Opet Virus protector Vyřešeno

[Frutigo]

mala prestavka na obed :)

[Reklama]

[alenka_v_říši_divů]

Pokud je ctfmon ve složce system32, tak můžeš nechat... ty ostatní zakaž.

[Frutigo]

jasně

[Frutigo]

nepomohlo

[alenka_v_říši_divů]

Jo jo, to se dalo čekat... on je zažranej všude možně...
Takže by to chtělo ucelenej čistej postup, než jen takový troškaření :)
Takže ten HJT...

[Frutigo]

ok jdu na to :)

[Frutigo]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:14:21, on 13.3.2010
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cmd.exe
G:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 85.119.217.111:1080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
F2 - REG:system.ini: Shell=C:\WINDOWS\System32\a79oCE.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - d:\Program Files\Morpheus Music\Plugins\RazaWebHook.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA216] command.com /c del "C:\WINDOWS\system32\lowsec\local.ds"
O4 - HKLM\..\RunOnce: [SpybotDeletingC625] cmd.exe /c del "C:\WINDOWS\system32\lowsec\local.ds"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3575] command.com /c del "C:\WINDOWS\system32\lowsec\user.ds"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3895] cmd.exe /c del "C:\WINDOWS\system32\lowsec\user.ds"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\RunOnce: [SpybotDeletingB2354] command.com /c del "C:\WINDOWS\system32\lowsec\local.ds"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1282] cmd.exe /c del "C:\WINDOWS\system32\lowsec\local.ds"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4688] command.com /c del "C:\WINDOWS\system32\lowsec\user.ds"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5130] cmd.exe /c del "C:\WINDOWS\system32\lowsec\user.ds"
O4 - HKUS\S-1-5-21-1229272821-926492609-839522115-1003\..\RunOnce: [SpybotDeletingB2354] command.com /c del "C:\WINDOWS\system32\lowsec\local.ds" (User '?')
O4 - HKUS\S-1-5-21-1229272821-926492609-839522115-1003\..\RunOnce: [SpybotDeletingD1282] cmd.exe /c del "C:\WINDOWS\system32\lowsec\local.ds" (User '?')
O4 - HKUS\S-1-5-21-1229272821-926492609-839522115-1003\..\RunOnce: [SpybotDeletingB4688] command.com /c del "C:\WINDOWS\system32\lowsec\user.ds" (User '?')
O4 - HKUS\S-1-5-21-1229272821-926492609-839522115-1003\..\RunOnce: [SpybotDeletingD5130] cmd.exe /c del "C:\WINDOWS\system32\lowsec\user.ds" (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download with &Shareaza - res://d:\Program Files\Morpheus Music\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: aMLkvhrxw.dll
O21 - SSODL: LGootkitSSO - {A187B921-B404-417E-A5C9-005B541D7D6E} - C:\WINDOWS\System32\lmsxsltsso.dll
O21 - SSODL: GootkitSSO - {FC7ACAF0-3992-4553-87A0-DC26733195BD} - C:\WINDOWS\System32\msxsltsso.dll

--
End of file - 5997 bytes

[alenka_v_říši_divů]

Restartoval si PC po projetí spybotem?

Takže odpoj se od netu /asi si že? a fixni:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 85.119.217.111:1080
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: Shell=C:\WINDOWS\System32\a79oCE.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O20 - AppInit_DLLs: aMLkvhrxw.dll
O21 - SSODL: LGootkitSSO - {A187B921-B404-417E-A5C9-005B541D7D6E} - C:\WINDOWS\System32\lmsxsltsso.dll
O21 - SSODL: GootkitSSO - {FC7ACAF0-3992-4553-87A0-DC26733195BD} - C:\WINDOWS\System32\msxsltsso.dll

Toolbary a zbytek se dočistí potom... jak fixneš tak restartuj a jdi do NR se sítí.

Vlož novej HJT log, a zkus aktualizovat databázi MBAMu a provést rychlej scan, log z něj připoj.
Internet by už měl fungovat.

[Frutigo]

jo projel ale jel sem rovnou do win a tam se toho ujal virus protector

[Frutigo]

parada dostal jsem se do NR se siti

[Frutigo]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:39:23, on 13.3.2010
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
G:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - d:\Program Files\Morpheus Music\Plugins\RazaWebHook.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA216] command.com /c del "C:\WINDOWS\system32\lowsec\local.ds"
O4 - HKLM\..\RunOnce: [SpybotDeletingC625] cmd.exe /c del "C:\WINDOWS\system32\lowsec\local.ds"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3575] command.com /c del "C:\WINDOWS\system32\lowsec\user.ds"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3895] cmd.exe /c del "C:\WINDOWS\system32\lowsec\user.ds"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\RunOnce: [SpybotDeletingB2354] command.com /c del "C:\WINDOWS\system32\lowsec\local.ds"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1282] cmd.exe /c del "C:\WINDOWS\system32\lowsec\local.ds"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4688] command.com /c del "C:\WINDOWS\system32\lowsec\user.ds"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5130] cmd.exe /c del "C:\WINDOWS\system32\lowsec\user.ds"
O4 - HKUS\S-1-5-21-1229272821-926492609-839522115-1003\..\RunOnce: [SpybotDeletingB2354] command.com /c del "C:\WINDOWS\system32\lowsec\local.ds" (User '?')
O4 - HKUS\S-1-5-21-1229272821-926492609-839522115-1003\..\RunOnce: [SpybotDeletingD1282] cmd.exe /c del "C:\WINDOWS\system32\lowsec\local.ds" (User '?')
O4 - HKUS\S-1-5-21-1229272821-926492609-839522115-1003\..\RunOnce: [SpybotDeletingB4688] command.com /c del "C:\WINDOWS\system32\lowsec\user.ds" (User '?')
O4 - HKUS\S-1-5-21-1229272821-926492609-839522115-1003\..\RunOnce: [SpybotDeletingD5130] cmd.exe /c del "C:\WINDOWS\system32\lowsec\user.ds" (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download with &Shareaza - res://d:\Program Files\Morpheus Music\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

--
End of file - 5312 bytes

[Frutigo]

ted jdu na mbam