle\\Lionheart\\Lionheart.exe"=
"C:\\Program Files\\Hamachi\\hamachi.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
"C:\\Games\\MotoGP2\\motogp2.exe"=
"E:\\Download\\Programy\\Mir4nda-IM-0.7.1-Pack-v2.0\\miranda32.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Nero\\Nero8\\Nero ShowTime\\ShowTime.exe"=
"C:\\Program Files\\QIP Infium\\infium.exe"=
"C:\\Games\\VALVe\\Counter-Strike Source\\hl2.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Games\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"C:\\Games\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys [2005-12-06 35328]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-07-01 34312]
R2 BT848;WinFast TV2000 XP WDM Video Capture;C:\WINDOWS\system32\drivers\wf2kvcap.sys [2006-04-20 59776]
R2 cvintdrv;cvintdrv;C:\WINDOWS\system32\drivers\cvintdrv.sys [2007-02-21 4096]
R2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [2008-10-16 152984]
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;C:\WINDOWS\system32\drivers\wf2ktunr.sys [2006-04-20 19456]
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;C:\WINDOWS\system32\drivers\wf2kxbar.sys [2006-04-20 9600]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2008-04-14 69120]
R3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS [2005-01-06 9446]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\OblivionLauncher.exe
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-17 20:06:34
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2008-10-17 20:07:09
ComboFix-quarantined-files.txt 2008-10-17 18:07:06
ComboFix2.txt 2008-10-17 17:46:35
ComboFix3.txt 2008-10-17 15:03:42

Před spuštěním: Volných bajtů: 73,930,534,912
Po spuštění: Volných bajtů: 73,921,396,736

154


HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:07:33, on 17.10.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\RivaTuner v2.09\Tools\RivaTunerStatisticsServer\RivaTunerStatisticsServer.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [RivaTuner] "C:\Program Files\RivaTuner v2.09\RivaTuner.exe" /T
O4 - HKLM\..\Run: [RivaTunerStatisticsServer] "C:\Program Files\RivaTuner v2.09\Tools\RivaTunerStatisticsServer\RivaTunerStatisticsServer.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{EF90FAB0-FBDB-4540-AE93-794350907A79}: NameServer = 192.168.16.1,80.78.144.6
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 7064 bytes

[jaro3]

Omlouvám se , ale zkopíruj znovu CFScript a proveď znova, musel jsem ho nyní opravit..Pak prosím oba logy.

[Darthy]

Jo, logy jsou předělané v tom puvodním...

[jaro3]

jj, logy O.K.
Aktualizuj javu:
Java Runtime Environment (JRE) 6 Update 7
http://java.sun.com/javase/downloads/index.jsp
Vyber OS ( předpokládám Windows), zatržítko agree-continue
Vyber:
Windows Offline Installation
jre-6u7-windows-i586-p.exe
Ostatní javy odeber v přidat/odebrat programy.
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

takže jestli nejsou problémy,tak vyčisti systém CCleanerem
viewtopic.php?t=5130
a použij i T-Cleaner
http://www.sweb.cz/Marinus/T-Cleaner.bat
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

Podej zprávu o chování compu

[Darthy]

No kontroluju esetem PC, ale zatím nic nenasel, to co tu bylo už tu není..ale je vse OK..a ten odkaz na T-Cleaner nejde. Jinak díky

[jaro3]

Není zač, skutečně je stránka momentálně mimo provoz, můžeš dát vyřešeno-fajfku, stačí asi projet CCleanerem.