prosím o kontrolu a o radu Hijack this

pomtom · Příspěvekod **pomtom** » 18 lis 2007 20:15

Prosím o radu s tímto, nestále naskakuje security alert, malware alert, atd..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:11:44, on 18.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
d:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\kodak\Kodak EasyShare software\bin\EasyShare.exe
d:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Cyberlink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
d:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\POM\Plocha\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.novinky.cz/koktejl/houpacka- ... 4c36e.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\lodwwekk.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [avast!] d:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AAWTray] D:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RemoteControl] "d:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "d:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\quicktime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [00a005d9] rundll32.exe "C:\WINDOWS\system32\qktbbqia.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = D:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Hlavní panel ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Software Kodak EasyShare.lnk = D:\kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - d:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - d:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - d:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - d:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - d:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared Files\RichVideo.exe

--
End of file - 6461 bytes

Reklama

Příspěvekod **fredik** » 18 lis 2007 21:52

Vítej na fóru

Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

pomtom · Příspěvekod **pomtom** » 19 lis 2007 09:02

ComboFix 07-11-08.3 - POM 2007-11-19 8:34:56.3 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.581 [GMT 1:00]
Running from: C:\Documents and Settings\POM\Plocha\ComboFix.exe
.

Unable to gain System Privileges

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Nabídka Start\Live Safety Center.lnk
C:\Documents and Settings\All Users\Nabídka Start\Online Security Guide.lnk
C:\Documents and Settings\Mates\Oblíbené položky\Online Security Guide.lnk
C:\Documents and Settings\Mates\Plocha\Live Safety Center.lnk
C:\Documents and Settings\Mates\Plocha\Online Security Guide.lnk
C:\Documents and Settings\POM\Oblíbené položky\Online Security Guide.lnk
C:\Documents and Settings\POM\Plocha\Live Safety Center.lnk
C:\Documents and Settings\POM\Plocha\Online Security Guide.lnk
C:\WINDOWS\cookies.ini
C:\WINDOWS\mrofinu1188.exe
C:\WINDOWS\system32\lodwwekk.dllbox
C:\WINDOWS\system32\qttss.ini
C:\WINDOWS\system32\qttss.ini2
C:\WINDOWS\system32\ssttq.dll

.
((((((((((((((((((((((((( Files Created from 2007-10-19 to 2007-11-19 )))))))))))))))))))))))))))))))
.

2007-11-19 08:58 36,864 --a------ C:\svchost.exe
2007-11-19 07:13 0 --a------ C:\x.dat
2007-11-19 07:12 36,352 --a------ C:\WINDOWS\system32\tuvwvts.dll
2007-11-18 20:34 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2007-11-18 20:32 <DIR> d-------- C:\Program Files\Spyware Terminator
2007-11-18 19:59 0 --a------ C:\z.dat
2007-11-18 19:58 36,352 --a------ C:\WINDOWS\system32\gebaywx.dll
2007-11-18 16:33 36,352 --a------ C:\WINDOWS\system32\urqnmlk.dll
2007-11-18 16:10 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-18 15:52 70 --ah----- C:\aaw7boot.cmd
2007-11-18 14:49 0 --a------ C:\Documents and Settings\POM\x.dat
2007-11-18 14:48 36,352 --a------ C:\WINDOWS\system32\ljjigef.dll
2007-11-18 14:48 258 --a------ C:\Documents and Settings\POM\z.dat
2007-11-18 10:44 36,352 --a------ C:\WINDOWS\system32\vturrpo.dll
2007-11-18 10:41 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-11-17 20:12 85,056 --a------ C:\WINDOWS\system32\qktbbqia.dll
2007-11-17 20:09 82,496 --a------ C:\WINDOWS\system32\nkgejrgv.dll
2007-11-17 20:07 145,984 --a------ C:\WINDOWS\system32\bxugciaw.dll
2007-11-17 20:07 71,232 --a------ C:\WINDOWS\system32\yduireda.exe
2007-11-17 16:39 36,352 --a------ C:\WINDOWS\system32\wvusrqq.dll
2007-11-17 16:39 36,352 --a------ C:\WINDOWS\system32\hggfgef.dll
2007-11-17 16:39 258 --a------ C:\Documents and Settings\Mates\z.dat
2007-11-17 16:39 0 --a------ C:\Documents and Settings\Mates\x.dat
2007-11-17 15:50 <DIR> d-------- C:\Program Files\Yahoo!
2007-11-17 15:50 <DIR> d-------- C:\extensions
2007-11-17 15:40 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-11-17 15:37 <DIR> d-------- C:\Program Files\Common Files\ACD Systems
2007-11-17 15:37 36,352 --a------ C:\WINDOWS\system32\ljjhefc.dll
2007-11-17 15:37 120 --a------ C:\n.bat
2007-11-17 15:36 36,352 --a------ C:\WINDOWS\system32\mljhiii.dll
2007-11-17 13:11 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-11-17 12:01 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-11-17 12:00 <DIR> d-------- C:\Program Files\Kodak
2007-11-17 12:00 <DIR> d-------- C:\Program Files\Common Files\Kodak
2007-11-17 12:00 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-11-17 12:00 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-11-17 12:00 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2007-11-17 12:00 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-11-17 10:31 <DIR> d-------- C:\Program Files\Apple Software Update
2007-11-12 09:16 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-11-09 21:17 <DIR> d-------- C:\Program Files\Cyberlink
2007-11-08 17:54 139,264 --a------ C:\WINDOWS\War3Unin.exe
2007-11-08 17:54 78,776 --a------ C:\WINDOWS\War3Unin.dat
2007-11-08 17:54 2,829 --a------ C:\WINDOWS\War3Unin.pif
2007-11-05 09:24 <DIR> d-------- C:\Documents and Settings\POM\Shared
2007-11-05 09:24 <DIR> d-------- C:\Documents and Settings\POM\Incomplete
2007-11-01 11:45 <DIR> d-------- C:\direct X
2007-11-01 11:40 139,264 --a------ C:\WINDOWS\system32\eax.dll
2007-11-01 11:09 319,488 -ra------ C:\WINDOWS\system32\MafiaSetup.exe
2007-10-31 20:20 34,308 --a------ C:\BASSMOD.DLL
2007-10-31 18:51 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-10-31 17:08 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2007-10-31 16:58 160,640 --a------ C:\WINDOWS\system32\drivers\a347bus.sys
2007-10-31 16:58 5,248 --a------ C:\WINDOWS\system32\drivers\a347scsi.sys
2007-10-31 16:54 <DIR> d--h----- C:\Documents and Settings\Mates\ćablony
2007-10-31 16:54 <DIR> d-------- C:\Documents and Settings\Mates\Plocha
2007-10-31 16:54 <DIR> d--h----- C:\Documents and Settings\Mates\Okolnˇ tisk rny
2007-10-31 16:54 <DIR> d--h----- C:\Documents and Settings\Mates\Okolnˇ sˇś
2007-10-31 16:54 <DIR> dr------- C:\Documents and Settings\Mates\Oblˇben‚ polo§ky
2007-10-31 16:54 <DIR> dr------- C:\Documents and Settings\Mates\Nabˇdka Start
2007-10-31 16:54 <DIR> dr------- C:\Documents and Settings\Mates\Dokumenty
2007-10-31 16:54 <DIR> dr-h----- C:\Documents and Settings\Mates\Data aplikacˇ
2007-10-31 16:51 <DIR> d--h----- C:\Documents and Settings\Martin.PLAYBOY-COMP\ćablony
2007-10-31 16:51 <DIR> d-------- C:\Documents and Settings\Martin.PLAYBOY-COMP\Plocha
2007-10-31 16:51 <DIR> d--h----- C:\Documents and Settings\Martin.PLAYBOY-COMP\Okolnˇ tisk rny
2007-10-31 16:51 <DIR> d--h----- C:\Documents and Settings\Martin.PLAYBOY-COMP\Okolnˇ sˇś
2007-10-31 16:51 <DIR> d-------- C:\Documents and Settings\Martin.PLAYBOY-COMP\Oblˇben‚ polo§ky
2007-10-31 16:51 <DIR> dr------- C:\Documents and Settings\Martin.PLAYBOY-COMP\Nabˇdka Start
2007-10-31 16:51 <DIR> d-------- C:\Documents and Settings\Martin.PLAYBOY-COMP\Dokumenty
2007-10-31 16:51 <DIR> dr-h----- C:\Documents and Settings\Martin.PLAYBOY-COMP\Data aplikacˇ
2007-10-31 16:48 <DIR> d--h----- C:\Documents and Settings\Martin\ćablony
2007-10-31 16:48 <DIR> d-------- C:\Documents and Settings\Martin\Plocha
2007-10-31 16:48 <DIR> d--h----- C:\Documents and Settings\Martin\Okolnˇ tisk rny
2007-10-31 16:48 <DIR> d--h----- C:\Documents and Settings\Martin\Okolnˇ sˇś
2007-10-31 16:48 <DIR> d-------- C:\Documents and Settings\Martin\Oblˇben‚ polo§ky
2007-10-31 16:48 <DIR> dr------- C:\Documents and Settings\Martin\Nabˇdka Start
2007-10-31 16:48 <DIR> d-------- C:\Documents and Settings\Martin\Dokumenty
2007-10-31 16:48 <DIR> dr-h----- C:\Documents and Settings\Martin\Data aplikacˇ
2007-10-31 16:39 45,056 --a------ C:\WINDOWS\system32\hpzll3xu.dll
2007-10-31 16:37 <DIR> d-------- C:\Program Files\Hewlett-Packard
2007-10-31 16:35 <DIR> d-------- C:\Program Files\HP
2007-10-31 16:35 79,216 --a------ C:\WINDOWS\hpfins05.dat
2007-10-31 16:35 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-10-31 16:35 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2007-10-31 16:35 1,395 --------- C:\WINDOWS\hpfmdl05.dat
2007-10-31 16:34 372,736 --a------ C:\WINDOWS\system32\hpzidi01.dll
2007-10-31 16:34 77,824 --a------ C:\WINDOWS\system32\hpzids01.dll
2007-10-31 15:44 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-10-31 15:43 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-10-31 15:42 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-10-31 15:41 <DIR> dr-h----- C:\MSOCache
2007-10-31 15:39 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-10-31 15:24 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-10-31 15:21 1,156 --a------ C:\WINDOWS\mozver.dat
2007-10-31 15:08 <DIR> d-------- C:\Program Files\Winamp
2007-10-31 15:05 <DIR> d-------- C:\Program Files\Java
2007-10-31 15:04 <DIR> d-------- C:\Program Files\Common Files\Java
2007-10-31 15:03 <DIR> d-------- C:\Program Files\Codec Pack - All In 1
2007-10-31 15:03 737,280 --a------ C:\WINDOWS\iun6002.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-01 10:40 --------- d-----w C:\Program Files\Creative
2007-10-31 18:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-31 13:58 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2007-10-31 13:55 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-10-31 13:45 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-31 13:16 --------- d-----w C:\Program Files\ATI Technologies
2007-10-31 12:53 --------- d-----w C:\Program Files\microsoft frontpage
2007-10-25 17:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-10-25 17:05 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-10-25 17:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-10-25 17:01 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-10-25 16:58 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-10-01 11:15 839,702 ----a-w C:\WINDOWS\Fonts\Crack.exe
2007-10-01 11:15 839,701 --sh--w C:\WINDOWS\Fonts\svchost.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}]
2007-11-17 15:36 36352 --a------ C:\WINDOWS\system32\mljhiii.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e7bf5173-9ba0-44a1-bfa9-8ca566af72a4}]
2007-11-17 20:09 82496 --a------ C:\WINDOWS\system32\nkgejrgv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-29 21:05]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-03-30 00:36]
"CTHelper"="CTHELPER.EXE" [2003-08-28 09:45 C:\WINDOWS\system32\CTHELPER.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00]
"Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 01:00]
"avast!"="d:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-10-25 17:20]
"AAWTray"="D:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 15:53]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"HP Software Update"="D:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12]
"RemoteControl"="d:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-08 22:26]
"LanguageShortcut"="d:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 22:17]
"QuickTime Task"="D:\quicktime\QTTask.exe" [2007-10-19 20:16]
"Host Process"="C:\WINDOWS\Fonts\svchost.exe" [2007-10-01 12:15]
"00a005d9"="C:\WINDOWS\system32\qktbbqia.dll" [2007-11-17 20:12]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2007-11-18 20:33]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}"= C:\WINDOWS\system32\mljhiii.dll [2007-11-17 15:36 36352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\lodwwekk]
lodwwekk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljhiii]
mljhiii.dll 2007-11-17 15:36 36352 C:\WINDOWS\system32\mljhiii.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ssttq.dll

R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
R1 VIAPFD;VIAPFD;C:\WINDOWS\system32\Drivers\VIAPFD.SYS
R2 SetupNT;SetupNT;C:\WINDOWS\system32\SetupNT.sys
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-11-17 09:31:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-19 08:58:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\awtsrpp.dll 36352 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
Completion time: 2007-11-19 9:02:08 - machine was rebooted
.
--- E O F ---

Příspěvekod **fredik** » 19 lis 2007 21:21

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:

Kód: Vybrat vše

File:: 
C:\svchost.exe
C:\x.dat
C:\WINDOWS\system32\tuvwvts.dll
C:\z.dat
C:\WINDOWS\system32\gebaywx.dll
C:\WINDOWS\system32\urqnmlk.dll
C:\Documents and Settings\POM\x.dat
C:\WINDOWS\system32\ljjigef.dll
C:\WINDOWS\system32\vturrpo.dll 
C:\WINDOWS\system32\mljhiii.dll
C:\WINDOWS\system32\qktbbqia.dll
C:\WINDOWS\system32\nkgejrgv.dll
C:\WINDOWS\system32\bxugciaw.dll 
C:\WINDOWS\system32\yduireda.exe
C:\WINDOWS\system32\wvusrqq.dll
C:\WINDOWS\system32\hggfgef.dll
C:\WINDOWS\system32\vbzip10.dll
C:\WINDOWS\system32\ljjhefc.dll
C:\WINDOWS\Fonts\Crack.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\system32\awtsrpp.dll 

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e7bf5173-9ba0-44a1-bfa9-8ca566af72a4}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Host Process"=-
"00a005d9"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\lodwwekk]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljhiii]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00

Zvol možnost Uložit soubor jako, pojmenuj soubor CFScript.txt a zvol Uložit jako typ: Všechny soubory.
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť
Obrázek

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
+
Dej sem nový log z HJT

pomtom · Příspěvekod **pomtom** » 20 lis 2007 14:22

Jenže když přetáhu txt na combofix, tak mi po chvíli napíše, že to nejde.... a že si mám stáhnout novou kopii

Příspěvekod **fredik** » 20 lis 2007 17:26

Stáhni si Avengera spusť ho pod účtem administrátora.
Zvol možnost - Input script manually a klikni na ikonku lupy, vyskočí prázdné okno kam zkopíruj tento tučný text:
Files to delete:
C:\svchost.exe
C:\x.dat
C:\WINDOWS\system32\tuvwvts.dll
C:\z.dat
C:\WINDOWS\system32\gebaywx.dll
C:\WINDOWS\system32\urqnmlk.dll
C:\Documents and Settings\POM\x.dat
C:\WINDOWS\system32\ljjigef.dll
C:\WINDOWS\system32\vturrpo.dll
C:\WINDOWS\system32\mljhiii.dll
C:\WINDOWS\system32\nkgejrgv.dll
C:\WINDOWS\system32\qktbbqia.dll
C:\WINDOWS\system32\nkgejrgv.dll
C:\WINDOWS\system32\bxugciaw.dll
C:\WINDOWS\system32\yduireda.exe
C:\WINDOWS\system32\wvusrqq.dll
C:\WINDOWS\system32\hggfgef.dll
C:\WINDOWS\system32\vbzip10.dll
C:\WINDOWS\system32\ljjhefc.dll
C:\WINDOWS\Fonts\Crack.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\system32\awtsrpp.dll

Registry keys to delete:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e7bf5173-9ba0-44a1-bfa9-8ca566af72a4}
HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\lodwwekk
HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\mljhiii

Registry values to delete:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks | {BBB05D9E-0297-404D-A6BF-D8F2876B84A6}
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | 00a005d9
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | Host Process
Poté klikni na Done.
Pak klikni na ikonku semafory.
Vyskočí ti hláška kde odklikni Yes. PC se restartuje po restartu by ti měl "vyskočit" výpis z Avengeru tak ho sem zkopíruj.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Stáhni si Deckard's System Scanner (DSS) a ulož si ho na plochu
- ukonči všechna aktivní okna a spusť ho
- potvrď licenční podmínky a postupuj podle pokynů
- začne prohlídka systému
- po ukončení kontroly program vytvoří dva logy a zobrazí je: main.txt a extra.txt, tak sem vlož obsah souboru/logu main.txt
- jinak jsou logy uloženy v adresáři: c:\Deckard\System Scanner\

V následujícím příspěvku sem vlož tyto logy/výsledky:
- log z Avengeru
- log z DDS (main.txt)

prosím o kontrolu a o radu Hijack this

prosím o kontrolu a o radu Hijack this

Kdo je online