Prosim o pomoc.
Dostal sa mi do PC nejaky spyrevar, tak mi aspon povedali.
nainstaloval som ComboFix a hijackthis a vysli mi taketo reporty:
COMBOFIX:
ComboFix 08-05-20.5 - Pocitac 2008-05-21 19:11:19.1 - NTFSx86
Systém Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1033.18.575 [GMT 2:00]
Running from: C:\ComboFix.exe
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Desktop\Online Security Guide.url
C:\Documents and Settings\All Users\Desktop\Security Troubleshooting.url
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.url
C:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url
C:\Documents and Settings\Pocitac\Favorites\Online Security Test.url
C:\Documents and Settings\Pocitac\Start Menu\XP Antivirus 2008
C:\Documents and Settings\Pocitac\Start Menu\XP Antivirus 2008\Uninstall XP Antivirus 2008.lnk
C:\Documents and Settings\Pocitac\Start Menu\XP Antivirus 2008\XP Antivirus 2008.lnk
C:\Program Files\NetProject
C:\Program Files\NetProject\myd.ico
C:\Program Files\NetProject\mym.ico
C:\Program Files\NetProject\myp.ico
C:\Program Files\NetProject\myv.ico
C:\Program Files\NetProject\ot.ico
C:\Program Files\NetProject\sbmdl.dll
C:\Program Files\NetProject\sbmntr.exe
C:\Program Files\NetProject\sbsm.exe
C:\Program Files\NetProject\sbun.exe
C:\Program Files\NetProject\scit.exe
C:\Program Files\NetProject\scm.exe
C:\Program Files\NetProject\scu.exe
C:\Program Files\NetProject\ts.ico
C:\Program Files\NetProject\wamdl.dll
C:\Program Files\NetProject\waun.exe
C:\Program Files\VirusHeat 4.4
C:\Program Files\VirusHeat 4.4\VirusHeat 4.4.exe
C:\Program Files\VirusHeat 4.4\vpp.ini
C:\Program Files\XP Antivirus
C:\Program Files\XP Antivirus\xpa.exe
C:\WINDOWS\system32\443059\443059.dll
.
((((((((((((((((((((((((( Files Created from 2008-04-21 to 2008-05-21 )))))))))))))))))))))))))))))))
.
2008-05-20 22:15 . 2008-05-20 22:15 77,613 --a------ C:\WINDOWS\system32\scui.cpl
2008-05-20 21:56 . 2008-05-20 21:56 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-20 20:30 . 2008-05-20 20:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-05-20 20:28 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-05-20 20:28 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2008-05-20 20:28 . 2008-05-20 20:28 2,337,865 --a------ C:\WINDOWS\system32\pbsvc.exe
2008-05-20 20:28 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2008-05-20 20:28 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2008-05-20 20:28 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2008-05-20 20:28 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2008-05-20 20:28 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2008-05-20 20:28 . 2007-07-20 00:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2008-05-20 14:45 . 2008-05-20 14:45 <DIR> d-------- C:\Program Files\MalwareWar 7.3
2008-05-20 14:23 . 2008-05-21 19:13 <DIR> d-------- C:\WINDOWS\system32\443059
2008-05-20 14:23 . 2008-05-21 19:14 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-19 21:35 . 2008-05-19 21:35 0 --a------ C:\WINDOWS\Title.INI
2008-05-19 21:32 . 2004-08-03 23:10 78,464 --a------ C:\WINDOWS\system32\drivers\usbvideo.sys
2008-05-19 21:32 . 2004-08-03 23:10 78,464 --a--c--- C:\WINDOWS\system32\dllcache\usbvideo.sys
2008-05-19 21:32 . 2004-08-04 00:56 20,992 --a------ C:\WINDOWS\system32\dshowext.ax
2008-05-19 21:32 . 2004-08-04 00:56 20,992 --a--c--- C:\WINDOWS\system32\dllcache\dshowext.ax
2008-05-19 21:30 . 2008-05-19 21:42 28 --a------ C:\WINDOWS\MotionDVSTUDIO.INI
2008-05-19 21:29 . 2008-05-19 21:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Panasonic
2008-05-19 21:19 . 2008-05-19 21:19 <DIR> d-------- C:\Program Files\Panasonic
2008-05-19 21:19 . 2008-05-19 21:19 <DIR> d-------- C:\Program Files\Common Files\Panasonic
2008-05-19 21:19 . 2001-05-11 13:18 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll
2008-05-19 21:19 . 2001-05-16 17:54 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2008-05-19 21:19 . 2004-09-16 12:19 253,952 --a------ C:\WINDOWS\system32\PCodec.dll
2008-05-19 21:19 . 2001-03-26 04:41 245,760 --a------ C:\WINDOWS\system32\mp4sds32.ax
2008-05-19 21:19 . 2000-11-21 14:53 215,552 --------- C:\WINDOWS\system32\pdvcodec.dll
2008-05-19 21:19 . 2004-09-16 12:19 77,824 --a------ C:\WINDOWS\system32\PAvFilt.dll
2008-05-19 21:19 . 2004-09-16 12:19 36,864 --a------ C:\WINDOWS\system32\DvWrite.dll
2008-05-19 21:19 . 2004-09-16 12:19 36,864 --a------ C:\WINDOWS\system32\DvRead.dll
2008-05-04 23:24 . 2008-05-12 18:08 <DIR> d-------- C:\Program Files\Codec Pack - All In 1
2008-05-04 23:24 . 2008-05-12 18:08 737,280 --a------ C:\WINDOWS\iun6002.exe
2008-04-29 22:23 . 2008-04-29 22:23 <DIR> d-------- C:\WINDOWS\PixArt
2008-04-29 22:11 . 2008-04-29 22:11 <DIR> d-------- C:\Program Files\ArcSoft
2008-04-29 22:11 . 2005-04-27 16:36 245,408 -ra------ C:\WINDOWS\system32\unicows.dll
2008-04-29 22:04 . 2008-04-29 22:04 <DIR> d-------- C:\Program Files\PC Camera
2008-04-29 22:04 . 2008-04-29 22:04 <DIR> d-------- C:\Program Files\Common Files\PXIINST64
2008-04-29 22:04 . 2008-04-29 22:04 <DIR> d-------- C:\Program Files\Common Files\PXIINST
2008-04-29 22:04 . 2008-04-29 22:04 <DIR> d-------- C:\Program Files\Common Files\PAC7311
2008-04-29 21:46 . 2008-04-29 21:46 <DIR> d-------- C:\Documents and Settings\Pocitac\Application Data\ArcSoft
2008-04-29 21:43 . 2008-04-29 21:43 <DIR> d-------- C:\WINDOWS\Cache
2008-04-29 21:41 . 2008-04-29 21:41 <DIR> d-------- C:\Program Files\Common Files\ArcSoft
2008-04-29 21:41 . 2005-02-23 14:58 11,776 --a------ C:\WINDOWS\system32\drivers\afc.sys
2008-04-29 21:40 . 1995-08-01 04:44 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2008-04-29 21:35 . 2008-04-29 22:04 <DIR> d-------- C:\WINDOWS\PAC7311
2008-04-29 21:35 . 2008-04-29 21:35 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-04-22 20:45 . 2008-04-22 20:48 <DIR> d-------- C:\Program Files\ubi.com
2008-04-22 20:45 . 2008-04-22 20:45 <DIR> d-------- C:\Program Files\Common Files\PocketSoft
2008-04-22 20:45 . 2008-04-22 20:45 <DIR> d-------- C:\Documents and Settings\Pocitac\Application Data\ubi.com
2008-04-22 20:45 . 2001-07-30 18:03 185,344 --a------ C:\WINDOWS\patchw32.dll
2008-04-22 20:34 . 2008-05-20 20:16 <DIR> d-------- C:\Program Files\Ubisoft
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-21 17:15 --------- d-----w C:\Documents and Settings\Pocitac\Application Data\Skype
2008-05-21 17:14 --------- d-----w C:\Program Files\lg_fwupdate
2008-05-21 17:10 1,819,961 ----a-w C:\ComboFix.exe
2008-05-21 17:07 --------- d-----w C:\Documents and Settings\Pocitac\Application Data\skypePM
2008-05-20 18:29 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-20 18:29 22,328 ----a-w C:\Documents and Settings\Pocitac\Application Data\PnkBstrK.sys
2008-05-20 18:28 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-05-20 18:28 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-05-20 18:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-20 11:25 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-19 20:39 196,608 ----a-w C:\WINDOWS\system32\drivers\nStandard.bin
2008-05-19 19:50 --------- d-----w C:\Documents and Settings\Pocitac\Application Data\TransRender
2008-05-19 19:46 --------- d-----w C:\Documents and Settings\Pocitac\Application Data\Temporary
2008-05-19 19:32 13,312 --s-a-w C:\WINDOWS\system32\rtmipr.dll
2008-05-04 18:04 --------- d-----w C:\Program Files\Google
2008-05-01 07:02 --------- d-----w C:\Documents and Settings\Pocitac\Application Data\LimeWire
2008-04-19 22:00 --------- d-----w C:\Program Files\DOSBox-0.72
2008-04-14 19:46 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-04 11:12 --------- d-----w C:\Program Files\P2P_Energy
2008-04-04 11:12 --------- d-----w C:\Program Files\Conduit
2008-04-03 18:41 --------- d-----w C:\Program Files\ICQToolbar
2008-04-02 17:51 --------- d-----w C:\Documents and Settings\Pocitac\Application Data\ICQ Toolbar
2008-04-02 17:44 --------- d-----w C:\Documents and Settings\Pocitac\Application Data\ICQ
2008-04-01 17:39 --------- d-----w C:\Program Files\LimeWire
2008-03-27 12:20 --------- d-----w C:\Program Files\LimeWire Music
2008-03-27 12:19 --------- d-----w C:\Documents and Settings\Pocitac\Application Data\LimeWire Music
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-26 19:53 --------- d-----w C:\Program Files\Java
2008-03-26 17:37 --------- d-----w C:\Program Files\Common Files\Java
2008-03-25 21:49 --------- d-----w C:\Documents and Settings\Pocitac\Application Data\Samsung
2008-03-25 21:49 --------- d-----w C:\Documents and Settings\Pocitac\Application Data\ConvertTemp
2008-03-25 17:53 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-03-25 17:49 --------- d-----w C:\Program Files\Skype
2008-03-25 17:49 --------- d-----w C:\Program Files\Common Files\Skype
2008-03-25 17:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-03-22 11:07 --------- d-----w C:\Documents and Settings\Pocitac\Application Data\CyberLink
2008-03-22 11:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-03-22 10:55 --------- d-----w C:\Program Files\CyberLink
2008-03-22 10:53 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-22 10:51 --------- d-----w C:\Program Files\Nero
2008-03-22 10:51 --------- d-----w C:\Program Files\Common Files\Ahead
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-11 21:48 315,392 ----a-w C:\WINDOWS\HideWin.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{51D81DD5-55B7-497F-95DB-D356429BB54E}"= "C:\Program Files\NetProject\wamdl.dll" [ ]
[HKEY_CLASSES_ROOT\clsid\{51d81dd5-55b7-497f-95db-d356429bb54e}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{51D81DD5-55B7-497F-95DB-D356429BB54E}"= C:\Program Files\NetProject\wamdl.dll [ ]
[HKEY_CLASSES_ROOT\clsid\{51d81dd5-55b7-497f-95db-d356429bb54e}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 14:00 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 18:22 21898024]
"PowerDVD"="C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-04 22:44 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 10:08 16380416 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2007-06-15 10:45 1826816 C:\WINDOWS\SkyTel.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 18:43 8466432]
"nwiz"="nwiz.exe" [2007-06-28 18:43 1626112 C:\WINDOWS\system32\nwiz.exe]
"ASUSGamerOSD"="C:\Program Files\ASUS\GamerOSD\GamerOSD.exe" [2007-07-12 11:03 380928]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-12-21 09:21 1443072]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-28 18:43 81920]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-09-14 22:09 157592]
"LGODDFU"="C:\Program Files\lg_fwupdate\fwupdate.exe" [2008-03-25 20:30 249856]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"Monitor"="C:\WINDOWS\PixArt\PAC7311\Monitor.exe" [2006-11-03 11:01 319488]
"MalwareWar 7.3"="C:\Program Files\MalwareWar 7.3\MalwareWar 7.3.exe" [2008-04-24 10:44 2273280]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-02-28 14:00 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{e89fa8e9-5c0b-45f6-a70e-f7b177bcd193}"= C:\WINDOWS\system32\rtmipr.dll [2008-05-19 21:32 13312]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.DVSD"= pdvcodec.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R3 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb.sys [2007-07-12 11:03]
R3 PAC7311;VGA SoC PC-Camera;C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS [2006-11-08 09:59]
R3 PSched;QoS Packet Scheduler;C:\WINDOWS\system32\DRIVERS\psched.sys [2006-02-28 14:00]
R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2007-07-12 11:03]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 18:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 18:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 18:59]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-21 19:15:00
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\ATKKBService.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2008-05-21 19:17:15 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-21 17:17:11
Pre-Run: 135,330,443,264 bytes free
Post-Run: 136,736,161,792 bytes free
234 --- E O F --- 2008-05-20 11:25:52
HIJACKTHIS:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:19:11, on 21.5.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\PixArt\PAC7311\Monitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MalwareWar 7.3\MalwareWar 7.3.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Podpora odkazu pre aplikáciu Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Internet Service - {51D81DD5-55B7-497F-95DB-D356429BB54E} - C:\Program Files\NetProject\wamdl.dll (file missing)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC7311\Monitor.exe
O4 - HKLM\..\Run: [MalwareWar 7.3] "C:\Program Files\MalwareWar 7.3\MalwareWar 7.3.exe" /h
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PowerDVD] "C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" /autostart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 5307570937
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: delayingly - {e89fa8e9-5c0b-45f6-a70e-f7b177bcd193} - C:\WINDOWS\system32\rtmipr.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
--
End of file - 8097 bytes
Uplny zaciatocnik. Prosim
-
zlobyl
- Tvůrce článků
-
Level 4.5
- Příspěvky: 1760
- Registrován: duben 06
- Bydliště: Slaný
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Uplny zaciatocnik. Prosim
Ahoj, vítám tě tu na PC-Help.
Použij KillBox a odstraň jím soubor:
Po restartu sem vlož nový log z HJT.
Použij KillBox a odstraň jím soubor:
Kód: Vybrat vše
C:\WINDOWS\system32\rtmipr.dllPo restartu sem vlož nový log z HJT.
Prosím, omluvte mou častou nepřítomnost na fóru.Bohužel jsou věci, které člověk nemůže ovlivnit a já tudíž nemám moc času, abych se sem dostal.Budu se snažit tady být vždy, když to bude možné, ale nic zaručit nemohu.Je mi to líto.
Zpět na “Viry, antiviry, firewally…”
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 2 hosti