Win32:Dialer-1026[Trj]

[Sneckie]

Ahoj,
dneska jsem si udelal test avastem a zjistilo mi to Win32:Dialer-1026[Trj]. Nalezeno celkem u 6 souboru na disku. Muzete mi prosim nekdo poradit co s tim? Davam sem vypis z HJT. Predem dik za pomoc. Pc a net jde zda se vpoho akorat mi sem tam vyskoci okno s tou blbou reklamou ze jsem milionty uzivatel a mam kliknout na odkaz coz bude asi dusledek toho viru.

Logfile of HijackThis v1.99.1
Scan saved at 12:55:07, on 25.8.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ADSL\ADSL USB MODEM\dslmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Documents and Settings\Frantisek\Dokumenty\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.cz/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.tiscali.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\WebAssist.dll
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [9xadiras] 9xadiras.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\SMax4.exe" /tray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - Global Startup: DSLMON.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{E2FBFCF2-6DA9-476F-B565-EA09CF46AD14}: NameServer = 194.228.41.65 194.228.41.113
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)

[Reklama]

[iwigirl]

toto fixni v hijackthis:
O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\WebAssist.dll

vlož sem log z silent runners, viz návod zde: http://viry.cz/forum/viewtopic.php?t=42428

[Sneckie]

udelal jsem si ten test SilentHunterem a davam sem teda celou kopii logu

"Silent Runners.vbs", revision 52, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"OM_Monitor" = "C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart" ["OLYMPUS IMAGING CORP."]
"DAEMON Tools" = ""C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033" ["DT Soft Ltd."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"JMB36X Configure" = "C:\WINDOWS\system32\JMRaidTool.exe boot" ["JMicron Technology Corp."]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"9xadiras" = "9xadiras.exe" [file not found]
"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" ["ALWIL Software"]
"amd_dc_opt" = "C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" ["AMD"]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"OM_Monitor" = "C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" ["OLYMPUS IMAGING CORP."]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"PWRISOVM.EXE" = "C:\Program Files\PowerISO\PWRISOVM.EXE" ["PowerISO Computing, Inc."]
"SoundMAXPnP" = "C:\Program Files\Analog Devices\Core\smax4pnp.exe" ["Analog Devices, Inc."]
"SoundMAX" = ""C:\Program Files\Analog Devices\SoundMAX\SMax4.exe" /tray" ["Analog Devices, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozšíření panelu Zobrazení pro panoramatické zobrazení"
-> {HKLM...CLSID} = "Rozšíření panelu Zobrazení pro panoramatické zobrazení"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozšíření ikony programu HyperTerminal"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{5E6AB780-7743-11CF-A12B-00AA004AE837}" = "Panel nástrojů Microsoft pro síť Internet"
-> {HKLM...CLSID} = "Panel nástrojů Microsoft pro síť Internet"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}" = "Stav stahování"
-> {HKLM...CLSID} = "Stav stahování"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}" = "Rozšířená složka prostředí"
-> {HKLM...CLSID} = "Rozšířená složka prostředí"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]
"{6413BA2C-B461-11d1-A18A-080036B11A03}" = "Augmented Shell Folder 2"
-> {HKLM...CLSID} = "Augmented Shell Folder 2"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}" = "BandProxy"
-> {HKLM...CLSID} = "BandProxy"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}" = "Microsoft BrowserBand"
-> {HKLM...CLSID} = "Microsoft BrowserBand"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]
"{30D02401-6A81-11d0-8274-00C04FD5AE38}" = "Search Band"
-> {HKLM...CLSID} = "Search Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}" = "Vyhledávat v podokně"
-> {HKLM...CLSID} = "Vyhledávat v podokně"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]
"{07798131-AF23-11d1-9111-00A0C98BA67D}" = "Hledání na webu"
-> {HKLM...CLSID} = "Hledání na webu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}" = "Nástroj možností registrového stromu"
-> {HKLM...CLSID} = "Nástroj možností registrového stromu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}" = "&Adresa"
-> {HKLM...CLSID} = "&Adresa"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]
"{A08C11D2-A228-11d0-825B-00AA005B4383}" = "Textové pole adresy"
-> {HKLM...CLSID} = "Textové pole adresy"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]
"{00BB2763-6A77-11D0-A535-00C04FD7D062}" = "Automatické dokončování Microsoft"
-> {HKLM...CLSID} = "Automatické dokončování Microsoft"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]
"{7376D660-C583-11d0-A3A5-00C04FD706EC}" = "TridentImageExtractor"
-> {HKLM...CLSID} = "TridentImageExtractor"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]
"{6756A641-DE71-11d0-831B-00AA005B4383}" = "Automaticky dokončovaný seznam MRU"
-> {HKLM...CLSID} = "Automaticky dokončovaný seznam MRU"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}" = "Custom MRU AutoCompleted List"
-> {HKLM...CLSID} = "Custom MRU AutoCompleted List"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]
"{7e653215-fa25-46bd-a339-34a2790f3cb7}" = "Přístupný"
-> {HKLM...CLSID} = "Přístupný"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]
"{acf35015-526e-4230-9596-becbe19f0ac9}" = "Track Popup Bar"
-> {HKLM...CLSID} = "Track Popup Bar"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]
"{00BB2764-6A77-11D0-A535-00C04FD7D062}" = "Automaticky dokončovaný seznam historie"
-> {HKLM...CLSID} = "Automaticky dokončovaný seznam historie"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]
"{03C036F1-A186-11D0-824A-00AA005B4383}" = "Automaticky se doplňující seznam složky prostředí společnosti Microsoft"
-> {HKLM...CLSID} = "Automaticky se doplňující seznam složky prostředí společnosti Microsoft"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]
"{00BB2765-6A77-11D0-A535-00C04FD7D062}" = "Kontejner automatického dokončování více seznamů"
-> {HKLM...CLSID} = "Kontejner automatického dokončování více seznamů"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}" = "Nabídka serveru pruhu prostředí"
-> {HKLM...CLSID} = "Nabídka serveru pruhu prostředí"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}" = "Panel plochy aplikací prostředí"
-> {HKLM...CLSID} = "Panel plochy aplikací prostředí"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}" = "Panel plochy prostředí"
-> {HKLM...CLSID} = "Panel plochy prostředí"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}" = "Shell Rebar BandSite"
-> {HKLM...CLSID} = "Shell Rebar BandSite"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}" = "Asistence uživatele"
-> {HKLM...CLSID} = "Asistence uživatele"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}" = "Globální nastavení složek"
-> {HKLM...CLSID} = "Globální nastavení složek"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}" = "PowerISO"
-> {HKLM...CLSID} = "PowerISO"
\InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Rozšíření ikon souborů aplikace Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\
<<!>> "{438755C2-A8BA-11D1-B96B-00A0C90312E1}" = "Browseui preloader"
-> {HKLM...CLSID} = "Browseui preloader"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]
<<!>> "{8C7461EF-2B13-11d2-BE35-3078302C2030}" = "Proces mezipaměti kategorií součástí"
-> {HKLM...CLSID} = "Proces mezipaměti kategorií součástí"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]

HKLM\Software\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"
-> {HKLM...CLSID} = "PowerISO"
\InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"
-> {HKLM...CLSID} = "PowerISO"
\InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"
-> {HKLM...CLSID} = "PowerISO"
\InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\Web\Wallpaper\Nebe.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS\Web\Wallpaper\Nebe.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS]


Startup items in "Frantisek" & "All Users" startup folders:
-----------------------------------------------------------

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
"DSLMON" -> shortcut to: "C:\Program Files\ADSL\ADSL USB MODEM\dslmon.exe" [empty string]


Enabled Scheduled Tasks:
------------------------

"At1" -> launches: "C:\WINDOWS\system32\xQA82Vf3.exe" [null data]
"At10" -> launches: "C:\WINDOWS\system32\xQA82Vf3.exe" [null data]
"At11" -> launches: "C:\WINDOWS\system32\xQA82Vf3.exe" [null data]
"At12" -> launches: "C:\WINDOWS\system32\xQA82Vf3.exe" [null data]
"At13" -> launches: "C:\WINDOWS\system32\xQA82Vf3.exe" [null data]
"At14" -> launches: "C:\WINDOWS\system32\xQA82Vf3.exe" [null data]
"At15" -> launches: "C:\WINDOWS\system32\xQA82Vf3.exe" [null data]
"At16" -> launches: "C:\WINDOWS\system32\xQA82Vf3.exe" [null data]
"At17" -> launches: "C:\WINDOWS\system32\xQA82Vf3.exe" [null data]
"At18" -> launches: "C:\WINDOWS\system32\xQA82Vf3.exe" [null data]
"At19" -> launches: "C:\WINDOWS\system32\xQA82Vf3.exe" [null data]
"At2" -> launches: "C:\WINDOWS\system32\xQA82Vf3.exe" [null data]
"At20" -> launches: "C:\WINDOWS\system32\xQA82Vf3.exe" [null data]
"At21" -> launches: "C:\WINDOWS\system32\xQA82Vf3.exe" [null data]
"At22" -> launches: "C:\WINDOWS\system32\xQA82Vf3.exe" [null data]
"At23" -> launches: "C:\WINDOWS\system32\xQA82Vf3.exe" [null data]
"At24" -> launches: "C:\WINDOWS\system32\xQA82Vf3.exe" [null data]
"At3" -> launches: "C:\WINDOWS\system32\xQA82Vf3.exe" [null data]
"At4" -> launches: "C:\WINDOWS\system32\xQA82Vf3.exe" [null data]
"At49" -> launches: "C:\WINDOWS\system32\winmds.exe" [file not found]
"At5" -> launches: "C:\WINDOWS\system32\xQA82Vf3.exe" [null data]
"At50" -> launches: "C:\WINDOWS\system32\winmds.exe" [file not found]
"At51" -> launches: "C:\WINDOWS\system32\winmds.exe" [file not found]
"At52" -> launches: "C:\WINDOWS\system32\winmds.exe" [file not found]
"At53" -> launches: "C:\WINDOWS\system32\winmds.exe" [file not found]
"At54" -> launches: "C:\WINDOWS\system32\winmds.exe" [file not found]
"At55" -> launches: "C:\WINDOWS\system32\winmds.exe" [file not found]
"At56" -> launches: "C:\WINDOWS\system32\winmds.exe" [file not found]
"At57" -> launches: "C:\WINDOWS\system32\winmds.exe" [file not found]
"At58" -> launches: "C:\WINDOWS\system32\winmds.exe" [file not found]
"At59" -> launches: "C:\WINDOWS\system32\winmds.exe" [file not found]
"At6" -> launches: "C:\WINDOWS\system32\xQA82Vf3.exe" [null data]
"At60" -> launches: "C:\WINDOWS\system32\winmds.exe" [file not found]
"At61" -> launches: "C:\WINDOWS\system32\winmds.exe" [file not found]
"At62" -> launches: "C:\WINDOWS\system32\winmds.exe" [file not found]
"At63" -> launches: "C:\WINDOWS\system32\winmds.exe" [file not found]
"At64" -> launches: "C:\WINDOWS\system32\winmds.exe" [file not found]
"At65" -> launches: "C:\WINDOWS\system32\winmds.exe" [file not found]
"At66" -> launches: "C:\WINDOWS\system32\winmds.exe" [file not found]
"At67" -> launches: "C:\WINDOWS\system32\winmds.exe" [file not found]
"At68" -> launches: "C:\WINDOWS\system32\winmds.exe" [file not found]
"At69" -> launches: "C:\WINDOWS\system32\winmds.exe" [file not found]
"At7" -> launches: "C:\WINDOWS\system32\xQA82Vf3.exe" [null data]
"At70" -> launches: "C:\WINDOWS\system32\winmds.exe" [file not found]
"At71" -> launches: "C:\WINDOWS\system32\winmds.exe" [file not found]
"At72" -> launches: "C:\WINDOWS\system32\winmds.exe" [file not found]
"At8" -> launches: "C:\WINDOWS\system32\xQA82Vf3.exe" [null data]
"At9" -> launches: "C:\WINDOWS\system32\xQA82Vf3.exe" [null data]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Zdroje informací"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.6.0_01"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.6.0_01"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll" ["Sun Microsystems, Inc."]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Zdroje informací"

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" ["ALWIL Software"]
avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" ["ALWIL Software"]
avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
hpzsnt07\Driver = "hpzsnt07.dll" ["HP"]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]


---------- (launch time: 2007-08-25 21:45:59)
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 34 seconds, including 12 seconds for message boxes)

[sakiri]

SilentRunners objevil šmejdy použij prosím ComboFix:
Stáhni si ComboFix ulož ho na plochu, zavři všechna spuštěná okna a spusť ho.
Postupuj dle pokynů během aplikování ComboFixu neklikej do zobrazujícího se okna může se stát totiž že to proces zastaví.
Po skončení se vytvoří log tak sem zkopíruj jeho obsah.
(Je možné že se počítač restartuje, bude to kvůli tomu že ComboFix našel infikované soubory aby je smazal tak se restartuje PC)
Pro spusťění ComboFixu je nutné mít práva administrátora.
Jinak je ComboFixův log umístěný na C:\ComboFix.txt

[Sneckie]

vypis z ComboFixu:

ComboFix 07-08-25.2 - "Frantisek" 2007-08-26 8:50:40.1 - NTFSx86
Syst‚m Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.662 [GMT 2:00]
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\xQA82Vf3.exe
C:\WINDOWS\Tasks.\At10.job
C:\WINDOWS\Tasks.\At11.job
C:\WINDOWS\Tasks.\At12.job
C:\WINDOWS\Tasks.\At13.job
C:\WINDOWS\Tasks.\At14.job
C:\WINDOWS\Tasks.\At15.job
C:\WINDOWS\Tasks.\At16.job
C:\WINDOWS\Tasks.\At17.job
C:\WINDOWS\Tasks.\At18.job
C:\WINDOWS\Tasks.\At19.job
C:\WINDOWS\Tasks.\At20.job
C:\WINDOWS\Tasks.\At21.job
C:\WINDOWS\Tasks.\At22.job
C:\WINDOWS\Tasks.\At23.job
C:\WINDOWS\Tasks.\At24.job
C:\WINDOWS\Tasks.\At3.job
C:\WINDOWS\Tasks.\At4.job
C:\WINDOWS\Tasks.\At5.job
C:\WINDOWS\Tasks.\At6.job
C:\WINDOWS\Tasks.\At7.job
C:\WINDOWS\Tasks.\At8.job
C:\WINDOWS\WebAssist.dll


((((((((((((((((((((((((( Files Created from 2007-07-26 to 2007-08-26 )))))))))))))))))))))))))))))))


2007-08-26 08:50 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-25 13:16 <DIR> d-------- C:\Program Files\CCleaner
2007-08-22 16:55 33,340 --------- C:\WINDOWS\system32\dbmsqlgc.dll
2007-08-22 16:55 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-08-22 16:55 24,576 --------- C:\WINDOWS\system32\dbmsgnet.dll
2007-08-22 16:42 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\DATAAP~1\TEMP
2007-08-19 21:46 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2007-08-17 10:13 94,208 --a------ C:\WINDOWS\DIIUnin.exe
2007-08-17 10:13 35,080 --a------ C:\WINDOWS\DIIUnin.dat
2007-08-17 10:13 2,829 --a------ C:\WINDOWS\DIIUnin.pif
2007-08-17 09:54 <DIR> d-------- C:\Program Files\Diablo II


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-23 22:53 --------- d-------- C:\DOCUME~1\FRANTI~1\DATAAP~1\Xfire
2007-08-22 22:34 --------- d-------- C:\Program Files\PowerISO
2007-08-22 16:58 --------- d-------- C:\DOCUME~1\FRANTI~1\DATAAP~1\Sony
2007-08-22 16:58 --------- d-------- C:\DOCUME~1\FRANTI~1\DATAAP~1\Publish Providers
2007-08-22 16:57 --------- d-------- C:\DOCUME~1\FRANTI~1\DATAAP~1\Azureus
2007-08-22 10:58 --------- d---s---- C:\Program Files\Xfire
2007-08-02 14:30 --------- d-------- C:\Program Files\World of Warcraft
2007-07-28 00:07 783224 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-07-28 00:02 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-07-28 00:02 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-07-28 00:00 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-07-27 23:59 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-07-27 23:58 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-07-27 23:57 95608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-07-16 09:50 --------- d-------- C:\Program Files\Nvu
2007-07-16 09:50 --------- d-------- C:\DOCUME~1\FRANTI~1\DATAAP~1\Nvu
2007-07-13 14:07 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-13 13:07 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-07-13 13:07 --------- dr-h----- C:\DOCUME~1\FRANTI~1\DATAAP~1\SecuROM
2007-07-12 09:12 81920 --a------ C:\WINDOWS\system32\frapsvid.dll
2007-07-06 19:59 --------- d-------- C:\Program Files\Teamspeak2_RC2
2007-07-06 19:59 --------- d-------- C:\DOCUME~1\FRANTI~1\DATAAP~1\teamspeak2
2007-07-03 13:49 --------- d-------- C:\Program Files\DivX
2007-07-03 13:49 --------- d-------- C:\Program Files\AC3Filter
2007-06-27 11:57 --------- d-------- C:\DOCUME~1\FRANTI~1\DATAAP~1\Command & Conquer 3 Tiberium Wars Demo


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-08-14 04:51]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-03-07 08:49]
"nwiz"="nwiz.exe" [2007-03-07 08:49 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-03-07 08:49]
"9xadiras"="9xadiras.exe" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-28 00:03]
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 16:49]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-05-10 16:07]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-11-29 19:19]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-04-09 14:23]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 04:07]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\SMax4.exe" [2006-04-10 09:19]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-11-29 19:19]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29]

R0 JGOGO;JMicron Hot-Plug Driver;C:\WINDOWS\system32\DRIVERS\JGOGO.sys
R0 JRAID;JRAID;C:\WINDOWS\system32\DRIVERS\jraid.sys
R3 AmdLLD;AMD Low Level Device Driver;C:\WINDOWS\system32\DRIVERS\AmdLLD.sys
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
R3 SenFiltService;SenFilt Service;C:\WINDOWS\system32\drivers\Senfilt.sys

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Schedule


Contents of the 'Scheduled Tasks' folder
2007-08-25 22:01:00 C:\WINDOWS\Tasks\At1.job
2007-08-25 23:01:00 C:\WINDOWS\Tasks\At2.job
2007-08-25 22:00:00 C:\WINDOWS\Tasks\At49.job - C:\WINDOWS\system32\winmds.exe
2007-08-25 23:00:00 C:\WINDOWS\Tasks\At50.job - C:\WINDOWS\system32\winmds.exe
2007-08-24 20:51:16 C:\WINDOWS\Tasks\At51.job - C:\WINDOWS\system32\winmds.exe
2007-08-24 20:51:16 C:\WINDOWS\Tasks\At52.job - C:\WINDOWS\system32\winmds.exe
2007-08-24 20:51:16 C:\WINDOWS\Tasks\At53.job - C:\WINDOWS\system32\winmds.exe
2007-08-24 20:51:16 C:\WINDOWS\Tasks\At54.job - C:\WINDOWS\system32\winmds.exe
2007-08-24 20:51:16 C:\WINDOWS\Tasks\At55.job - C:\WINDOWS\system32\winmds.exe
2007-08-24 20:51:16 C:\WINDOWS\Tasks\At56.job
2007-08-26 06:00:00 C:\WINDOWS\Tasks\At57.job - C:\WINDOWS\system32\winmds.exe
2007-08-24 20:51:16 C:\WINDOWS\Tasks\At58.job - C:\WINDOWS\system32\winmds.exe
2007-08-24 20:51:16 C:\WINDOWS\Tasks\At59.job - C:\WINDOWS\system32\winmds.exe
2007-08-24 20:51:16 C:\WINDOWS\Tasks\At60.job - C:\WINDOWS\system32\winmds.exe
2007-08-24 20:51:16 C:\WINDOWS\Tasks\At61.job - C:\WINDOWS\system32\winmds.exe
2007-08-25 11:00:00 C:\WINDOWS\Tasks\At62.job
2007-08-24 20:51:16 C:\WINDOWS\Tasks\At63.job
2007-08-24 20:51:17 C:\WINDOWS\Tasks\At64.job
2007-08-24 20:51:17 C:\WINDOWS\Tasks\At65.job - C:\WINDOWS\system32\winmds.exe
2007-08-24 20:51:17 C:\WINDOWS\Tasks\At66.job - C:\WINDOWS\system32\winmds.exe
2007-08-24 20:51:17 C:\WINDOWS\Tasks\At67.job - C:\WINDOWS\system32\winmds.exe
2007-08-24 20:51:17 C:\WINDOWS\Tasks\At68.job - C:\WINDOWS\system32\winmds.exe
2007-08-24 20:51:17 C:\WINDOWS\Tasks\At69.job - C:\WINDOWS\system32\winmds.exe
2007-08-24 20:51:17 C:\WINDOWS\Tasks\At70.job - C:\WINDOWS\system32\winmds.exe
2007-08-25 20:00:00 C:\WINDOWS\Tasks\At71.job - C:\WINDOWS\system32\winmds.exe
2007-08-25 21:00:00 C:\WINDOWS\Tasks\At72.job - C:\WINDOWS\system32\winmds.exe
2007-08-26 06:01:00 C:\WINDOWS\Tasks\At9.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-26 08:52:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\QTFont.for
C:\WINDOWS\QTFont.qfn

scan completed successfully
hidden files: 2

**************************************************************************

Completion time: 2007-08-26 8:53:11 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-26 08:53

--- E O F ---

[sakiri]

Při této akci je nutné mít ComboFix na ploše již bys ho tam měl mít stažený.

1. Spusť Poznámkový blok (Notepad) přes Start - Programy - Příslušenství a zkopíruj do něj celý text z toho bílého políčka:

Kód: Vybrat vše

File::
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At49.job
C:\WINDOWS\Tasks\At50.job
C:\WINDOWS\Tasks\At51.job
C:\WINDOWS\Tasks\At52.job
C:\WINDOWS\Tasks\At53.job
C:\WINDOWS\Tasks\At54.job
C:\WINDOWS\Tasks\At55.job
C:\WINDOWS\Tasks\At56.job
C:\WINDOWS\Tasks\At57.job
C:\WINDOWS\Tasks\At58.job
C:\WINDOWS\Tasks\At59.job
C:\WINDOWS\Tasks\At60.job
C:\WINDOWS\Tasks\At61.job
C:\WINDOWS\Tasks\At62.job
C:\WINDOWS\Tasks\At63.job
C:\WINDOWS\Tasks\At64.job
C:\WINDOWS\Tasks\At65.job
C:\WINDOWS\Tasks\At66.job
C:\WINDOWS\Tasks\At67.job
C:\WINDOWS\Tasks\At68.job
C:\WINDOWS\Tasks\At69.job
C:\WINDOWS\Tasks\At70.job
C:\WINDOWS\Tasks\At71.job
C:\WINDOWS\Tasks\At72.job
C:\WINDOWS\Tasks\At9.job

Pak dej Soubor (File) -> Uložit jako (Save As) -> jak je Název souboru (File name) tak do toho řádku napiš: CFScript.txt
Typ souboru (Save as type) tak tam vyber *všechny soubory (*all files)
A ulož ho na plochu.

2. Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix a když se oba soubory překryjí, skript upusť
- Automaticky se spustí ComboFix
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení čistícího procesu a případném restartu počítače by se ti měl zobrazit log. Jinak umístěný C:\ComboFix.txt
- Tak sem zkopíruj celý jeho obsah

[Sneckie]

ComboFix 07-08-25.2 - "Frantisek" 2007-08-26 10:37:58.2 - NTFSx86
Syst‚m Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.735 [GMT 2:00]
Command switches used :: C:\Documents and Settings\Frantisek\Plocha\CFScript.txt
* Created a new restore point

FILE::
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At49.job
C:\WINDOWS\Tasks\At50.job
C:\WINDOWS\Tasks\At51.job
C:\WINDOWS\Tasks\At52.job
C:\WINDOWS\Tasks\At53.job
C:\WINDOWS\Tasks\At54.job
C:\WINDOWS\Tasks\At55.job
C:\WINDOWS\Tasks\At56.job
C:\WINDOWS\Tasks\At57.job
C:\WINDOWS\Tasks\At58.job
C:\WINDOWS\Tasks\At59.job
C:\WINDOWS\Tasks\At60.job
C:\WINDOWS\Tasks\At61.job
C:\WINDOWS\Tasks\At62.job
C:\WINDOWS\Tasks\At63.job
C:\WINDOWS\Tasks\At64.job
C:\WINDOWS\Tasks\At65.job
C:\WINDOWS\Tasks\At66.job
C:\WINDOWS\Tasks\At67.job
C:\WINDOWS\Tasks\At68.job
C:\WINDOWS\Tasks\At69.job
C:\WINDOWS\Tasks\At70.job
C:\WINDOWS\Tasks\At71.job
C:\WINDOWS\Tasks\At72.job
C:\WINDOWS\Tasks\At9.job


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At49.job
C:\WINDOWS\Tasks\At50.job
C:\WINDOWS\Tasks\At51.job
C:\WINDOWS\Tasks\At52.job
C:\WINDOWS\Tasks\At53.job
C:\WINDOWS\Tasks\At54.job
C:\WINDOWS\Tasks\At55.job
C:\WINDOWS\Tasks\At56.job
C:\WINDOWS\Tasks\At57.job
C:\WINDOWS\Tasks\At58.job
C:\WINDOWS\Tasks\At59.job
C:\WINDOWS\Tasks\At60.job
C:\WINDOWS\Tasks\At61.job
C:\WINDOWS\Tasks\At62.job
C:\WINDOWS\Tasks\At63.job
C:\WINDOWS\Tasks\At64.job
C:\WINDOWS\Tasks\At65.job
C:\WINDOWS\Tasks\At66.job
C:\WINDOWS\Tasks\At67.job
C:\WINDOWS\Tasks\At68.job
C:\WINDOWS\Tasks\At69.job
C:\WINDOWS\Tasks\At70.job
C:\WINDOWS\Tasks\At71.job
C:\WINDOWS\Tasks\At72.job
C:\WINDOWS\Tasks\At9.job


((((((((((((((((((((((((( Files Created from 2007-07-26 to 2007-08-26 )))))))))))))))))))))))))))))))


2007-08-26 08:50 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-25 13:16 <DIR> d-------- C:\Program Files\CCleaner
2007-08-22 16:55 33,340 --------- C:\WINDOWS\system32\dbmsqlgc.dll
2007-08-22 16:55 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-08-22 16:55 24,576 --------- C:\WINDOWS\system32\dbmsgnet.dll
2007-08-22 16:42 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\DATAAP~1\TEMP
2007-08-19 21:46 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2007-08-17 10:13 94,208 --a------ C:\WINDOWS\DIIUnin.exe
2007-08-17 10:13 35,080 --a------ C:\WINDOWS\DIIUnin.dat
2007-08-17 10:13 2,829 --a------ C:\WINDOWS\DIIUnin.pif
2007-08-17 09:54 <DIR> d-------- C:\Program Files\Diablo II


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-23 22:53 --------- d-------- C:\DOCUME~1\FRANTI~1\DATAAP~1\Xfire
2007-08-22 22:34 --------- d-------- C:\Program Files\PowerISO
2007-08-22 16:58 --------- d-------- C:\DOCUME~1\FRANTI~1\DATAAP~1\Sony
2007-08-22 16:58 --------- d-------- C:\DOCUME~1\FRANTI~1\DATAAP~1\Publish Providers
2007-08-22 16:57 --------- d-------- C:\DOCUME~1\FRANTI~1\DATAAP~1\Azureus
2007-08-22 10:58 --------- d---s---- C:\Program Files\Xfire
2007-08-02 14:30 --------- d-------- C:\Program Files\World of Warcraft
2007-07-28 00:07 783224 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-07-28 00:02 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-07-28 00:02 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-07-28 00:00 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-07-27 23:59 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-07-27 23:58 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-07-27 23:57 95608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-07-16 09:50 --------- d-------- C:\Program Files\Nvu
2007-07-16 09:50 --------- d-------- C:\DOCUME~1\FRANTI~1\DATAAP~1\Nvu
2007-07-13 14:07 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-13 13:07 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-07-13 13:07 --------- dr-h----- C:\DOCUME~1\FRANTI~1\DATAAP~1\SecuROM
2007-07-12 09:12 81920 --a------ C:\WINDOWS\system32\frapsvid.dll
2007-07-06 19:59 --------- d-------- C:\Program Files\Teamspeak2_RC2
2007-07-06 19:59 --------- d-------- C:\DOCUME~1\FRANTI~1\DATAAP~1\teamspeak2
2007-07-03 13:49 --------- d-------- C:\Program Files\DivX
2007-07-03 13:49 --------- d-------- C:\Program Files\AC3Filter
2007-06-27 11:57 --------- d-------- C:\DOCUME~1\FRANTI~1\DATAAP~1\Command & Conquer 3 Tiberium Wars Demo


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-08-14 04:51]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-03-07 08:49]
"nwiz"="nwiz.exe" [2007-03-07 08:49 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-03-07 08:49]
"9xadiras"="9xadiras.exe" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-28 00:03]
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 16:49]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-05-10 16:07]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-11-29 19:19]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-04-09 14:23]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 04:07]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\SMax4.exe" [2006-04-10 09:19]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-11-29 19:19]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29]

R0 JGOGO;JMicron Hot-Plug Driver;C:\WINDOWS\system32\DRIVERS\JGOGO.sys
R0 JRAID;JRAID;C:\WINDOWS\system32\DRIVERS\jraid.sys
R3 AmdLLD;AMD Low Level Device Driver;C:\WINDOWS\system32\DRIVERS\AmdLLD.sys
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
R3 SenFiltService;SenFilt Service;C:\WINDOWS\system32\drivers\Senfilt.sys

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Schedule


**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-26 10:38:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-26 10:39:01
C:\ComboFix-quarantined-files.txt ... 2007-08-26 10:39
C:\ComboFix2.txt ... 2007-08-26 08:53

--- E O F ---

[sakiri]

Super ComboFix smazal naplánované úlohy.

Pokud již nemáš žádné problémy tak je to vše.

A i za iwigirl: Není zač.

[Sneckie]

Super ComboFix smazal naplánované úlohy.

Pokud již nemáš žádné problémy tak je to vše.

A i za iwigirl: Není zač.

dekuji moc...snad uz je smejd pryc

[Sneckie]

hm vse se zdalo byt ok...zadne problemy uz nemam akorat mi znicehonic kdyz jsem pripojeny cely internet spadne a vyjede mi okno ktery mi pise: V aplikaci Generic Host Process for Win32 Services došlo k problému a je třeba ji zavřít. Omlouváme se za vzniklé potíže.

dal jsem si vypsat zpravu o chybach a vyjelo mi: C:\DOCUME~1\FRANTI~1\LOCALS~1\Temp\WER1db8.dir00\svchost.exe.mdmp
C:\DOCUME~1\FRANTI~1\LOCALS~1\Temp\WER1db8.dir00\appcompat.txt

kdyz kliknu na volbu "Neodesilat" tak mi cely net okamzite spadne a nemuzu ho znova vytocit(proste kdyz kliknu na ADSL vytaceni tak ta tabulka jen problikne a mam smulu)...nezbyva mi nez restartovat pc a az pak muzu vytacet a zase internet pouzivat.nevim co s tim :(

[sakiri]

Nainstaluj si tyto dvě záplaty:
http://www.microsoft.com/downloads/deta ... AD4E049C48
http://download.microsoft.com/download/ ... 86-CSY.exe

Poté řekni jestli ti ty záplaty pomohly.

[Sneckie]

Nainstaluj si tyto dvě záplaty:
http://www.microsoft.com/downloads/deta ... AD4E049C48
http://download.microsoft.com/download/ ... 86-CSY.exe

Poté řekni jestli ti ty záplaty pomohly.

jop vse ok...zda se byt diky znovu