POMOC, Windows Security Alert

Wonder · Příspěvekod **Wonder** » 11 lis 2007 09:30

Porad mi vyskakuje okno s hlaskou Windows Security Alert, prosim potrebuji poradit nebo z toho uz zesilim... Diky moc zatim

Vypis s HiJackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:28:59, on 11.11.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Eset\nod32kui.exe
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\autorun.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Avant Browser\avant.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Documents and Settings\Wonder\Plocha\QIP\infium.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Documents and Settings\Wonder\Plocha\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: system.exe
O4 - Global Startup: autorun.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: CW App KB R9 - https://www.mojebanka.cz/jars/cwapp.cab
O16 - DPF: IB App KB R9 - https://www.mojebanka.cz/jars/ibapp.cab
O16 - DPF: KTPro SP KB R9 - https://www.mojebanka.cz/jars/ktpsp.cab
O16 - DPF: SH App KB R9 - https://www.mojebanka.cz/jars/shapp.cab
O16 - DPF: {50E43D86-A74D-11D0-98CE-004005249458} (AnimatedGif Control) - https://www.mojebanka.cz/jars/confwiz/MVSGif.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 4730 bytes

Reklama

Příspěvekod **fredik** » 11 lis 2007 09:54

Vítej na fóru:

Stáhni si SmitFraudFix (by S!Ri)

Restartuj PC do nouzového režimu:
Spustíš SmitFraudFix - objeví se modrá obrazovka aplikace a stiskni libovolnou klávesu, tím se dostaneš do menu.
Zde zvol volbu číslo 2
Nechej proskenovat počítač.
Pokud budeš dotázán, zda povolíš čištění registrů (Do you want to clean the registry ?), stiskni klávesu Y (pozor na záměnu Y a Z na klávesnici)
Pokud budeš dotázán na odstranění zavirovaných souborů z počítače (Replace infected file ?), stiskneš opět klávesu Y.

Pak restartuj PC do normálního režimu, vlož sem z něho log který najdeš v souboru na C:\rapport.txt a udělej nový log z HijackThis a dej ho taky sem.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Stáhni si SUPERAntiSpyware
Nainstaluj a spusť ho a klikni na tlačítko Check for Updates...
Po provedení Update klikni na tlačítko: Scan your computer
Zvol možnost: Perform Complete Scan a klikni na tlačítko Další >

Proběhne kontrola, po skončení vypíše vše co našel.
Ujisti se že všechny položko jsou zaškrtnuty a pak zvol tlačítko Další
Pak klikni na tlačítko Finish a měl by ses dostat na úvodní obrazovku.
Tam klikni na tlačítko: Preferences... a tam zvol záložku Statistics/Logs
Tam klikni na log s dnešním datem který tam bude a dej tlačítko: View Log...
Otevře se ti Okno s logem tak jeho obsah sem zkopíruj.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

V následujícím příspěvku sem vlož tyto logy:
- log z SmitfraudFix
- log z SUPERAntiSpyware
- nový log z HiJackThis

Wonder · Příspěvekod **Wonder** » 11 lis 2007 10:30

Problém je v tom, že mě v tom SmitFraudu napíše hlášku:"Správce zakázal úpravu registrů". Přitom já jsem správce... A i normálně, když si chci zapnout správce úloh, tak mi to napíše:"Správce tohoto systému zakázal správce úloh". Už nevím, co furt mám dělat, je to fakt k zbláznění... Prosím poraďte

Příspěvekod **fredik** » 11 lis 2007 10:50

Tak projeď pc SuperAntiSpywre

Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Wonder · Příspěvekod **Wonder** » 11 lis 2007 12:20

Výpis ze SUPERAntiSpyware:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/11/2007 at 12:09 PM

Application Version : 3.9.1008

Core Rules Database Version : 3342
Trace Rules Database Version: 1343

Scan type : Complete Scan
Total Scan Time : 01:12:00

Memory items scanned : 372
Memory threats detected : 0
Registry items scanned : 5325
Registry threats detected : 0
File items scanned : 80278
File threats detected : 112

Adware.Tracking Cookie
C:\Documents and Settings\Wonder\Cookies\wonder@toplist[2].txt
C:\Documents and Settings\Wonder\Cookies\wonder@partners.webmasterplan[2].txt
C:\Documents and Settings\Wonder\Cookies\wonder@showit[1].txt
C:\Documents and Settings\Wonder\Cookies\wonder@adserver.filefront[1].txt
C:\Documents and Settings\Wonder\Cookies\wonder@counter.cnw[1].txt
C:\Documents and Settings\Wonder\Cookies\wonder@ads.adbrite[1].txt
C:\Documents and Settings\Wonder\Cookies\wonder@clickaider[2].txt
C:\Documents and Settings\Wonder\Cookies\wonder@m1.webstats.motigo[1].txt
C:\Documents and Settings\Wonder\Cookies\wonder@please[3].txt
C:\Documents and Settings\Wonder\Cookies\wonder@topsex[3].txt
C:\Documents and Settings\Wonder\Cookies\wonder@server.cpmstar[1].txt
C:\Documents and Settings\Wonder\Cookies\wonder@avsystemcare[2].txt
C:\Documents and Settings\Wonder\Cookies\wonder@www.sexdnes[1].txt
C:\Documents and Settings\Wonder\Cookies\wonder@mystat.synch[1].txt
C:\Documents and Settings\Wonder\Cookies\wonder@www.sexyfoto[1].txt
C:\Documents and Settings\Wonder\Cookies\wonder@tacoda[1].txt
C:\Documents and Settings\Wonder\Cookies\wonder@pornosex[1].txt
C:\Documents and Settings\Wonder\Cookies\wonder@please[1].txt
C:\Documents and Settings\Wonder\Cookies\wonder@ads.gamershell[2].txt
C:\Documents and Settings\Wonder\Cookies\wonder@tracker2.interclimax[1].txt
C:\Documents and Settings\Wonder\Cookies\wonder@adbrite[2].txt
C:\Documents and Settings\Wonder\Cookies\wonder@partypoker[2].txt
C:\Documents and Settings\Wonder\Cookies\wonder@cgi-bin[1].txt
C:\Documents and Settings\Wonder\Cookies\wonder@www.topsex[1].txt
C:\Documents and Settings\Wonder\Cookies\wonder@ad1.clickhype[1].txt
C:\Documents and Settings\Wonder\Cookies\wonder@789[2].txt
C:\Documents and Settings\Wonder\Cookies\wonder@ad.iqsys[2].txt
C:\Documents and Settings\Wonder\Cookies\wonder@gomyhit[2].txt
C:\Documents and Settings\Wonder\Cookies\wonder@www.pornosex[2].txt
C:\Documents and Settings\Wonder\Cookies\wonder@atdmt[2].txt
C:\Documents and Settings\Wonder\Cookies\wonder@paycounter[1].txt
C:\Documents and Settings\Wonder\Cookies\wonder@atwola[1].txt
C:\Documents and Settings\Wonder\Cookies\wonder@calc.avsystemcare[1].txt
C:\Documents and Settings\Wonder\Cookies\wonder@1067156533[1].txt
C:\Documents and Settings\Wonder\Cookies\wonder@overture[1].txt
C:\Documents and Settings\Wonder\Cookies\wonder@windowsmedia[1].txt
C:\Documents and Settings\Wonder\Cookies\wonder@please[2].txt
C:\Documents and Settings\Wonder\Cookies\wonder@clicktorrent[2].txt
C:\Documents and Settings\Wonder\Cookies\wonder@sexyskolacky.myxhost[2].txt
C:\Documents and Settings\Wonder\Cookies\wonder@eas.apm.emediate[2].txt
C:\Documents and Settings\Wonder\Cookies\wonder@bs.serving-sys[1].txt
C:\Documents and Settings\Wonder\Cookies\wonder@www.sexyreality[2].txt
C:\Documents and Settings\Wonder\Cookies\wonder@2o7[1].txt
C:\Documents and Settings\Wonder\Cookies\wonder@3.adbrite[1].txt
C:\Documents and Settings\Wonder\Cookies\wonder@tribalfusion[2].txt
C:\Documents and Settings\Wonder\Cookies\wonder@topsex[2].txt
C:\Documents and Settings\Wonder\Cookies\wonder@serving-sys[1].txt
C:\Documents and Settings\Wonder\Cookies\wonder@toplist[1].txt
C:\Documents and Settings\Wonder\Cookies\wonder@www.pcantiviruspro[1].txt
C:\Documents and Settings\George\Cookies\george@247realmedia[1].txt
C:\Documents and Settings\George\Cookies\george@ad.triplemind[1].txt
C:\Documents and Settings\George\Cookies\george@ad.wz[1].txt
C:\Documents and Settings\George\Cookies\george@adclickstats[1].txt
C:\Documents and Settings\George\Cookies\george@adrenalinesk[1].txt
C:\Documents and Settings\George\Cookies\george@ads.czc[1].txt
C:\Documents and Settings\George\Cookies\george@ads.czc[3].txt
C:\Documents and Settings\George\Cookies\george@advertising[2].txt
C:\Documents and Settings\George\Cookies\george@atwola[1].txt
C:\Documents and Settings\George\Cookies\george@bs.serving-sys[2].txt
C:\Documents and Settings\George\Cookies\george@bs.serving-sys[3].txt
C:\Documents and Settings\George\Cookies\george@clickaider[1].txt
C:\Documents and Settings\George\Cookies\george@clickaider[2].txt
C:\Documents and Settings\George\Cookies\george@counter.cnw[2].txt
C:\Documents and Settings\George\Cookies\george@doubleclick[1].txt
C:\Documents and Settings\George\Cookies\george@doubleclick[2].txt
C:\Documents and Settings\George\Cookies\george@doubleclick[3].txt
C:\Documents and Settings\George\Cookies\george@eas.apm.emediate[2].txt
C:\Documents and Settings\George\Cookies\george@fastclick[1].txt
C:\Documents and Settings\George\Cookies\george@haynet.adbureau[2].txt
C:\Documents and Settings\George\Cookies\george@hitbox[2].txt
C:\Documents and Settings\George\Cookies\george@image.masterstats[1].txt
C:\Documents and Settings\George\Cookies\george@image.masterstats[2].txt
C:\Documents and Settings\George\Cookies\george@indextools[1].txt
C:\Documents and Settings\George\Cookies\george@indextools[2].txt
C:\Documents and Settings\George\Cookies\george@mediaplex[1].txt
C:\Documents and Settings\George\Cookies\george@partner2profit[1].txt
C:\Documents and Settings\George\Cookies\george@perf.overture[1].txt
C:\Documents and Settings\George\Cookies\george@revsci[2].txt
C:\Documents and Settings\George\Cookies\george@sex-doma[1].txt
C:\Documents and Settings\George\Cookies\george@spylog[1].txt
C:\Documents and Settings\George\Cookies\george@stat.novasol[1].txt
C:\Documents and Settings\George\Cookies\george@stat.novasol[2].txt
C:\Documents and Settings\George\Cookies\george@statsweb.bnpparibas[1].txt
C:\Documents and Settings\George\Cookies\george@stats[1].txt
C:\Documents and Settings\George\Cookies\george@toplist[1].txt
C:\Documents and Settings\George\Cookies\george@toplist[2].txt
C:\Documents and Settings\George\Cookies\george@track.adform[2].txt
C:\Documents and Settings\George\Cookies\george@windowsmedia[1].txt
C:\Documents and Settings\George\Cookies\george@xxxcounter[1].txt
C:\Documents and Settings\George\Cookies\george@yadro[2].txt
C:\Documents and Settings\Máti\Cookies\máti@counter.cnw[2].txt
C:\Documents and Settings\Máti\Cookies\máti@indextools[2].txt
C:\Documents and Settings\Máti\Cookies\máti@toplist[1].txt
C:\Documents and Settings\Wonder\Cookies\wonder@blogstats[1].txt

Trojan.Net-AVP/AVT
C:\DOCUMENTS AND SETTINGS\GEORGE\NABíDKA START\PROGRAMY\PO SPUšTěNí\SYSTEM.EXE
C:\DOCUMENTS AND SETTINGS\MáTI\NABíDKA START\PROGRAMY\PO SPUšTěNí\SYSTEM.EXE
C:\WINDOWS\Prefetch\SYSTEM.EXE-083774A3.pf

Trojan.Downloader-Gen/BossDoggy
C:\DOCUMENTS AND SETTINGS\WONDER\LOCAL SETTINGS\TEMPMBROIT.EXE

Trojan.WindowsUpdate
C:\PROGRAM FILES\COMMON FILES\SYSTEM\SVCHOST.EXE

Trojan.Downloader-Gen/NoMultiTask
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E78BA8E7-D4EB-4AF9-AEC7-1B68EAD31F10}\RP37\A0005839.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E78BA8E7-D4EB-4AF9-AEC7-1B68EAD31F10}\RP37\A0005864.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E78BA8E7-D4EB-4AF9-AEC7-1B68EAD31F10}\RP39\A0006012.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E78BA8E7-D4EB-4AF9-AEC7-1B68EAD31F10}\RP41\A0006658.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E78BA8E7-D4EB-4AF9-AEC7-1B68EAD31F10}\RP60\A0012833.DLL

Trojan.Downloader-Gen
C:\WINDOWS\SYSTEM32\FRMWRK.EXE

Trace.Known Threat Sources
C:\Documents and Settings\Máti\Local Settings\Temporary Internet Files\Content.IE5\89UNODI3\errorhandler[1].htm
C:\Documents and Settings\Máti\Local Settings\Temporary Internet Files\Content.IE5\89UNODI3\index[1].htm
C:\Documents and Settings\Máti\Local Settings\Temporary Internet Files\Content.IE5\4X67WP2N\crypt[1].htm
C:\Documents and Settings\Máti\Local Settings\Temporary Internet Files\Content.IE5\8TI7S9YZ\ajax[1].htm
C:\Documents and Settings\Máti\Local Settings\Temporary Internet Files\Content.IE5\4T27GH2V\data[1]
C:\Documents and Settings\Máti\Local Settings\Temporary Internet Files\Content.IE5\8TI7S9YZ\managers[1].htm
C:\Documents and Settings\Máti\Local Settings\Temporary Internet Files\Content.IE5\4T27GH2V\stats[1].jpg

************************************************************************************

Výpis z ComboFix:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/11/2007 at 12:09 PM

Application Version : 3.9.1008

Core Rules Database Version : 3342
Trace Rules Database Version: 1343

Scan type : Complete Scan
Total Scan Time : 01:12:00

Memory items scanned : 372
Memory threats detected : 0
Registry items scanned : 5325
Registry threats detected : 0
File items scanned : 80278
File threats detected : 112

Adware.Tracking Cookie
C:\Documents and Settings\Wonder\Cookies\wonder@toplist[2].txt
C:\Documents and Settings\Wonder\Cookies\wonder@partners.webmasterplan[2].txt
C:\Documents and Settings\Wonder\Cookies\wonder@showit[1].txt
C:\Documents and Settings\Wonder\Cookies\wonder@adserver.filefront[1].txt
C:\Documents and Settings\Wonder\Cookies\wonder@counter.cnw[1].txt
C:\Documents and Settings\Wonder\Cookies\wonder@ads.adbrite[1].txt
C:\Documents and Settings\Wonder\Cookies\wonder@clickaider[2].txt
C:\Documents and Settings\Wonder\Cookies\wonder@m1.webstats.motigo[1].txt
C:\Documents and Settings\Wonder\Cookies\wonder@please[3].txt
C:\Documents and Settings\Wonder\Cookies\wonder@topsex[3].txt
C:\Documents and Settings\Wonder\Cookies\wonder@server.cpmstar[1].txt
C:\Documents and Settings\Wonder\Cookies\wonder@avsystemcare[2].txt
C:\Documents and Settings\Wonder\Cookies\wonder@www.sexdnes[1].txt
C:\Documents and Settings\Wonder\Cookies\wonder@mystat.synch[1].txt
C:\Documents and Settings\Wonder\Cookies\wonder@www.sexyfoto[1].txt
C:\Documents and Settings\Wonder\Cookies\wonder@tacoda[1].txt
C:\Documents and Settings\Wonder\Cookies\wonder@pornosex[1].txt
C:\Documents and Settings\Wonder\Cookies\wonder@please[1].txt
C:\Documents and Settings\Wonder\Cookies\wonder@ads.gamershell[2].txt
C:\Documents and Settings\Wonder\Cookies\wonder@tracker2.interclimax[1].txt
C:\Documents and Settings\Wonder\Cookies\wonder@adbrite[2].txt
C:\Documents and Settings\Wonder\Cookies\wonder@partypoker[2].txt
C:\Documents and Settings\Wonder\Cookies\wonder@cgi-bin[1].txt
C:\Documents and Settings\Wonder\Cookies\wonder@www.topsex[1].txt
C:\Documents and Settings\Wonder\Cookies\wonder@ad1.clickhype[1].txt
C:\Documents and Settings\Wonder\Cookies\wonder@789[2].txt
C:\Documents and Settings\Wonder\Cookies\wonder@ad.iqsys[2].txt
C:\Documents and Settings\Wonder\Cookies\wonder@gomyhit[2].txt
C:\Documents and Settings\Wonder\Cookies\wonder@www.pornosex[2].txt
C:\Documents and Settings\Wonder\Cookies\wonder@atdmt[2].txt
C:\Documents and Settings\Wonder\Cookies\wonder@paycounter[1].txt
C:\Documents and Settings\Wonder\Cookies\wonder@atwola[1].txt
C:\Documents and Settings\Wonder\Cookies\wonder@calc.avsystemcare[1].txt
C:\Documents and Settings\Wonder\Cookies\wonder@1067156533[1].txt
C:\Documents and Settings\Wonder\Cookies\wonder@overture[1].txt
C:\Documents and Settings\Wonder\Cookies\wonder@windowsmedia[1].txt
C:\Documents and Settings\Wonder\Cookies\wonder@please[2].txt
C:\Documents and Settings\Wonder\Cookies\wonder@clicktorrent[2].txt
C:\Documents and Settings\Wonder\Cookies\wonder@sexyskolacky.myxhost[2].txt
C:\Documents and Settings\Wonder\Cookies\wonder@eas.apm.emediate[2].txt
C:\Documents and Settings\Wonder\Cookies\wonder@bs.serving-sys[1].txt
C:\Documents and Settings\Wonder\Cookies\wonder@www.sexyreality[2].txt
C:\Documents and Settings\Wonder\Cookies\wonder@2o7[1].txt
C:\Documents and Settings\Wonder\Cookies\wonder@3.adbrite[1].txt
C:\Documents and Settings\Wonder\Cookies\wonder@tribalfusion[2].txt
C:\Documents and Settings\Wonder\Cookies\wonder@topsex[2].txt
C:\Documents and Settings\Wonder\Cookies\wonder@serving-sys[1].txt
C:\Documents and Settings\Wonder\Cookies\wonder@toplist[1].txt
C:\Documents and Settings\Wonder\Cookies\wonder@www.pcantiviruspro[1].txt
C:\Documents and Settings\George\Cookies\george@247realmedia[1].txt
C:\Documents and Settings\George\Cookies\george@ad.triplemind[1].txt
C:\Documents and Settings\George\Cookies\george@ad.wz[1].txt
C:\Documents and Settings\George\Cookies\george@adclickstats[1].txt
C:\Documents and Settings\George\Cookies\george@adrenalinesk[1].txt
C:\Documents and Settings\George\Cookies\george@ads.czc[1].txt
C:\Documents and Settings\George\Cookies\george@ads.czc[3].txt
C:\Documents and Settings\George\Cookies\george@advertising[2].txt
C:\Documents and Settings\George\Cookies\george@atwola[1].txt
C:\Documents and Settings\George\Cookies\george@bs.serving-sys[2].txt
C:\Documents and Settings\George\Cookies\george@bs.serving-sys[3].txt
C:\Documents and Settings\George\Cookies\george@clickaider[1].txt
C:\Documents and Settings\George\Cookies\george@clickaider[2].txt
C:\Documents and Settings\George\Cookies\george@counter.cnw[2].txt
C:\Documents and Settings\George\Cookies\george@doubleclick[1].txt
C:\Documents and Settings\George\Cookies\george@doubleclick[2].txt
C:\Documents and Settings\George\Cookies\george@doubleclick[3].txt
C:\Documents and Settings\George\Cookies\george@eas.apm.emediate[2].txt
C:\Documents and Settings\George\Cookies\george@fastclick[1].txt
C:\Documents and Settings\George\Cookies\george@haynet.adbureau[2].txt
C:\Documents and Settings\George\Cookies\george@hitbox[2].txt
C:\Documents and Settings\George\Cookies\george@image.masterstats[1].txt
C:\Documents and Settings\George\Cookies\george@image.masterstats[2].txt
C:\Documents and Settings\George\Cookies\george@indextools[1].txt
C:\Documents and Settings\George\Cookies\george@indextools[2].txt
C:\Documents and Settings\George\Cookies\george@mediaplex[1].txt
C:\Documents and Settings\George\Cookies\george@partner2profit[1].txt
C:\Documents and Settings\George\Cookies\george@perf.overture[1].txt
C:\Documents and Settings\George\Cookies\george@revsci[2].txt
C:\Documents and Settings\George\Cookies\george@sex-doma[1].txt
C:\Documents and Settings\George\Cookies\george@spylog[1].txt
C:\Documents and Settings\George\Cookies\george@stat.novasol[1].txt
C:\Documents and Settings\George\Cookies\george@stat.novasol[2].txt
C:\Documents and Settings\George\Cookies\george@statsweb.bnpparibas[1].txt
C:\Documents and Settings\George\Cookies\george@stats[1].txt
C:\Documents and Settings\George\Cookies\george@toplist[1].txt
C:\Documents and Settings\George\Cookies\george@toplist[2].txt
C:\Documents and Settings\George\Cookies\george@track.adform[2].txt
C:\Documents and Settings\George\Cookies\george@windowsmedia[1].txt
C:\Documents and Settings\George\Cookies\george@xxxcounter[1].txt
C:\Documents and Settings\George\Cookies\george@yadro[2].txt
C:\Documents and Settings\Máti\Cookies\máti@counter.cnw[2].txt
C:\Documents and Settings\Máti\Cookies\máti@indextools[2].txt
C:\Documents and Settings\Máti\Cookies\máti@toplist[1].txt
C:\Documents and Settings\Wonder\Cookies\wonder@blogstats[1].txt

Trojan.Net-AVP/AVT
C:\DOCUMENTS AND SETTINGS\GEORGE\NABíDKA START\PROGRAMY\PO SPUšTěNí\SYSTEM.EXE
C:\DOCUMENTS AND SETTINGS\MáTI\NABíDKA START\PROGRAMY\PO SPUšTěNí\SYSTEM.EXE
C:\WINDOWS\Prefetch\SYSTEM.EXE-083774A3.pf

Trojan.Downloader-Gen/BossDoggy
C:\DOCUMENTS AND SETTINGS\WONDER\LOCAL SETTINGS\TEMPMBROIT.EXE

Trojan.WindowsUpdate
C:\PROGRAM FILES\COMMON FILES\SYSTEM\SVCHOST.EXE

Trojan.Downloader-Gen/NoMultiTask
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E78BA8E7-D4EB-4AF9-AEC7-1B68EAD31F10}\RP37\A0005839.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E78BA8E7-D4EB-4AF9-AEC7-1B68EAD31F10}\RP37\A0005864.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E78BA8E7-D4EB-4AF9-AEC7-1B68EAD31F10}\RP39\A0006012.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E78BA8E7-D4EB-4AF9-AEC7-1B68EAD31F10}\RP41\A0006658.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E78BA8E7-D4EB-4AF9-AEC7-1B68EAD31F10}\RP60\A0012833.DLL

Trojan.Downloader-Gen
C:\WINDOWS\SYSTEM32\FRMWRK.EXE

Trace.Known Threat Sources
C:\Documents and Settings\Máti\Local Settings\Temporary Internet Files\Content.IE5\89UNODI3\errorhandler[1].htm
C:\Documents and Settings\Máti\Local Settings\Temporary Internet Files\Content.IE5\89UNODI3\index[1].htm
C:\Documents and Settings\Máti\Local Settings\Temporary Internet Files\Content.IE5\4X67WP2N\crypt[1].htm
C:\Documents and Settings\Máti\Local Settings\Temporary Internet Files\Content.IE5\8TI7S9YZ\ajax[1].htm
C:\Documents and Settings\Máti\Local Settings\Temporary Internet Files\Content.IE5\4T27GH2V\data[1]
C:\Documents and Settings\Máti\Local Settings\Temporary Internet Files\Content.IE5\8TI7S9YZ\managers[1].htm
C:\Documents and Settings\Máti\Local Settings\Temporary Internet Files\Content.IE5\4T27GH2V\stats[1].jpg

Už se mohu dostat do Správce úloh atd, ale ještě nevím jestli zmizlo to Windows Security Alert..

Wonder · Příspěvekod **Wonder** » 11 lis 2007 12:22

Ježiš já ten výpis z comboFixu spletl....Tady je:
ComboFix 07-11-08.3 - Wonder 2007-11-11 12:14:19.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.1.1250.1.1029.18.635 [GMT 1:00]
Running from: C:\Documents and Settings\Wonder\Plocha\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\George\ResErrors.log
C:\Documents and Settings\Wonder\Data aplikací\inst.exe
C:\Documents and Settings\Wonder\ResErrors.log

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\Driver

((((((((((((((((((((((((( Files Created from 2007-10-11 to 2007-11-11 )))))))))))))))))))))))))))))))
.

2007-11-11 12:13 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-11 10:56 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-11-11 10:24 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-11 10:24 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-11 10:24 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-11 10:24 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-11 09:39 21,312 --a------ C:\WINDOWS\choice.exe
2007-11-11 09:36 1,822 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-11 09:35 <DIR> d--h----- C:\Documents and Settings\Administrator\ćablony
2007-11-11 09:35 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2007-11-11 09:35 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolnˇ tisk rny
2007-11-11 09:35 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolnˇ sˇś
2007-11-11 09:35 <DIR> d-------- C:\Documents and Settings\Administrator\Oblˇben‚ polo§ky
2007-11-11 09:35 <DIR> dr------- C:\Documents and Settings\Administrator\Nabˇdka Start
2007-11-11 09:35 <DIR> d-------- C:\Documents and Settings\Administrator\Dokumenty
2007-11-11 09:35 <DIR> dr-h----- C:\Documents and Settings\Administrator\Data aplikacˇ
2007-11-11 09:19 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-11 08:54 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-11-11 08:53 <DIR> d-------- C:\Program Files\Microsoft AntiSpyware
2007-11-11 00:29 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-11-10 12:24 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-11-10 12:24 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-11-10 11:37 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-11-10 11:37 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-11-10 10:40 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-11-10 10:12 <DIR> d-------- C:\Program Files\EA Sports
2007-11-03 22:16 <DIR> d-------- C:\Program Files\PhotoFiltre Studio
2007-11-03 22:16 41 ---h----- C:\WINDOWS\dsez2140.dat
2007-11-03 08:56 17,408 --a------ C:\WINDOWS\system32\AAP.DLL
2007-11-03 08:54 928,768 --a------ C:\WINDOWS\system32\AAK.dll
2007-11-03 08:54 624,640 --a------ C:\WINDOWS\system32\AAD.DLL
2007-11-02 17:32 <DIR> d-------- C:\Program Files\MOBILedit!
2007-11-02 17:26 15,360 --a------ C:\WINDOWS\system32\windblt.dll
2007-11-02 17:24 <DIR> d-------- C:\Program Files\SiMoCo
2007-11-02 17:24 <DIR> d-------- C:\Documents and Settings\Wonder\WINDOWS
2007-11-02 17:23 <DIR> d-------- C:\Program Files\Mp3 File Editor
2007-11-02 17:23 286,720 --a------ C:\WINDOWS\iun506.exe
2007-10-28 19:47 <DIR> d-------- C:\Program Files\Lavasoft
2007-10-28 19:47 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-27 10:36 <DIR> d-------- C:\Program Files\Electronic Arts
2007-10-26 21:30 <DIR> d-------- C:\Program Files\Yahoo!
2007-10-26 18:11 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2007-10-26 18:11 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-10-23 18:42 <DIR> d-------- C:\Program Files\GamePark
2007-10-23 18:39 <DIR> d-------- C:\Program Files\Activision
2007-10-21 16:04 <DIR> d-------- C:\Program Files\Skype
2007-10-21 16:04 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-10-20 11:56 <DIR> d-------- C:\Program Files\SMS Zdarma
2007-10-20 11:49 <DIR> d-------- C:\Program Files\Trillian
2007-10-17 18:06 <DIR> d-------- C:\Program Files\Astonsoft
2007-10-17 18:02 <DIR> d-------- C:\Program Files\Nero
2007-10-17 18:02 <DIR> d-------- C:\Program Files\Common Files\Nero

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-10 10:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-29 15:02 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-09-30 11:13 --------- d-----w C:\Program Files\Java
2007-09-29 11:46 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2007-09-29 11:46 --------- d-----w C:\Program Files\VSO
2007-09-29 07:28 --------- d-----w C:\Program Files\uTorrent
2007-09-27 13:11 512,096 ----a-w C:\WINDOWS\system32\drivers\amon.sys
2007-09-27 13:11 298,104 ----a-w C:\WINDOWS\system32\imon.dll
2007-09-27 13:11 15,424 ----a-w C:\WINDOWS\system32\drivers\nod32drv.sys
2007-09-26 19:31 --------- d-----w C:\Program Files\Petit
2007-09-26 19:30 --------- d-----w C:\Program Files\Common Files\Borland Shared
2007-09-26 19:13 --------- d-----w C:\Program Files\Sensory Software
2007-09-26 19:07 --------- d-----w C:\Program Files\Usnadnení
2007-09-26 19:06 --------- d-----w C:\Program Files\SAAK
2007-09-26 16:15 --------- d-----w C:\Program Files\LimeWire
2007-09-26 16:10 --------- d-----w C:\Program Files\Common Files\Java
2007-09-25 19:34 --------- d-----w C:\Program Files\Foxit Software
2007-09-25 19:19 --------- d-----w C:\Program Files\K-Lite Codec Pack
2007-09-25 18:52 --------- d-----w C:\Program Files\Avant Browser
2007-09-25 18:49 --------- d-----w C:\Program Files\Analog Devices
2007-09-25 18:48 --------- d-----w C:\Program Files\Realtek
2007-09-25 18:44 --------- d-----w C:\Program Files\Webteh
2007-09-25 18:37 --------- d-----w C:\Program Files\Canon
2007-09-25 18:30 --------- d-----w C:\Program Files\ASUSTeK
2007-09-25 18:29 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-09-25 18:19 --------- d-----w C:\Program Files\microsoft frontpage
2007-09-24 07:05 132,904 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys
2007-09-24 07:05 11,304 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys
2007-09-20 07:59 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2007-09-20 07:55 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2007-09-20 07:55 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 02:11]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2005-09-07 14:35]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-09-27 14:11]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2005-12-14 07:51]
"gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" [2005-07-12 15:35]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-11 12:17:54
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-11 12:18:33 - machine was rebooted
.
--- E O F ---

Příspěvekod **fredik** » 11 lis 2007 21:28

Otestuj tyto soubory na VirusTotall a dej sem výsledky
C:\WINDOWS\system32\AAP.DLL
C:\WINDOWS\system32\AAK.dll
C:\WINDOWS\system32\AAD.DLL
C:\WINDOWS\system32\windblt.dll

Dej sem pak taky nový log z HJT.

POMOC, Windows Security Alert

POMOC, Windows Security Alert

Kdo je online