Problem s pc - Vir Vyřešeno

[sinner85]

Ahoj,

nefunguje bod obnoveni, nelez otevrit spravce uloh,obcas se nenactou stranky ve FF.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:05: VIRUS ALERT!, on 19.10.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Documents and Settings\win\Plocha\Instalace\Devolutions.RemoteDesktopManager.Bin.2.0.0.2\RemoteDesktopManager.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\program files\steam\steam.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ICQ6\ICQ.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
C:\WINDOWS\system32\NOTEPAD.EXE
c:\program files\internet explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\win\Plocha\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: rosqxvmn - {BD60E499-C107-4500-B34C-4BA089A6EEC3} - C:\WINDOWS\rosqxvmn.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [RemoteDesktopManager] C:\Documents and Settings\win\Plocha\Instalace\Devolutions.RemoteDesktopManager.Bin.2.0.0.2\RemoteDesktopManager.exe /Silent
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [VirusRemover2008] C:\Program Files\VirusRemover2008\VRM2008.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} (DyynoX Class) - http://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{B97908A7-2FBB-4444-AD6C-F318EF091F13}: NameServer = 78.24.11.7,78.24.11.8
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: qrbgltos - {4D88FF05-5F47-41C6-800F-626D4656BCE9} - C:\WINDOWS\qrbgltos.dll
O21 - SSODL: ngwstxfd - {55AC1DCE-B744-4D54-90D4-09FB62767655} - C:\WINDOWS\ngwstxfd.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 10316 bytes


Prosím o pomoc.

Díky

sinner

► upraveno, aby neporušovalo pravidla PC-Help. eL.

[Reklama]

[jaro3]

Fix v HJT:

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} (DyynoX Class) - http://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB

Odinstaluj jeden antivir, asi Aviru.
U NODu vypni rez. ochranu.

Stáhni si ComboFix (by sUBs)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[sinner85]

Díky za rychlou odpoved.

Problem - link mi nejede ani V IE7 ani ve FF3 :/

Du na uninstall, musim ale do nouzaku, v beznym spusteni OS nemuzu do ovladacich panelu.

Diky

sinner

[jaro3]

Zkus se jakýmkoliv způsobem dostat ComboFix na plochu, z flešky ,cd atd.

[sinner85]

Tak po mensich problemech se nakonec podarilo..

LOG Z ComboFix:

"win" - 2008-10-19 20:32:40 Service Pack 3
ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\win\Plocha\"


((((((((((((((((((((((((((((((( Files Created from 2008-09-19 to 2008-10-19 ))))))))))))))))))))))))))))))))))


2008-10-19 20:01 74,752 --a------ C:\WINDOWS\system32\cfdjgeyq.dll
2008-10-19 17:27 <DIR> dr------- C:\DOCUME~1\ADMINI~1\Nabˇdka Start
2008-10-19 17:27 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Okolnˇ tisk rny
2008-10-19 17:27 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Okolnˇ sˇś
2008-10-19 17:27 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Plocha
2008-10-19 17:27 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Oblˇben‚ polo§ky
2008-10-19 17:27 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Dokumenty
2008-10-19 16:09 <DIR> d-------- C:\DOCUME~1\win\DATAAP~1\VirusRemover2008
2008-10-19 15:53 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2008-10-19 15:53 <DIR> dr-h----- C:\DOCUME~1\ADMINI~1\Data aplikacˇ
2008-10-19 15:53 <DIR> d--hs---- C:\WINDOWS\CSC
2008-10-19 15:53 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\ćablony
2008-10-19 13:59 74,752 --a------ C:\WINDOWS\system32\teysyldk.dll
2008-10-19 13:58 290,991 --ahs---- C:\WINDOWS\system32\pAKRYcfe.ini2
2008-10-19 13:58 261,632 --a------ C:\WINDOWS\system32\efcYRKAp.dll
2008-10-19 13:53 35,328 --a------ C:\WINDOWS\system32\xxyxYpPi.dll
2008-10-19 13:53 35,328 --a------ C:\WINDOWS\system32\vtUmJDuv.dll
2008-10-19 13:53 35,328 --a------ C:\WINDOWS\system32\jkkHXnLd.dll
2008-10-19 13:53 35,328 --a------ C:\WINDOWS\system32\cbXpppND.dll
2008-10-19 13:53 34,176 --a------ C:\WINDOWS\system32\mlJBttSM.dll
2008-10-19 13:53 34,176 --a------ C:\WINDOWS\system32\khfETnlK.dll
2008-10-19 13:52 372,736 --a------ C:\WINDOWS\grfxbanonlm.dll
2008-10-19 13:52 303,104 --a------ C:\WINDOWS\qrbgltos.dll
2008-10-19 13:52 282,624 --a------ C:\WINDOWS\ngwstxfd.dll
2008-10-19 13:52 167,936 --a------ C:\WINDOWS\rosqxvmn.dll
2008-10-19 13:52 126,976 --a------ C:\WINDOWS\epgb.exe
2008-10-19 13:52 102,400 --a------ C:\WINDOWS\lomxeqsn.exe
2008-10-19 13:52 <DIR> d-------- C:\DOCUME~1\win\DATAAP~1\TmpRecentIcons
2008-10-18 16:21 <DIR> d-------- C:\Program Files\ReflexiveArcade
2008-10-18 16:21 <DIR> d-------- C:\Program Files\Diner Dash 2
2008-10-18 16:21 <DIR> d-------- C:\DOCUME~1\win\DATAAP~1\PlayFirst
2008-10-18 16:21 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\PlayFirst
2008-10-12 18:32 <DIR> d-------- C:\Screenshots
2008-10-12 18:32 <DIR> d-------- C:\Program Files\Quick Screenshot Maker
2008-09-23 19:59 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-09-23 19:59 <DIR> d-------- C:\DOCUME~1\win\DATAAP~1\skypePM
2008-09-23 19:57 <DIR> d-------- C:\Program Files\Skype
2008-09-23 19:57 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-09-23 19:57 <DIR> d-------- C:\DOCUME~1\win\DATAAP~1\Skype
2008-09-23 19:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Skype
2008-09-22 19:47 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-09-22 19:47 <DIR> d-------- C:\Program Files\Xvid
2008-09-21 18:35 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-09-21 18:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\FLEXnet
2008-09-20 15:25 <DIR> d-------- C:\DOCUME~1\win\DATAAP~1\Hewlett-Packard
2008-09-20 15:24 82,380 --a------ C:\WINDOWS\system32\drivers\AFS2K.SYS
2008-09-20 15:22 94,208 -ra------ C:\WINDOWS\system32\HPZipt12.dll
2008-09-20 15:22 65,795 -ra------ C:\WINDOWS\system32\HPZipm12.exe
2008-09-20 15:22 61,699 -ra------ C:\WINDOWS\system32\HPZinw12.exe
2008-09-20 15:22 57,344 -ra------ C:\WINDOWS\system32\HPZisn12.dll
2008-09-20 15:22 51,024 -ra------ C:\WINDOWS\system32\drivers\hpzid412.sys
2008-09-20 15:22 233,528 -ra------ C:\WINDOWS\system32\HPZidr12.dll
2008-09-20 15:22 21,456 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2008-09-20 15:22 167,936 -ra------ C:\WINDOWS\system32\HPZipr12.dll
2008-09-20 15:22 16,080 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-09-20 15:21 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-09-20 15:20 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-09-20 15:19 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-09-20 15:18 20,458 --a------ C:\WINDOWS\hpoins01.dat
2008-09-20 15:18 16,622 --------- C:\WINDOWS\hpomdl01.dat


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2008-10-19 18:30:57 -------- d-----w C:\Program Files\Steam
2008-10-18 13:59:16 -------- d-----w C:\DOCUME~1\win\DATAAP~1\mIRC
2008-10-18 12:16:27 -------- d-----w C:\Program Files\mIRC
2008-10-17 18:17:57 -------- d-----w C:\DOCUME~1\win\DATAAP~1\dvdcss
2008-10-07 04:55:26 -------- d-----w C:\Program Files\The KMPlayer
2008-09-23 16:44:35 -------- d-----w C:\Program Files\ICQ6
2008-09-21 15:43:57 -------- d-----w C:\Program Files\Dyyno
2008-09-21 15:43:39 -------- d-----w C:\Program Files\D-Fend
2008-09-20 15:56:03 -------- d-----w C:\Program Files\Winamp
2008-09-19 16:30:15 -------- d-----w C:\DOCUME~1\win\DATAAP~1\ICQ
2008-09-18 14:20:59 -------- d-----w C:\DOCUME~1\win\DATAAP~1\vlc
2008-09-18 14:05:27 -------- d-----w C:\Program Files\VideoLAN
2008-09-18 14:00:42 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-09-18 14:00:42 249,856 ------w C:\WINDOWS\Setup1.exe
2008-09-18 14:00:12 -------- d-----w C:\Program Files\Spit Networks
2008-09-18 13:51:26 -------- d-----w C:\Program Files\Kodek CZ
2008-09-15 19:25:45 -------- d-----w C:\Program Files\DOSBox-0.72
2008-09-15 15:27:55 1,846,400 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-13 01:52:39 -------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-13 01:52:39 -------- d-----w C:\Program Files\Realtek
2008-09-12 15:48:34 68,736 ----a-w C:\WINDOWS\system32\perfc005.dat
2008-09-12 15:48:34 389,664 ----a-w C:\WINDOWS\system32\perfh005.dat
2008-09-08 10:41:42 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-31 19:27:53 -------- d-----w C:\Program Files\Messenger
2008-08-31 19:25:00 -------- d-----w C:\Program Files\Movie Maker
2008-08-31 19:21:59 -------- d-----w C:\Program Files\Windows NT
2008-08-27 10:06:40 -------- d-----w C:\Program Files\Futuremark
2008-08-27 06:30:48 -------- d-----w C:\DOCUME~1\win\DATAAP~1\dyyno-vlc
2008-08-23 10:36:44 -------- d-----w C:\Program Files\Obsolete


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{159229C1-C44F-42D8-AEC6-09FBFB6375FC}=C:\WINDOWS\system32\xxyxYpPi.dll [2008-10-19 13:53]
{22BF413B-C6D2-4d91-82A9-A0F997BA588C}=C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-05-30 15:54]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 04:27]
{81FF9400-31B5-4786-9EA9-DD8425658399}=C:\WINDOWS\grfxbanonlm.dll [2008-10-19 09:01]
{D54679DB-27C3-49FB-9354-B2710EA7B6A3}=C:\WINDOWS\system32\efcYRKAp.dll [2008-10-19 13:58]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" []
"Alcmtr"="ALCMTR.EXE" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16: VIRUS ALERT!]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59: VIRUS ALERT!]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29: VIRUS ALERT!]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 00:24: VIRUS ALERT!]
"@"="" []
"RemoteDesktopManager"="C:\Documents and Settings\win\Plocha\Instalace\Devolutions.RemoteDesktopManager.Bin.2.0.0.2\RemoteDesktopManager.exe" [2007-03-30 21:21: VIRUS ALERT!]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 18:52: VIRUS ALERT!]
"VirusRemover2008"="C:\Program Files\VirusRemover2008\VRM2008.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 05:22: VIRUS ALERT!]
"Steam"="c:\program files\steam\steam.exe" [2008-10-08 20:01: VIRUS ALERT!]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 17:07: VIRUS ALERT!]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispCPL"=1 (0x1)
"DisableTaskMgr"=1 (0x1)
"DisableRegistryTools"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoToolbarCustomize"=1 (0x1)
"StartMenuLogoff"=1 (0x1)
"NoStartMenuMorePrograms"=1 (0x1)
"NoSetFolders"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{159229C1-C44F-42D8-AEC6-09FBFB6375FC}"="C:\WINDOWS\system32\xxyxYpPi.dll" [2008-10-19 13:53: VIRUS ALERT!]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"{4D88FF05-5F47-41C6-800F-626D4656BCE9}"="C:\WINDOWS\qrbgltos.dll" [2008-10-19 09:01: VIRUS ALERT!]
"{55AC1DCE-B744-4D54-90D4-09FB62767655}"="C:\WINDOWS\ngwstxfd.dll" [2008-10-19 09:01: VIRUS ALERT!]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
%SystemRoot%\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyxYpPi]
xxyxYpPi.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages msv1_0 C:\WINDOWS\system32\efcYRKAp

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^hpoddt01.exe.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\hpoddt01.exe.lnk
backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bc2fcc7f]
rundll32.exe "C:\WINDOWS\system32\teysyldk.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*
napagent


Contents of the 'Scheduled Tasks' folder
2008-09-20 13:25:18 C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1221917059.job

********************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-19 20:35:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
VirusRemover2008 = C:\Program Files\VirusRemover2008\VRM2008.exe?emporary Internet Files\Content.IE5\QCRRBGUL\VirusRemover2008_Setup_Free_en[1].exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

disk error: C:\WINDOWS\

please note that you need administrator rights to perform deep scan

********************************************************************

Completion time: 2008-10-19 20:37:53

--- E O F ---

[jaro3]

Ten log není v pořádku , je tam toho moc, napřed to zkusíme takto:
Stáhni si Malwarebytes' Anti-Malware
http://www.besttechie.net/tools/mbam-setup.exe

Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[sinner85]

Ahoj,

povazuj tento thread za vyrizenej.

Nakonec sem musel format. nestalo za to opravovat tak zavirovanej pc.

Diky za pomoc

sinner