Pomôže mi prosím niekto?(Vyriešené)

[Brumteles68]

Dobrý den,
stale mi nabihaji bublinky s: 'Security Alert: NetWorm-i.Virus@fp' a 'System Alert: Trojan-Spy.win32@mx ' a jine a pise se tam az na ne poklepu a stahnu nejaky software ale vzdy kdyz se chce otevrit ta stranka tak mi naskoci NOD a ja prerusim spojeni. Jednou za asi pet minut mi naskoci okno ze byla nalezena infiltrace a ja smazu nejake vytvorene soubory z oblibenych polozek a z Temporary Internet Files. V Internet Explorer se mi objevil novy toolbar Securyty Toolbar 7.1. Zadny takovy jsem neinstaloval nebo si toho nejsem vedom.
Tu je log z HijackThis:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:29:42, on 15.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NetProject\scit.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
C:\Program Files\NetProject\scm.exe
C:\Program Files\ICQ6\ICQ.exe
c:\progra~1\mozill~1\firefox.exe
C:\Documents and Settings\Brumteles\Plocha\HiJackThis.exe
C:\Program Files\totalcmd\TOTALCMD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... p=aus&qkw=%s&tbid=60049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myownstartpage.net/?cm=54036 ... .zoznam.sk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\5913\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\5913\toolbaru.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\5913\toolbaru.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\System32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\System32\sw24.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} - http://games.icq.com/online/online2/pir ... 0.0.32.cab
O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} - http://games.icq.com/online/online2/mah ... uncher.cab
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O24 - Desktop Component 0: (no name) - file:///F:/tapety/tapeta12.jpg

--
End of file - 7085 bytes

[Reklama]

[Baron Prášil]

vítám tě na fóru PC-HELP a neboj,mi ti pomůžeme
(už v zájmu ochrany ostatních uživatelů internetu )

nejdřív jdi do nastavení spybotu a vypni u něj štíty
Režim>Pro pokročilé>Nástroje>Rezidentní

fixni
v okně programu HJT zaškrtni nalevo u položek co napíšu a potom klik na Fix checked
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file)
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll

potom ovl.panely a v přidat odebrat zkus najít a odinstalovat
ShoppingReport
NetProject

ať se to podaří či ne,restartni a pošli novej log z hijackthis

[DeadMan]

Prosím, teď neužívej mé rady. Učím se s HiJackThis a jentak tak se v tom orientuju. Můj příspěvek je otázka na ostatní uživatele a né odpověd na tvůj problém.
Takže sem si log prohlídl a vidím problém v

O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll

Jedná se určitě o šmejd co nemá v pc co dělat. Má ho tedy fixnout? Děkuju za odpověď!

Edit: U suzuji tak i podle této adresy která je na HJT uvedena v popisu http://vil.mcafeesecurity.com/vil/conten t/v_133312.htm podle části url co obsahuje "security" se u mě na 80% jedná o ten problém.

[Brumteles68]

Ďakujem za rady. Spybot som už medzitým odinštaloval. Ďalej som pokračoval podľa tvojho navodu.Ten Shopping Report som v tom zozname nenašiel a tiež ani Netproject. Posielam ten ďalší log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:23:07, on 15.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\NetProject\scm.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\NetProject\scit.exe
C:\Documents and Settings\Brumteles\Plocha\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... p=aus&qkw=%s&tbid=60049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myownstartpage.net/?cm=54036 ... .zoznam.sk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60049
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\5913\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\5913\toolbaru.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\5913\toolbaru.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\System32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\System32\sw24.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing)
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} - http://games.icq.com/online/online2/pir ... 0.0.32.cab
O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} - http://games.icq.com/online/online2/mah ... uncher.cab
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O24 - Desktop Component 0: (no name) - file:///F:/tapety/tapeta12.jpg

--
End of file - 5955 bytes


Zatiaľ DÍK!!!!

[DeadMan]

Až teď sem si všiml že mě Baron předběhl.

[Baron Prášil]

to Deadman:tohle udělej fredikovi a budeš dělat čest svému nicku
sorry,toto není sekce Hijackthis Tutorial Game.

a k logu-já sem to trochu čekal,že se nepustí snadno.
Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log, který se ti zobrazí, jinak ho najdeš zde: C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah+nový log z hijackthis

[Brumteles68]

Posielam ti tie dáta.


ComboFix 08-02-16.2 - Brumteles 2008-02-16 0:13:25.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.243 [GMT 1:00]
Running from: C:\Documents and Settings\Brumteles\Plocha\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Brumteles\Data aplikací\ShoppingReport
C:\Documents and Settings\Brumteles\Data aplikací\ShoppingReport\cs\Config.xml
C:\Documents and Settings\Brumteles\Data aplikací\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\Brumteles\Data aplikací\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\Brumteles\Data aplikací\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\Brumteles\Data aplikací\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\Brumteles\Data aplikací\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\Brumteles\Data aplikací\ShoppingReport\cs\res1\WhiteList.dbs
C:\WINDOWS\system32\PELoader.exe

.
((((((((((((((((((((((((( Files Created from 2008-01-16 to 2008-02-16 )))))))))))))))))))))))))))))))
.

2008-02-16 00:10 . 2004-08-17 15:49 782,848 --a------ C:\kmd.exe
2008-02-15 19:36 . 2008-02-13 13:22 <DIR> d-------- C:\SDFix
2008-02-15 18:12 . 2008-02-15 18:13 <DIR> d-------- C:\Program Files\ICQ6
2008-02-15 17:35 . 2008-02-15 18:00 <DIR> d-a------ C:\Documents and Settings\All Users\Data aplikací\TEMP
2008-02-15 17:24 . 2008-02-15 17:24 <DIR> d-------- C:\Documents and Settings\Brumteles\Data aplikací\WinPatrol
2008-02-15 13:00 . 2006-06-27 05:40 12,800 -----c--- C:\WINDOWS\system32\dllcache\WgaTray.exe
2008-02-15 13:00 . 2006-06-27 05:40 3,584 -----c--- C:\WINDOWS\system32\dllcache\WgaLogon.dll
2008-02-14 16:42 . 2008-02-15 20:41 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2008-02-14 11:57 . 2008-02-14 11:57 <DIR> d-------- C:\Documents and Settings\Brumteles\Data aplikací\ESET
2008-02-14 11:55 . 2008-02-14 11:55 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\ESET
2008-02-14 10:15 . 2008-02-14 10:15 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2008-02-14 10:15 . 2008-02-14 10:15 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní tiskárny
2008-02-14 10:15 . 2008-02-14 10:15 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní síť
2008-02-14 10:15 . 2008-02-14 10:15 <DIR> d-------- C:\Documents and Settings\Administrator\Oblíbené položky
2008-02-14 10:15 . 2008-02-14 10:15 <DIR> dr------- C:\Documents and Settings\Administrator\Nabídka Start
2008-02-14 10:15 . 2008-02-14 10:15 <DIR> d-------- C:\Documents and Settings\Administrator\Dokumenty
2008-02-14 10:13 . 2008-02-14 10:14 <DIR> d--h----- C:\Documents and Settings\Administrator\Šablony
2008-02-14 10:13 . 2008-02-14 10:14 <DIR> dr-h----- C:\Documents and Settings\Administrator\Data aplikací
2008-02-12 15:02 . 2008-02-15 20:48 <DIR> d-------- C:\Program Files\NetProject
2008-02-08 13:39 . 2008-02-08 13:39 <DIR> d-------- C:\Program Files\Nero
2008-02-08 13:17 . 2008-02-08 13:17 <DIR> d-------- C:\Program Files\ROUTE66
2008-02-07 15:41 . 2008-02-12 18:15 1,433 --a------ C:\WINDOWS\SysMech6.INI
2008-02-07 15:39 . 2006-12-20 12:39 1,212,416 --a------ C:\WINDOWS\system32\Incinerator.dll
2008-02-07 15:39 . 2006-03-28 01:54 41,472 --a------ C:\WINDOWS\system32\iolobtdfg.exe
2008-02-07 15:39 . 2005-09-12 13:20 25,264 --a------ C:\WINDOWS\system32\smrgdf.exe
2008-02-07 15:38 . 2008-02-07 15:38 <DIR> d-------- C:\Program Files\iolo
2008-02-07 13:38 . 2008-02-07 14:21 16,384 --a------ C:\WINDOWS\WLU.exe
2008-02-02 16:29 . 2008-02-02 16:29 <DIR> d-------- C:\Program Files\Rockstar Games
2008-01-28 16:27 . 2008-02-01 17:57 1,165 --a------ C:\Hardware.ini
2008-01-26 13:28 . 2008-01-26 17:54 <DIR> d-------- C:\Program Files\Codec Pack - All In 1
2008-01-26 13:28 . 2008-01-26 13:28 737,280 --a------ C:\WINDOWS\iun6002.exe
2008-01-25 19:28 . 2008-02-16 00:14 <DIR> dr-h----- C:\Documents and Settings\Brumteles\Data aplikací
2008-01-25 14:20 . 2008-02-15 17:35 <DIR> dr-h----- C:\Documents and Settings\All Users\Data aplikací
2008-01-25 14:15 . 2008-01-25 14:15 <DIR> d-------- C:\Documents and Settings\Brumteles\Data aplikací\Nero
2008-01-25 14:13 . 2008-02-08 13:33 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-01-25 14:13 . 2008-02-08 13:33 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Nero
2008-01-24 19:41 . 2008-01-26 17:54 6,144 --ahs---- C:\WINDOWS\Thumbs.db
2008-01-21 18:51 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-01-21 18:51 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-15 17:13 --------- d-----w C:\Program Files\ICQToolbar
2008-02-15 17:07 --------- d-----w C:\Program Files\FlashGet
2008-02-14 10:59 --------- d-----w C:\Program Files\ESET
2008-02-14 09:20 --------- d-----w C:\Program Files\Common Files\Ahead
2008-02-11 19:10 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\DVD Shrink
2008-02-08 12:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-07 14:22 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\iolo
2008-02-07 12:32 --------- d-----w C:\Program Files\Nival Interactive
2008-02-07 12:31 --------- d-----w C:\Program Files\Winamp
2008-02-01 16:45 921,632 ----a-w C:\PA7311.DAT
2008-01-28 15:38 --------- d-----w C:\Program Files\princ of perzia
2008-01-26 13:23 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2008-01-26 12:22 --------- d-----w C:\Documents and Settings\Brumteles\Data aplikací\Lavasoft
2008-01-22 16:17 --------- d-----w C:\Documents and Settings\Brumteles\Data aplikací\Skype
2008-01-18 21:38 --------- d-----w C:\Documents and Settings\Brumteles\Data aplikací\Nokia Multimedia Player
2008-01-11 10:07 --------- d-----w C:\Documents and Settings\Brumteles\Data aplikací\Nokia
2008-01-10 20:29 20,747 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-01-08 20:50 --------- d-----w C:\Program Files\Network Stumbler
2008-01-07 10:18 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\AXA
2007-12-27 14:56 --------- d-----w C:\Documents and Settings\Brumteles\Data aplikací\InstallShield
2007-12-27 11:02 --------- d-----w C:\Program Files\Phenix-Q8
2007-12-27 11:02 --------- d-----w C:\Program Files\Common Files\PCCamera
2007-12-26 18:53 --------- d-----w C:\Documents and Settings\Brumteles\Data aplikací\ICQ
2007-12-24 13:38 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-23 21:02 --------- d-----w C:\Documents and Settings\Brumteles\Data aplikací\CyberLink
2007-12-23 21:02 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\CyberLink
2007-12-23 20:11 --------- d-----w C:\Documents and Settings\LocalService\Data aplikací\iolo
2007-12-23 20:07 74,703 ----a-w C:\WINDOWS\system32\mfc45.dll
2007-12-23 20:07 --------- d-----w C:\Documents and Settings\Brumteles\Data aplikací\iolo
2007-12-21 07:21 71,176 ----a-w C:\WINDOWS\system32\drivers\epfw.sys
2007-12-21 07:21 53,768 ----a-w C:\WINDOWS\system32\drivers\epfwtdi.sys
2007-12-21 07:21 30,728 ----a-w C:\WINDOWS\system32\drivers\epfwndis.sys
2007-12-21 07:20 30,216 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2007-12-21 07:19 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
2007-12-19 14:00 60,416 ----a-w C:\WINDOWS\ALCFDRTM.EXE
2007-12-19 12:52 --------- d-----w C:\Documents and Settings\Brumteles\Data aplikací\Ulead Systems
2007-12-19 12:48 --------- d-----w C:\Program Files\Intel
2007-12-19 12:45 --------- d-----w C:\Program Files\Windows Media Components
2007-12-19 12:45 --------- d-----w C:\Program Files\Ulead Systems
2007-12-19 12:45 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2007-12-19 12:45 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Ulead Systems
2007-12-18 19:57 --------- d-----w C:\Program Files\TV JOJ Media Player
2007-12-18 19:57 --------- d-----w C:\Documents and Settings\Brumteles\Data aplikací\TV JOJ Media Player
2007-12-17 16:43 --------- d-----w C:\Program Files\Java
2007-12-17 16:42 --------- d-----w C:\Program Files\Common Files\Java
2007-12-01 11:48 47,771 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2007-12-01 11:48 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2007-12-01 10:56 558,142 ----a-w C:\WINDOWS\java\Packages\KC4M2VP7.ZIP
2007-12-01 10:56 155,995 ----a-w C:\WINDOWS\java\Packages\DN9BVDNR.ZIP
2005-05-11 22:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2005-04-22 03:54 5898240]
"SW20"="C:\WINDOWS\System32\sw20.exe" [2005-06-30 07:03 200704]
"SW24"="C:\WINDOWS\System32\sw24.exe" [2005-07-04 06:29 69632]
"WinFast Schedule"="C:\Program Files\WinFast\WFTVFM\WFWIZ.exe" [2005-03-02 13:21 278528]
"Control Center"="C:\Program Files\ASUS\WLAN Card Utilities\Center.exe" [2006-03-02 21:10 1667584]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-12-21 08:21 1443072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 15:49 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 15:58 1744896]

C:\Documents and Settings\Brumteles\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Stardock ObjectDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe [2005-02-21 14:56:00 1826885]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"some"= C:\Program Files\NetProject\scit.exe

R2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.;C:\WINDOWS\system32\drivers\wf88vcap.sys [2004-10-18 11:25]
R2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.;C:\WINDOWS\system32\drivers\WF88XBAR.sys [2004-10-18 11:25]
R2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.;C:\WINDOWS\system32\drivers\WF88TUNE.sys [2004-10-18 11:25]
R3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\system32\ASNDIS5.SYS [2002-09-09 19:54]
R3 PAC7311;Phenix-Q8;C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS [2005-10-18 11:48]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 23:08]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 23:08]
R3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS [2005-01-06 16:55]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [2004-03-24 03:12]
S3 SetupNTGLM7X;SetupNTGLM7X;F:\NTGLM7X.sys []
S3 usbscan;Ovladač skeneru USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{707BCC8A-C439-2AEC-16F9-8BE0AC0894BA}]
C:\WINDOWS\WLU.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-16 00:14:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-16 0:14:41
ComboFix-quarantined-files.txt 2008-02-15 23:14:33
.
2008-01-03 12:18:00 --- E O F ---






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:18:00, on 16.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\NetProject\scit.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\NetProject\scm.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Brumteles\Plocha\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myownstartpage.net/?cm=54036 ... .zoznam.sk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60049
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\5913\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\5913\toolbaru.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\5913\toolbaru.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\System32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\System32\sw24.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} - http://games.icq.com/online/online2/pir ... 0.0.32.cab
O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} - http://games.icq.com/online/online2/mah ... uncher.cab
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O24 - Desktop Component 0: (no name) - file:///F:/tapety/tapeta12.jpg

--
End of file - 5205 bytes

[Baron Prášil]

ukonči v taskmanageru
scit.exe
scm.exe

fixni
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:

Kód: Vybrat vše

File::
C:\Program Files\NetProject\scit.exe
C:\Program Files\NetProject\scm.exe
C:\WINDOWS\system32\smrgdf.exe
C:\WINDOWS\iun6002.exe

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"some"=-

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu+restartuj a nový log z hijackthis a info o chovámí

[Brumteles68]

Prepáč ale som úplný laik a neviem ako ukončiť tie apl. v taskmanageru a ako sa tam dostať

[Baron Prášil]

taskmanager-správce úloh-trojhmat na klávesy Ctrl + Alt + Del

[Brumteles68]

Ja som to tok spravil ale neukonči ich iba ich v tom zozname presunie na inú pozíciu.

[Baron Prášil]

nejsme přece na chatu rada na teď i do budoucna-udělej co se píše a pošli log-y spolu s informací
kde to dřelo.vždycky postupuj odzhora dolu