pomoc - trojan-spy.win32

[Petr Vystrčil]

trojan-spy.win32
oznamuje mi to neustále v počítače a stále to chce abych nainstaloval nejaky antivir (bestseller) ktery stejne nainstalovat nejde. Mam avast a ten nic nenasel. Prosim o radu. dekuji

tady je zprava z hijacku:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:12:37, on 28.10.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Seznam\Postak\Postak.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Petr - Vystrčil\Plocha\Nová složka\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam\Postak\SRank.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\pabwgqdr.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [SMail] "C:\Program Files\Seznam\Postak\Postak.exe"
O4 - HKLM\..\Run: [6ed5b402] rundll32.exe "C:\WINDOWS\system32\ospevbrv.dll",b
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WiFiSiStr] C:\Program Files\DNsoft.be\DNsoft.be WiFi SiStr\WiFi SiStr.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Přeložit - {230D1201-7607-4CF6-A11F-9E4BF0A333E0} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra button: (no name) - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra 'Tools' menuitem: Internetový překladač... - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF652257-AA25-440D-9197-EB10080C15FF}: NameServer = 213.192.21.70,62.240.161.226
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 7093 bytes

[Reklama]

[fredik]

Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[Petr Vystrčil]

zasílám Vám odpověď z ComboFixu.......Děkuji Petr

C:\Autorun.inf
C:\Documents and Settings\All Users\Nabídka Start\Live Safety Center.lnk
C:\Documents and Settings\All Users\Nabídka Start\Online Security Guide.lnk
C:\Documents and Settings\Petr - Vystrčil\Oblíbené položky\Online Security Guide.lnk
C:\Documents and Settings\Petr - Vystrčil\Plocha\Live Safety Center.lnk
C:\Documents and Settings\Petr - Vystrčil\Plocha\Online Security Guide.lnk
C:\Program Files\mcroso~1
C:\Program Files\mcroso~1\M?crosoft\
C:\Program Files\outerinfo
C:\Program Files\outerinfo\outerinfo.ico
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\byvuu.dll
C:\WINDOWS\system32\calqicgy.dll
C:\WINDOWS\system32\dtrnwvsf.ini
C:\WINDOWS\system32\fsvwnrtd.dll
C:\WINDOWS\system32\fyxadmxj.ini
C:\WINDOWS\system32\jxmdaxyf.dll
C:\WINDOWS\system32\oojbciyb.dll
C:\WINDOWS\system32\ospevbrv.dll
C:\WINDOWS\system32\pabwgqdr.dllbox
C:\WINDOWS\system32\uuvyb.bak1
C:\WINDOWS\system32\uuvyb.bak2
C:\WINDOWS\system32\uuvyb.ini
C:\WINDOWS\system32\vrbvepso.ini
C:\WINDOWS\system32\ygciqlac.ini

.
((((((((((((((((((((((((( Files Created from 2007-09-28 to 2007-10-29 )))))))))))))))))))))))))))))))
.

2007-10-29 16:46 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-19 23:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-10-19 19:49 340,032 --a------ C:\WINDOWS\system32\pabwgqdr.dll
2007-10-19 19:48 340,032 --a------ C:\WINDOWS\system32\dxfhvhgh.dll
2007-10-16 17:15 35,328 --a------ C:\WINDOWS\system32\cbxwvwt.dll
2007-10-16 17:13 35,328 --a------ C:\WINDOWS\system32\cbxwxvw.dll
2007-10-12 10:44 <DIR> d-------- C:\Documents and Settings\Petr - Vystrčil\Data aplikací\AdobeUM
2007-10-10 16:51 584,192 --a------ C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-09 15:32 <DIR> dr-h----- C:\Documents and Settings\Petr - Vystrčil\Data aplikací\SecuROM
2007-10-05 13:53 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2007-10-05 13:15 <DIR> d-------- C:\WINDOWS\vbSkinner

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-29 15:41 --------- d-----w C:\Documents and Settings\Petr - Vystrčil\Data aplikací\Skype
2007-10-27 21:34 --------- d-----w C:\Program Files\Mystical Mahjong
2007-10-21 06:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-16 17:46 --------- d-----w C:\Program Files\BitComet
2007-10-15 18:16 --------- d-----w C:\Documents and Settings\Petr - Vystrčil\Data aplikací\ICQ
2007-10-10 14:31 --------- d-----w C:\Program Files\EA SPORTS
2007-10-09 14:32 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-10-07 08:37 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2007-10-07 08:37 359,808 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-05 12:47 --------- d-----w C:\Documents and Settings\Petr - Vystrčil\Data aplikací\uTorrent
2007-10-05 10:59 --------- d-----w C:\Program Files\Disney Mahjong
2007-09-22 10:51 --------- d-----w C:\Program Files\Verdict Free
2007-09-22 10:19 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-09-21 16:01 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\JollyBear
2007-09-17 18:18 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2007-09-15 10:45 --------- d-----w C:\Program Files\Hewlett-Packard
2007-09-15 09:49 --------- d-----w C:\Program Files\Mahjong Escape Ancient Japan
2007-09-15 09:49 --------- d-----w C:\Program Files\Mahjong Escape Ancient China
2007-09-14 16:58 --------- d-----w C:\Program Files\ICQ6
2007-09-14 16:30 --------- d-----w C:\Program Files\uTorrent
2007-09-07 12:45 --------- d-----w C:\Program Files\Mahjongg Artifacts
2007-09-07 12:45 --------- d-----w C:\Documents and Settings\Petr - Vystrčil\Data aplikací\Gaijin Ent
2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-09-06 10:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-06 10:05 92,848 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-06 10:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-06 10:00 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-09-06 10:00 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-09-01 10:01 --------- d-----w C:\Documents and Settings\Petr - Vystrčil\Data aplikací\Pucker Up Games
2007-09-01 09:58 --------- d-----w C:\Program Files\Oberon Media
2007-09-01 08:54 --------- d---a-w C:\Documents and Settings\All Users\Data aplikací\TEMP
2007-09-01 08:32 --------- d-----w C:\Documents and Settings\Petr - Vystrčil\Data aplikací\iWin
2007-08-22 12:58 96,768 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
2007-08-22 12:58 666,624 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-22 12:58 618,496 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-22 12:58 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-22 12:58 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-22 12:58 474,112 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-08-22 12:58 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-22 12:58 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-08-22 12:58 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-08-22 12:58 3,085,824 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-22 12:58 251,904 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
2007-08-22 12:58 205,824 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-22 12:58 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-22 12:58 151,552 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-08-22 12:58 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-22 12:58 1,498,624 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-08-22 12:58 1,055,232 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
2007-08-22 12:58 1,022,976 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
2007-08-21 10:19 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-08-20 10:02 63,488 ----a-w C:\WINDOWS\system32\dllcache\icardie.dll
2007-08-20 10:02 6,058,496 ----a-w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-08-20 10:02 52,224 ----a-w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-08-20 10:02 459,264 ----a-w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-08-20 10:02 383,488 ----a-w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-08-20 10:02 267,776 ----a-w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-08-17 10:19 13,824 ----a-w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2006-12-22 10:40 30,601 ----a-w C:\Documents and Settings\Petr - Vystrčil\x.exe
2006-12-22 10:40 30,601 ----a-w C:\Documents and Settings\Petr - Vystrčil\x.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-10-19 19:49 340032 --a------ C:\WINDOWS\system32\pabwgqdr.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\pabwgqdr.dll [2007-10-19 19:49 340032]

[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2003-10-30 09:46]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2003-10-30 09:33]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-03-25 01:04]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 06:03]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 06:03]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06]
"DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2006-11-27 14:18]
"SMail"="C:\Program Files\Seznam\Postak\Postak.exe" [2006-05-18 13:36]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-05-19 17:11]
"WiFiSiStr"="C:\Program Files\DNsoft.be\DNsoft.be WiFi SiStr\WiFi SiStr.exe" []
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-18 09:00]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2007-08-08 16:03]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxwxvw]
cbxwxvw.dll 2007-10-16 17:13 35328 C:\WINDOWS\system32\cbxwxvw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pabwgqdr]
pabwgqdr.dll 2007-10-19 19:49 340032 C:\WINDOWS\system32\pabwgqdr.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\byvuu.dll

R0 sojubus;sojubus;C:\WINDOWS\system32\DRIVERS\sojubus.sys
R0 sojuscsi;sojuscsi;C:\WINDOWS\system32\DRIVERS\sojuscsi.sys
R2 Ethpdrv;Ethernet Packet Driver;C:\WINDOWS\system32\DRIVERS\ethpdrv.sys
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
S3 actvcomm;actvcomm;C:\WINDOWS\system32\drivers\actvcomm.sys
S3 ipw_bus;IPWireless;C:\WINDOWS\system32\DRIVERS\ipw_bus.sys
S3 ipw_mdfl;Wireless Broadband Modem Filter;C:\WINDOWS\system32\DRIVERS\ipw_mdfl.sys
S3 ipw_mdm;Wireless Broadband Modem (WDM);C:\WINDOWS\system32\DRIVERS\ipw_mdm.sys
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k510bus.sys
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k510mdfl.sys
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\k510mdm.sys
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\k510mgmt.sys
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\k510obex.sys
S3 siusbmod;siusbmod;C:\WINDOWS\system32\DRIVERS\siusbmod.sys
S3 SPAInfoDrv;SPAInfoDrv;\??\C:\PROGRA~1\MOBILE~1\bin\SPAInfoDrv.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02fa2530-456e-11db-b556-e602179ad02b}]
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Open(0)\command - Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73c5e579-c28a-11db-b618-00c09f74adec}]
AutoRun\command - G:\.\Recycled\Driveinfo.exe
Open\Command - G:\.\Recycled\Driveinfo.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ebbf5f70-8504-11db-b5bf-fcd530d57429}]
AutoRun\command - .\Recycled\Driveinfo.exe
Open\Command - .\Recycled\Driveinfo.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fc4959c0-fff6-11db-b626-00c09f74adec}]
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Open(0)\command - Recycled\ctfmon.exe

.
**************************************************************************

catchme 0.3.1239 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-29 17:02:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\pabwgqdr.dllbox 96 bytes
**************************************************************************
.
Completion time: 2007-10-29 17:06:29 - machine was rebooted
.
--- E O F ---

[fredik]

Bude toho krapet víc, tak sem když tak dávej postupně výsledky:

1)
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:

Kód: Vybrat vše

File::
C:\WINDOWS\system32\pabwgqdr.dll
C:\WINDOWS\system32\dxfhvhgh.dll
C:\WINDOWS\system32\cbxwvwt.dll
C:\WINDOWS\system32\cbxwxvw.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"=-
[-HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxwxvw]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pabwgqdr]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02fa2530-456e-11db-b556-e602179ad02b}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73c5e579-c28a-11db-b618-00c09f74adec}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ebbf5f70-8504-11db-b5bf-fcd530d57429}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fc4959c0-fff6-11db-b626-00c09f74adec}]

Zvol možnost Uložit soubor jako, pojmenuj soubor CFScript.txt a zvol Uložit jako typ: Všechny soubory.
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

2)
Stáhni tento program: Flash Disinfector (by sUBs)
Připoj k PC flešku a spusť ho.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

3)
Vytvoř si tento skriptik, ulož si ho na disk a postupně si ho zkopíruj na všechny disky co máš doma a spusť ho vždycky na jednom disku a vlož sem log, který se ti zobrazí. Takže začneš na disku C, pak na D ... atd. včetně flešky:

Spusť Poznámkový blok (Notepad): Start -> Spustit.. otevře se ti okno a do něj napiš notepad a dej Ok.
Otevře se ti poznámkový blok a do něj zkopíruj tento tučně označený text:

If Exist ctflog.txt del /q ctflog.txt
Dir /S/A-D "%drive%\ctfmon.exe" >>ctflog.txt
Notepad ctflog.txt
Del /q ctflog.txt

Zvol v menu záložku Soubor -> Uložit jako... a natav/vyplň tyto údaje
Název souboru: ctffind.bat
Uložit jako typ: Všechny soubory
Ulož soubor na disk + flešku a spusť ho. Po chvíli hledání se zobrazí nové okno s výsledky, zkopíruj sem prosím celý jeho obsah .

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

4)
Otestuj tento soubor buď zde nebo zde a vlož sem výsledek:
C:\Documents and Settings\Petr - Vystrčil\x.exe


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

5)
V následujícím příspěvku sem vlož tyto logy:
- nový log z Combofix, který se ti zobrazí po použití
- logy z jednotlivých disků ze skriptu z bodu 3
- nový log z HJT

[Petr Vystrčil]

Odesílám soubory, které jsi chtěl. Děkuji.....S pozdravem Petr


ComboFix 07-10-29.1 - Petr - Vystrčil 2007-10-30 18:35:28.2 - NTFSx86
Running from: C:\Documents and Settings\Petr - Vystrčil\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\Petr - Vystrčil\Plocha\CFScript.txt
* Created a new restore point

FILE::
C:\WINDOWS\system32\cbxwvwt.dll
C:\WINDOWS\system32\cbxwxvw.dll
C:\WINDOWS\system32\dxfhvhgh.dll
C:\WINDOWS\system32\pabwgqdr.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Nabídka Start\Live Safety Center.lnk
C:\Documents and Settings\All Users\Nabídka Start\Online Security Guide.lnk
C:\Documents and Settings\Petr - Vystrčil\Oblíbené položky\Online Security Guide.lnk
C:\Documents and Settings\Petr - Vystrčil\Plocha\Live Safety Center.lnk
C:\Documents and Settings\Petr - Vystrčil\Plocha\Online Security Guide.lnk
C:\WINDOWS\system32\cbxwvwt.dll
C:\WINDOWS\system32\cbxwxvw.dll
C:\WINDOWS\system32\dxfhvhgh.dll
C:\WINDOWS\system32\pabwgqdr.dll
C:\WINDOWS\system32\pabwgqdr.dllbox

.
((((((((((((((((((((((((( Files Created from 2007-09-28 to 2007-10-30 )))))))))))))))))))))))))))))))
.

2007-10-29 16:46 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-19 23:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-10-12 10:44 <DIR> d-------- C:\Documents and Settings\Petr - Vystrčil\Data aplikací\AdobeUM
2007-10-10 16:51 584,192 --a------ C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-09 15:32 <DIR> dr-h----- C:\Documents and Settings\Petr - Vystrčil\Data aplikací\SecuROM
2007-10-05 13:53 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2007-10-05 13:15 <DIR> d-------- C:\WINDOWS\vbSkinner
2007-09-22 11:51 <DIR> d-------- C:\Program Files\Verdict Free
2007-09-22 11:19 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-09-22 11:15 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-09-22 11:15 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-09-20 16:31 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-09-19 17:52 <DIR> d-------- C:\WINDOWS\system32\cs-cz
2007-09-15 10:49 <DIR> d-------- C:\Program Files\Mahjong Escape Ancient Japan
2007-09-15 10:49 <DIR> d-------- C:\Program Files\Mahjong Escape Ancient China
2007-09-15 10:49 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\JollyBear
2007-09-14 17:30 <DIR> d-------- C:\Program Files\uTorrent
2007-09-14 17:30 <DIR> d-------- C:\Documents and Settings\Petr - Vystrčil\Data aplikací\uTorrent
2007-09-07 13:45 <DIR> d-------- C:\Documents and Settings\Petr - Vystrčil\Data aplikací\Gaijin Ent
2007-09-07 13:44 <DIR> d-------- C:\Program Files\Mahjongg Artifacts
2007-09-01 11:01 <DIR> d-------- C:\Documents and Settings\Petr - Vystrčil\Data aplikací\Pucker Up Games
2007-09-01 11:00 <DIR> d-------- C:\Program Files\Mystical Mahjong
2007-09-01 10:59 <DIR> d-------- C:\Program Files\Disney Mahjong
2007-09-01 09:32 <DIR> d-------- C:\Documents and Settings\Petr - Vystrčil\Data aplikací\iWin
2007-09-01 09:31 <DIR> d-a------ C:\Documents and Settings\All Users\Data aplikací\TEMP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-30 17:40 --------- d-----w C:\Documents and Settings\Petr - Vystrčil\Data aplikací\Skype
2007-10-21 06:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-16 17:46 --------- d-----w C:\Program Files\BitComet
2007-10-15 18:16 --------- d-----w C:\Documents and Settings\Petr - Vystrčil\Data aplikací\ICQ
2007-10-10 14:31 --------- d-----w C:\Program Files\EA SPORTS
2007-10-09 14:32 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-10-07 08:37 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2007-10-07 08:37 359,808 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-09-17 18:18 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2007-09-15 10:45 --------- d-----w C:\Program Files\Hewlett-Packard
2007-09-14 16:58 --------- d-----w C:\Program Files\ICQ6
2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-09-06 10:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-06 10:05 92,848 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-06 10:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-06 10:00 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-09-06 10:00 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-09-01 09:58 --------- d-----w C:\Program Files\Oberon Media
2007-08-22 12:58 96,768 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
2007-08-22 12:58 666,624 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-22 12:58 618,496 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-22 12:58 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-22 12:58 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-22 12:58 474,112 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-08-22 12:58 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-22 12:58 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-08-22 12:58 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-08-22 12:58 3,085,824 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-22 12:58 251,904 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
2007-08-22 12:58 205,824 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-22 12:58 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-22 12:58 151,552 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-08-22 12:58 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-22 12:58 1,498,624 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-08-22 12:58 1,055,232 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
2007-08-22 12:58 1,022,976 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
2007-08-21 10:19 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-08-20 10:02 63,488 ----a-w C:\WINDOWS\system32\dllcache\icardie.dll
2007-08-20 10:02 6,058,496 ----a-w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-08-20 10:02 52,224 ----a-w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-08-20 10:02 459,264 ----a-w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-08-20 10:02 383,488 ----a-w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-08-20 10:02 267,776 ----a-w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-08-17 10:19 13,824 ----a-w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2007-07-09 13:11 584,192 ----a-w C:\WINDOWS\system32\rpcrt4.dll
2006-12-22 10:40 30,601 ----a-w C:\Documents and Settings\Petr - Vystrčil\x.exe
2006-12-22 10:40 30,601 ----a-w C:\Documents and Settings\Petr - Vystrčil\x.exe
.

((((((((((((((((((((((((((((( snapshot@2007-10-29_17.03.35.68 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-10-30 17:41:03 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_53c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2003-10-30 09:46]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2003-10-30 09:33]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-03-25 01:04]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 06:03]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 06:03]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06]
"DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2006-11-27 14:18]
"SMail"="C:\Program Files\Seznam\Postak\Postak.exe" [2006-05-18 13:36]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-05-19 17:11]
"WiFiSiStr"="C:\Program Files\DNsoft.be\DNsoft.be WiFi SiStr\WiFi SiStr.exe" []
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-18 09:00]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2007-08-08 16:03]

R0 sojubus;sojubus;C:\WINDOWS\system32\DRIVERS\sojubus.sys
R0 sojuscsi;sojuscsi;C:\WINDOWS\system32\DRIVERS\sojuscsi.sys
R2 Ethpdrv;Ethernet Packet Driver;C:\WINDOWS\system32\DRIVERS\ethpdrv.sys
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
S3 actvcomm;actvcomm;C:\WINDOWS\system32\drivers\actvcomm.sys
S3 ipw_bus;IPWireless;C:\WINDOWS\system32\DRIVERS\ipw_bus.sys
S3 ipw_mdfl;Wireless Broadband Modem Filter;C:\WINDOWS\system32\DRIVERS\ipw_mdfl.sys
S3 ipw_mdm;Wireless Broadband Modem (WDM);C:\WINDOWS\system32\DRIVERS\ipw_mdm.sys
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k510bus.sys
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k510mdfl.sys
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\k510mdm.sys
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\k510mgmt.sys
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\k510obex.sys
S3 siusbmod;siusbmod;C:\WINDOWS\system32\DRIVERS\siusbmod.sys
S3 SPAInfoDrv;SPAInfoDrv;\??\C:\PROGRA~1\MOBILE~1\bin\SPAInfoDrv.sys

.
**************************************************************************

catchme 0.3.1239 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-30 18:41:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-30 18:45:26 - machine was rebooted
C:\ComboFix2.txt ... 2007-10-29 17:06
.
--- E O F ---




Svazek v jednotce C nemá žádnou jmenovku.
Sériové číslo svazku je 6ED5-B4AD.

Výpis adresáře C:\WINDOWS\system32

18.08.2004 09:00 15 360 ctfmon.exe
1 souborů, 15 360 bajtů

Počet souborů v seznamu:
1 souborů, 15 360 bajtů
Adresářů: 0, Volných bajtů: 13 494 611 968




Svazek v jednotce G nemá žádnou jmenovku.
Sériové číslo svazku je 2887-F48D.



Antivirus Verze Poslední aktualizace Výsledek
AhnLab-V3 2007.10.31.0 2007.10.30 -
AntiVir 7.6.0.30 2007.10.30 -
Authentium 4.93.8 2007.10.30 -
Avast 4.7.1074.0 2007.10.30 -
AVG 7.5.0.503 2007.10.30 -
BitDefender 7.2 2007.10.30 -
CAT-QuickHeal 9.00 2007.10.29 -
ClamAV 0.91.2 2007.10.30 -
DrWeb 4.44.0.09170 2007.10.30 -
eSafe 7.0.15.0 2007.10.28 -
eTrust-Vet 31.2.5253 2007.10.30 -
Ewido 4.0 2007.10.30 -
FileAdvisor 1 2007.10.30 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.3.2.48 2007.10.30 -
F-Secure 6.70.13030.0 2007.10.30 -
Ikarus T3.1.1.12 2007.10.30 -
Kaspersky 7.0.0.125 2007.10.30 -
McAfee 5151 2007.10.29 -
Microsoft 1.2908 2007.10.30 -
NOD32v2 2627 2007.10.30 -
Norman 5.80.02 2007.10.30 -
Panda 9.0.0.4 2007.10.30 -
Prevx1 V2 2007.10.30 -
Rising 19.47.12.00 2007.10.30 -
Sophos 4.23.0 2007.10.30 -
Sunbelt 2.2.907.0 2007.10.29 -
Symantec 10 2007.10.30 -
TheHacker 6.2.9.110 2007.10.27 -
VBA32 3.12.2.4 2007.10.28 -
VirusBuster 4.3.26:9 2007.10.30 -
Webwasher-Gateway 6.0.1 2007.10.30 -
Rozšiřující informace
File size: 30601 bytes
MD5: b4fca8a5b1b357bf9e2b7a279827b8b4
SHA1: 5482c0e3680d3294e8c419d7578b295e0e1fee61

[fredik]

Vlož sem nový log z HJT.

[Petr Vystrčil]

jestli jsi myslel nový log z hijacku tak tady je. Dekuji....Petr

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:30:26, on 31.10.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Seznam\Postak\Postak.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ICQ6\ICQ.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\Documents and Settings\Petr - Vystrčil\Plocha\Nová složka\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam\Postak\SRank.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [SMail] "C:\Program Files\Seznam\Postak\Postak.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WiFiSiStr] C:\Program Files\DNsoft.be\DNsoft.be WiFi SiStr\WiFi SiStr.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Přeložit - {230D1201-7607-4CF6-A11F-9E4BF0A333E0} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra button: (no name) - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra 'Tools' menuitem: Internetový překladač... - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF652257-AA25-440D-9197-EB10080C15FF}: NameServer = 213.192.21.70,62.240.161.226
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 6784 bytes

[fredik]

Přesně to

Spusť znovu HijackThis a zaškrtni v něm okénka před řádky:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
po zaškrtnutí klikni na tlačítko Fix Checked

Pro lepší zabezpečení by bylo dobré si doinstalovat firewall, můžeš si vybrat některý zde uvedený nebo některý jiný z odkazu: Přehled osobních firewallů
Firewally zdarma:
Comodo - kvalitní, pokročilý, s mnoha funkcemi, originálně v angličtině, čeština by měla být asi až od verze 3 která by se měl objevit v brzké době
Kerio - přehledný, větší možnosti nastavení, náročnější na systémové prostředky, v češtině
ZoneAlarm - jednoduchý, kompatibilní, nenáročný na systémové prostředky, málo možností nastavení, v angličtině

Logy jinak vypadají dobře, máš ještě nějaké problémy?

Pokud nemáš už žádné problémy tak si stáhni a spusť T-cleaner, odstraní zálohy a pozůstatky použitých programů.

[Petr Vystrčil]

Děkuji moc za pomoc......jsi frajer.........S pozdravem Petr