Prosim kontrolu logu. mam v PC nakej shit.

[hadic]

Cau, prosim o kontrolu logu - v procesech mam strasne moc cmd.exe a services.exe - to bude urcite nakej bordel pac to services nejde vypnout a cim dyl mam PC zaplej tim toho tam je vic... AVG nemuzu nainstalovat, ovladac na lightscribe se mi nepodaril nainstalovat a obcas blbne bluesoleil.exe - procistil jsem to v ccleaneru ale nic...

Logfile of HijackThis v1.99.1
Scan saved at 16:32:34, on 21.12.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\services.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\services.exe
C:\WINDOWS\services.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\services.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil_.exe
C:\WINDOWS\services.exe
C:\WINDOWS\services.exe
C:\WINDOWS\services.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\services.exe
C:\WINDOWS\services.exe
C:\WINDOWS\services.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\uzivatel\Plocha\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [services] C:\WINDOWS\services.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [jraygcwp.exe] C:\WINDOWS\jraygcwp.exe
O4 - HKCU\..\Run: [services] C:\WINDOWS\services.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{A091EFBB-D800-4A6A-87C8-E98D764C5AFF}: NameServer = 192.168.124.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

[Reklama]

[jaro3]

Zastav procesech:
C:\WINDOWS\jraygcwp.exe
a následně smaž.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[hadic]

Ten proces co sem mel vypnout tak v procesech nebyl, tak sem ho ve win smazal a presel k tomu scanovani, tady je log:

Malwarebytes' Anti-Malware 1.31
Verze databáze: 1528
Windows 5.1.2600 Service Pack 2

21.12.2008 19:43:30
mbam-log-2008-12-21 (19-43-17).txt

Typ skenu: Rychlý sken
Objektu skenováno: 40889
Uplynulý cas: 7 minute(s), 5 second(s)

Infikované procesy pameti: 1
Infikované pametové moduly: 1
Infikované klíce registru: 4
Infikované hodnoty registru: 4
Infikované položky dat registru: 1
Infikované složky: 0
Infikované soubory: 25

Infikované procesy pameti:
C:\WINDOWS\services.exe (Backdoor.ProRat) -> No action taken.

Infikované pametové moduly:
C:\WINDOWS\system32\WinCtrl32.dll (Trojan.Agent) -> No action taken.

Infikované klíce registru:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winci05 (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\winci05 (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winci05 (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WinCtrl32 (Trojan.Agent) -> No action taken.

Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\services (Trojan.FakeAlert.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\services (Trojan.FakeAlert.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\services (Backdoor.ProRat) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\services (Backdoor.ProRat) -> No action taken.

Infikované položky dat registru:
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
C:\WINDOWS\services.exe (Trojan.FakeAlert.H) -> No action taken.
C:\WINDOWS\system32\drivers\Winci05.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\WinCtrl32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\BN3.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\BN4.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\BN5.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\BN6.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\BN7.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\BN8.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\BN9.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\BN10.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\BN11.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\BN12.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\BN13.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\BN14.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\BN15.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\BN16.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\BN17.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\BN18.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\BN19.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\BN1A.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\BN1B.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\BN1C.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\BN1D.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\BN1E.tmp (Trojan.Agent) -> No action taken.

[jaro3]

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit log + nový log z HJT.

[hadic]

Malwarebytes' Anti-Malware 1.31
Verze databáze: 1528
Windows 5.1.2600 Service Pack 2

21.12.2008 20:53:43
mbam-log-2008-12-21 (20-53-43).txt

Typ skenu: Rychlý sken
Objektu skenováno: 41000
Uplynulý cas: 9 minute(s), 1 second(s)

Infikované procesy pameti: 1
Infikované pametové moduly: 1
Infikované klíce registru: 4
Infikované hodnoty registru: 4
Infikované položky dat registru: 1
Infikované složky: 0
Infikované soubory: 25

Infikované procesy pameti:
C:\WINDOWS\services.exe (Backdoor.ProRat) -> Unloaded process successfully.

Infikované pametové moduly:
C:\WINDOWS\system32\WinCtrl32.dll (Trojan.Agent) -> Delete on reboot.

Infikované klíce registru:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winci05 (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\winci05 (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winci05 (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WinCtrl32 (Trojan.Agent) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\services (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\services (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\services (Backdoor.ProRat) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\services (Backdoor.ProRat) -> Quarantined and deleted successfully.

Infikované položky dat registru:
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
C:\WINDOWS\services.exe (Trojan.FakeAlert.H) -> Delete on reboot.
C:\WINDOWS\system32\drivers\Winci05.sys (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\WinCtrl32.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\Temp\BN3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN6.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN10.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN11.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN12.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN13.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN14.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN15.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN16.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN17.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN18.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN19.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN1A.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN1B.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN1C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN1D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN1E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

a hjt dam po restartu

[hadic]

Tak prvni problem byl vyresen. diky ale druhej nastal myslim ze jeste zavaznejsi nez ten spyware totiz... udelal jsem ten test, vsechno smazal, postnul ten log, pak jsem udelal HJT log jeste pred restartem, restartnul PC a ted to zaclo - udelal jsem v klidu dalsi log a pri zapnuti mozily se PC samovolne restartoval. Rikam si nahoda pac se mi jednou za cas PC restartuje. pak znova pri zapinani mozily. rikam mrte nahoda... a kdyz se to stalo jeste 2x tak jsem musel pouzit IE abych se dostal vubec na internet tady mas teda dva logy pred restartem a po.

Logfile of HijackThis v1.99.1
Scan saved at 20:55:49, on 21.12.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\services.exe
C:\WINDOWS\services.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\services.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil_.exe
C:\WINDOWS\services.exe
C:\WINDOWS\services.exe
C:\WINDOWS\services.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\services.exe
C:\WINDOWS\services.exe
C:\WINDOWS\services.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\uzivatel\Plocha\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [services] C:\WINDOWS\services.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [jraygcwp.exe] C:\WINDOWS\jraygcwp.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{A091EFBB-D800-4A6A-87C8-E98D764C5AFF}: NameServer = 192.168.124.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
______________________________________________________________________________________________

Logfile of HijackThis v1.99.1
Scan saved at 21:12:44, on 21.12.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil_.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\uzivatel\Plocha\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [jraygcwp.exe] C:\WINDOWS\jraygcwp.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{A091EFBB-D800-4A6A-87C8-E98D764C5AFF}: NameServer = 192.168.124.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

[jaro3]

AVG musíme napřed odstranit , pak ho můžeš nainstalovat znovu.
Stáhni si SDFix
- Spusť ho a rozbalí se ti na disk kde je nainstalovaný Windows (typicky to je C:\SDfix)
- Pak restartuj PC do nouzového režimu (zvol možnost: Stav nouze, ne Stav nouze s práci v síti)
- Otevři adresář kde je vybalený SDFix a spusť soubor RunThis.bat tím spustíš program.
* Pak stiskni klávesu Y a pak Enter pro zahájení čistícího procesu.
* Pro dokončení kontroly budeš vyzván ke stisknutí libovolné klávesy a počítač se restartuje.
* Při nabíhání operačního systému se program spustí znovu a dokončí čistící proces. Až se objeví Finish, budeš muset po vyzvání stisknout libovolnou klávesu, tim se ukončí program a zobrazí se ti ikony na ploše
- Když se skončí načítání ikon na ploše, otevře se ti na obrazovce log z SDFix a zároveň ho uloží do adresáře kde je rozbalený SDFix jako soubor Report.txt
Pak sem zkopíruj jeho obsah + nový log z HJT+ mrkni se jestli ti pod Startem nechybí nějaké ikony, zobrazují se ti disky pod Tento počítač....

[hadic]

SDFix: Version 1.240
Run by uzivatel on ne 21.12.2008 at 22:02

Microsoft Windows XP [Verze 5.1.2600]
Running From: C:\SDFix

Checking Services :

Rootkit Found :
C:\WINDOWS\system32\drivers\WINCI05.sys - Rootkit Pandex/Cutwail - Runtime.sys

Name :
WINCI05

Path :
System32\Drivers\Winci05.sys

WINCI05 - Deleted



Restoring Default Security Values
Restoring Default Hosts File

Rebooting

Service WINCI05 - Deleted after Reboot

Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\WinCtrl32.dll - Deleted
C:\WINDOWS\update.exe - Deleted
C:\WINDOWS\system32\drivers\WINCI05.sys - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-21 22:14:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?é?)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1í?)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 15 Dec 2008 24,576 A..H. --- "C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil__.exe"
Mon 15 Dec 2008 661,776 A..H. --- "C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil_.exe"

Finished!
_________________________________________________________________________________________________
Logfile of HijackThis v1.99.1
Scan saved at 22:31:23, on 21.12.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil_.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\uzivatel\Plocha\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [jraygcwp.exe] C:\WINDOWS\jraygcwp.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{A091EFBB-D800-4A6A-87C8-E98D764C5AFF}: NameServer = 192.168.124.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe


Vsechno vypada uz pekne, dobre i mozila uz vali Diky... nebo je tam jeste nakej bordel?

[jaro3]

Najdi a smaž: C:\SDFix

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[hadic]

Zadnej log neudelal... Udelal ci na C: slozku ale tam je plno souboru ale zadnej log

[jaro3]

Provedl se sken? Měl být tady a (zvlášť od Combofixu): C:\ComboFix.txt

[hadic]

To nevim... zapnul jsem to, chvilku na to cumel, poklikal sem tam Xkrat ano (pak se nainstalovala naka ochrana) a pak to dloouho neco dalo asi ten scan. pak reset a to je vsechno. v cecku se mi objevila jak rikam slozka s tim programem ale log nikde. pak sem to udelal teda jeste jednou, to uz sem na zadny ano neklikal a bezelo to furt samo ale stale zadnej log

uploadnul sem ti celou tu slozku, treba tam bude co hledas :-) http://uloz.to/1078795/ComboFix.rar

jooo a uz mi zas mozila resetuje PC