prosim o radu - sucker.exe

[senter]

ahoj, prosim o radu jak se zbavit smejda sucker.exe, zabira procesy, zpomaluje. Zkousel sem smaznout, nejde (pristup odepren), NOD32 ho nevidi, SWDoctor taky ne... V nouzaku bych ho smazal, ale nejde...
mrknete na log, ja si hijacka ted stahnul, tak nevim jak se s nim dela
diky

Logfile of HijackThis v1.99.1
Scan saved at 14:12:53, on 7.8.2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
D:\Programy\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\sucker.exe
C:\WINDOWS\System32\sucker.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
D:\Programy\CloneCD\CloneCDTray.exe
C:\Program Files\Common Files\Stardock\TrayServer.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\System32\mssvcc.exe
C:\WINDOWS\System32\mssecure.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\Programy\QuickTime\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Programy\Spyware Doctor\swdoctor.exe
C:\Program Files\ADSL\ADSL USB MODEM\dslmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Programy\totalcmd\TOTALCMD.EXE
D:\Programy\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchgateway.net/search/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {5C12E81F-23AD-7725-8E7B-2C27B3E1E2CB} - C:\WINDOWS\System32\qkfpedk.dll
R3 - URLSearchHook: (no name) - {693FD81F-0E9E-4211-A34B-1C0A83D1CFFB} - C:\WINDOWS\System32\qkfpedk.dll
O3 - Toolbar: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Programy\Acrobat 6.0 Pro\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "D:\Programy\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "D:\Programy\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] C:\Program Files\Common Files\Stardock\TrayServer.exe
O4 - HKLM\..\Run: [AttuneClientEngine] C:\PROGRA~1\Aveo\Attune\bin\attune_ce.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [9xadiras] 9xadiras.exe
O4 - HKLM\..\Run: [Win Services] Srv32.exe
O4 - HKLM\..\Run: [msconfig38] mssvcc.exe
O4 - HKLM\..\Run: [secures23] mssecure.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Programy\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Task Manager] tasks.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WinDLL (wchshield.exe)] rundll32.exe C:\WINDOWS\System32\wchshield.exe,start
O4 - HKLM\..\Run: [Windows MS Update 32] sucker.exe
O4 - HKLM\..\RunServices: [Win Services] Srv32.exe
O4 - HKLM\..\RunServices: [msconfig38] mssvcc.exe
O4 - HKLM\..\RunServices: [secures23] mssecure.exe
O4 - HKLM\..\RunServices: [Microsoft Task Manager] tasks.exe
O4 - HKLM\..\RunServices: [Windows MS Update 32] sucker.exe
O4 - HKLM\..\RunOnce: [Windows MS Update 32] sucker.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Rosh] "C:\Program Files\brbs\tscs.exe" -vt yazb
O4 - HKCU\..\Run: [Hxmsegk] C:\Documents and Settings\Petr.VACEK-UW3FPKU9C\Dokumenty\?asks\n?tepad.exe
O4 - HKCU\..\Run: [newm] C:\WINDOWS\system32\newm.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "D:\Programy\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [mlrnew1] C:\WINDOWS\system32\mnew1win.exe
O4 - HKCU\..\Run: [Windows MS Update 32] sucker.exe
O4 - HKCU\..\RunOnce: [Windows MS Update 32] sucker.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: DSLMON.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\Programy\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programy\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programy\ICQLite\ICQLite.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangocash.com/cab/Zango/i ... d8b7105add
O17 - HKLM\System\CCS\Services\Tcpip\..\{9B15C88A-6F03-420B-974B-1ADCD20C5002}: NameServer = 194.228.41.65 194.228.41.113
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: mnew1win - Unknown owner - C:\WINDOWS\system32\mnew1win.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - D:\Programy\Spyware Doctor\sdhelp.exe
O23 - Service: Win32 Kernel Update (Win32Kernel) - Unknown owner - C:\WINDOWS\win32host.exe (file missing)
O23 - Service: winconnew - Unknown owner - C:\WINDOWS\system32\newm.exe (file missing)
O23 - Service: Windows Internet Services - Unknown owner - C:\WINDOWS\eltsass.exe (file missing)
O23 - Service: Windows System Tray - Unknown owner - C:\WINDOWS\systay.exe (file missing)
O23 - Service: wins(WINS) (wins) - Unknown owner - C:\WINDOWS\system32\winscntrl.exe (file missing)

[hlupak]

ok.
www.hijackthis.de
copy tohle vsechno co si sem hodil a tam dej paste do toho ramecku, klikni analyze a uvidis.
jinak
SMAZ primo v te tabulce Hijack, (u tebe v pc, kdyz ho rozjedes tak ti hodi tabulku a u kazde polozky je okenko ktere jde zaskrtnout, zaskrtni tohlre.


04 - HKLM\..\RunOnce: [Windows MS Update 32] sucker.exe

O4 - HKLM\..\RunServices: [Windows MS Update 32] sucker.exe

O4 - HKLM\..\RunServices: [Microsoft Task Manager] tasks.exe

O4 - HKLM\..\RunServices: [secures23] mssecure.exe

O4 - HKLM\..\RunServices: [msconfig38] mssvcc.exe

O4 - HKLM\..\RunServices: [Win Services] Srv32.exe

O4 - HKLM\..\Run: [Windows MS Update 32] sucker.exe

O4 - HKLM\..\Run: [WinDLL (wchshield.exe)] rundll32.exe

C:\WINDOWS\System32\wchshield.exe,start

O4 - HKLM\..\Run: [Microsoft Task Manager] tasks.exe

04 - HKLM\..\Run: [secures23] mssecure.exe

O4 - HKLM\..\Run: [msconfig38] mssvcc.exe

O4 - HKLM\..\Run: [Win Services] Srv32.exe

O4 - HKLM\..\Run: [AttuneClientEngine]

C:\PROGRA~1\Aveo\Attune\bin\attune_ce.exe

O3 - Toolbar: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
tohle jestli taky nevis co to je

R3 - URLSearchHook: (no name) - {693FD81F-0E9E-4211-A34B-1C0A83D1CFFB} - C:\WINDOWS\System32\qkfpedk.dll

R3 - URLSearchHook: (no name) - {5C12E81F-23AD-7725-8E7B-2C27B3E1E2CB} - C:\WINDOWS\System32\qkfpedk.dll

O4 - HKCU\..\Run: [newm] C:\WINDOWS\system32\newm.exe

O4 - HKCU\..\Run: [mlrnew1] C:\WINDOWS\system32\mnew1win.exe

O4 - HKCU\..\RunOnce: [Windows MS Update 32] sucker.exe

O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangocash.com/cab/Zango/i ... cca2f7b1a2 2fafa85e7053a7fd2e22f129a5df6f3e3385895924c6f2b93224bbef060365d69fe4efa9f9227798 c1b7fe11dfa7cbf3ebf91c63e77c5c:e57b0d0bfc854fd9ac8339d8b7105add

O23 - Service: mnew1win - Unknown owner - C:\WINDOWS\system32\mnew1win.exe (file missing)

O23 - Service: Win32 Kernel Update (Win32Kernel) - Unknown owner - C:\WINDOWS\win32host.exe (file missing)

023 - Service: winconnew - Unknown owner - C:\WINDOWS\system32\newm.exe (file missing)

023 - Service: Windows Internet Services - Unknown owner - C:\WINDOWS\eltsass.exe (file missing)

023 - Service: Windows System Tray - Unknown owner - C:\WINDOWS\systay.exe (file missing)

O23 - Service: wins(WINS) (wins) - Unknown owner - C:\WINDOWS\system32\winscntrl.exe (file missing)

Zaskrtni je a dej FIX
pak skus znova dat hicjak a skus si to hodit sam na tu stranku jestlis e neco ukaze

[senter]

diky moc, uz sem to odstranil => je to uzasnej program, moooc uzitecnej