PC-HELP.CZ

ahoj...kazdy den priblizne 5krat mi vyskoci tabulka viroveho hlaseni a upozornuje me to na reklamni software :Virus ¨Win32:Vundo-gen49(Adw)¨byl nalezen v souboru C:/DOCUME-1/user/LOCALS-1/Temp/uwsvfmxy.dll

cim to muze byt?docela uz mi to otravuje protoze to opravdu nelezne treba i petkrat denne....diky za radu

Zdravím a vítám Tě na fóru: PC-HELP

Vlož sem pro začátek log z HijackThis.

A dal jsi jej odstranit trvale, nebo uložit ap. A co Avast na to?

no avast mi to najde a da mi moznosti prejmenovat/smazat/presunout do truhly-vetsinou to mazu

ten log sem dat nemuzu protoze kdyz pustim exe toho programu tak mi vyskoci chybova hlaska:Instruukce na 0x100abf93 se odkazovala na pamet na 0x00000000. Pamet nemuze byt read.

Zkus si stáhnout program MWAV.exe a sem pak vložit tu část logu s nalezenými problémy.

Zkus přejmenovat stažený soubor HiJackThis.exe třeba na fluffy.bat a pak spusť soubor fluffy.bat a pokračuj podle návodu na HJT a vlož sem příslušný log.

Pokud by i pak nešel spustit tak řekni.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:52:16, on 10.10.2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\PnkBstrA.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINNT\SOUNDMAN.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\WINNT\system32\internat.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\WINNT\system32\CDRipUpd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\QIP\qip.exe
C:\WINNT\system32\PnkBstrB.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\user\Plocha\fluffy.bat

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5621007F-BBEE-4674-8077-94C3591DE7C3} - C:\WINNT\system32\khfcbxy.dll
O2 - BHO: (no name) - {5BFD7E35-46CC-42FB-A257-48F80770DE1E} - C:\WINNT\system32\ddayw.dll
O2 - BHO: (no name) - {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - C:\WINNT\system32\widfmiux.dll
O2 - BHO: (no name) - {E64F0381-0053-4842-B3E5-08F6C4A0AEB6} - C:\WINNT\system32\thgkjyba.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [FolderView] rundll32.exe "C:\WINNT\system32\gawldhdp.dll",sitypnow
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [CDRipUpd.exe] C:\WINNT\system32\CDRipUpd.exe
O4 - HKCU\..\Run: [QIP2005] C:\Program Files\QIP\qip.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
O4 - Global Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 7690118703
O17 - HKLM\System\CCS\Services\Tcpip\..\{D636C3C4-1089-403F-B528-D2F9E79B12D5}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: ddayw - C:\WINNT\system32\ddayw.dll
O20 - Winlogon Notify: khfcbxy - C:\WINNT\SYSTEM32\khfcbxy.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINNT\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINNT\system32\PnkBstrB.exe

--
End of file - 6909 bytes




pak uz to slo kdyz jsem to prejmenoval...dik(jak tohle vsechno vitee?:Dze to prejmenuju a ono to pujde:))

1) Postupuj podle tohoto návodu a vlož sem log z Vundofix. Najdeš ho po proběhnutí programu v tomto souboru: C:\VundoFix.txt

2)Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Poznámka:
Pokud ti po spuštění Combofix Avast zahlásí virus, jedná se o planý poplach. Jak se dostaneš do menu s volbou tak zvol možnost 2 a tím ukončíš Combofix. Pak klikni pravým tlačítkem myši na ikonu Avastu pravo dole a dej: Pozastavit poskytovatele -> Standadní štít a až ho pozastavíš tak teprve spusť Combofix. Po ukončení běhu Combofixu si obnov zpět Standardní štít.

1)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:53:30, on 11.10.2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\PnkBstrA.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINNT\system32\mobsync.exe
C:\WINNT\SOUNDMAN.EXE
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\WINNT\system32\CDRipUpd.exe
C:\Program Files\QIP\qip.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\user\Plocha\fluffy.bat

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [CDRipUpd.exe] C:\WINNT\system32\CDRipUpd.exe
O4 - HKCU\..\Run: [QIP2005] C:\Program Files\QIP\qip.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
O4 - Global Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 7690118703
O17 - HKLM\System\CCS\Services\Tcpip\..\{D636C3C4-1089-403F-B528-D2F9E79B12D5}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINNT\system32\PnkBstrA.exe

--
End of file - 6692 bytes

ComboFix 07-10-10.1 - user 10.10.2007 20:29:20.1 - NTFSx86
Microsoft Windows 2000 Professional 5.0.2195.4.1250.1.1029.18.82 [GMT 2:00]
Running from: C:\Documents and Settings\user\Plocha\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINNT\cookies.ini
C:\WINNT\system32\aegfuqtl.ini
C:\WINNT\system32\aikrxsjl.ini
C:\WINNT\system32\ddayw.dll
C:\WINNT\system32\gawldhdp.dll
C:\WINNT\system32\gyibberp.dll
C:\WINNT\system32\hsjlscyl.ini
C:\WINNT\system32\iotibitd.dll
C:\WINNT\system32\jguhdcds.dll
C:\WINNT\system32\khfcbxy.dll
C:\WINNT\system32\kohyjlwq.dll
C:\WINNT\system32\ljkfuajp.dll
C:\WINNT\system32\ljsxrkia.dll
C:\WINNT\system32\ltqufgea.dll
C:\WINNT\system32\lycsljsh.dll
C:\WINNT\system32\oaxgrihl.dll
C:\WINNT\system32\pdhdlwag.ini
C:\WINNT\system32\pjaufkjl.ini
C:\WINNT\system32\prebbiyg.ini
C:\WINNT\system32\qbgfwkrb.dll
C:\WINNT\system32\rjbuhiwg.dll
C:\WINNT\system32\rnpbjous.dll
C:\WINNT\system32\suojbpnr.ini
C:\WINNT\system32\thgkjyba.dll
C:\WINNT\system32\tovpbsjt.dll
C:\WINNT\system32\wyadd.bak1
C:\WINNT\system32\wyadd.bak1
C:\WINNT\system32\wyadd.bak2
C:\WINNT\system32\wyadd.bak2
C:\WINNT\system32\wyadd.ini
C:\WINNT\system32\wyadd.ini
C:\WINNT\system32\xybeg.ini2
C:\WINNT\system32\xybeg.tmp

.
((((((((((((((((((((((((( Files Created from 2007-09-10 to 2007-10-10 )))))))))))))))))))))))))))))))
.

2007-10-10 20:27 51,200 --a------ C:\WINNT\NirCmd.exe
2007-10-10 19:17 11,840 --a------ C:\WINNT\system32\widfmiux.dll
2007-10-10 18:18 11,840 --a------ C:\WINNT\system32\ibsnujff.dll
2007-10-10 17:21 11,840 --a------ C:\WINNT\system32\ahwytgyq.dll
2007-10-10 17:12 11,840 --a------ C:\WINNT\system32\qcqiwsvg.dll
2007-10-10 15:36 11,840 --a------ C:\WINNT\system32\tsgktsqv.dll
2007-10-10 13:48 11,840 --a------ C:\WINNT\system32\pwdnhqmj.dll
2007-10-10 12:48 11,840 --a------ C:\WINNT\system32\esbeqbtd.dll
2007-10-09 18:50 11,840 --a------ C:\WINNT\system32\pbydjdas.dll
2007-10-09 17:47 11,840 --a------ C:\WINNT\system32\iqmyindm.dll
2007-10-09 16:42 11,840 --a------ C:\WINNT\system32\cwlrdybk.dll
2007-10-09 14:39 11,840 --a------ C:\WINNT\system32\fhuxdmny.dll
2007-10-09 13:31 11,840 --a------ C:\WINNT\system32\bguxpnsg.dll
2007-10-09 13:31 11,840 --a------ C:\WINNT\system32\ahcdasop.dll
2007-10-09 12:38 11,840 --a------ C:\WINNT\system32\sdhkuvis.dll
2007-10-09 11:20 11,840 --a------ C:\WINNT\system32\cvbxdiuv.dll
2007-10-09 11:15 11,840 --a------ C:\WINNT\system32\olvuqvlq.dll
2007-10-08 19:44 <DIR> d-------- C:\Program Files\MSECache
2007-10-08 18:57 11,840 --a------ C:\WINNT\system32\bsggwofm.dll
2007-10-08 17:57 11,840 --a------ C:\WINNT\system32\wehevrsy.dll
2007-10-08 16:54 11,840 --a------ C:\WINNT\system32\ydkhwson.dll
2007-10-08 15:48 11,840 --a------ C:\WINNT\system32\iocsgonv.dll
2007-10-08 15:45 11,840 --a------ C:\WINNT\system32\ydymdrxp.dll
2007-10-08 14:51 11,840 --a------ C:\WINNT\system32\ttudtvem.dll
2007-10-08 13:51 11,840 --a------ C:\WINNT\system32\geecyvfb.dll
2007-10-08 13:46 11,840 --a------ C:\WINNT\system32\kdrcjeqx.dll
2007-10-07 18:56 11,840 --a------ C:\WINNT\system32\kyxteooh.dll
2007-10-07 17:56 11,840 --a------ C:\WINNT\system32\bakxxhef.dll
2007-10-07 16:56 11,840 --a------ C:\WINNT\system32\fthyypuf.dll
2007-10-07 15:50 11,840 --a------ C:\WINNT\system32\vupexlvq.dll
2007-10-07 14:47 11,840 --a------ C:\WINNT\system32\dlldbhmm.dll
2007-10-07 13:47 11,840 --a------ C:\WINNT\system32\inwxvhgq.dll
2007-10-07 12:47 11,840 --a------ C:\WINNT\system32\xkncgyia.dll
2007-10-07 11:47 11,840 --a------ C:\WINNT\system32\aldwgsfa.dll
2007-10-07 11:31 <DIR> d-------- C:\Program Files\FDRLab
2007-10-07 10:44 11,840 --a------ C:\WINNT\system32\qvfsxnfv.dll
2007-10-07 09:44 11,840 --a------ C:\WINNT\system32\kowrwclf.dll
2007-10-06 22:04 11,840 --a------ C:\WINNT\system32\jlxubesf.dll
2007-10-06 21:01 11,840 --a------ C:\WINNT\system32\brioskba.dll
2007-10-06 20:07 11,840 --a------ C:\WINNT\system32\pwfpbqpw.dll
2007-10-06 19:01 11,840 --a------ C:\WINNT\system32\dsfuaqxa.dll
2007-10-06 18:01 11,840 --a------ C:\WINNT\system32\tennupwm.dll
2007-10-06 16:58 11,840 --a------ C:\WINNT\system32\vesthqge.dll
2007-10-06 15:55 11,840 --a------ C:\WINNT\system32\hwmoadbf.dll
2007-10-06 14:58 11,840 --a------ C:\WINNT\system32\gxnoxusv.dll
2007-10-06 13:52 11,840 --a------ C:\WINNT\system32\jahdajxb.dll
2007-10-06 13:49 11,840 --a------ C:\WINNT\system32\resfgtjr.dll
2007-10-05 14:23 11,840 --a------ C:\WINNT\system32\mndprgta.dll
2007-10-04 14:23 11,840 --a------ C:\WINNT\system32\ftwtkoen.dll
2007-10-03 14:17 11,840 --a------ C:\WINNT\system32\bnwmklah.dll
2007-10-02 14:17 11,840 --a------ C:\WINNT\system32\efenreeo.dll
2007-10-01 14:02 11,840 --a------ C:\WINNT\system32\uxjlmboc.dll
2007-09-30 14:00 11,840 --a------ C:\WINNT\system32\pkpgxiaj.dll
2007-09-29 15:49 0 -ra------ C:\logwmemory.bin
2007-09-29 15:32 <DIR> d-------- C:\Soldat
2007-09-29 13:54 11,840 --a------ C:\WINNT\system32\vpsvnncf.dll
2007-09-27 13:50 11,840 --a------ C:\WINNT\system32\kvrvkpwo.dll
2007-09-26 15:27 11,840 --a------ C:\WINNT\system32\acyrqnyi.dll
2007-09-25 13:54 11,840 --a------ C:\WINNT\system32\snbjjusm.dll
2007-09-24 13:52 11,840 --a------ C:\WINNT\system32\injysitm.dll
2007-09-23 13:20 91,677 --a------ C:\WINNT\SETUPTS.EXE
2007-09-23 13:17 <DIR> d-------- C:\TERASOFT
2007-09-23 13:16 <DIR> d-------- C:\TS_CJ
2007-09-23 13:16 31,014 --a------ C:\WINNT\SETUP1.EXE
2007-09-23 12:04 11,840 --a------ C:\WINNT\system32\iajboctu.dll
2007-09-22 12:05 11,840 --a------ C:\WINNT\system32\qianhauj.dll
2007-09-21 20:46 <DIR> d-------- C:\Temp
2007-09-21 12:10 11,840 --a------ C:\WINNT\system32\vwugrhuu.dll
2007-09-19 19:36 <DIR> d-------- C:\Program Files\Teamspeak2_RC2
2007-09-19 18:51 11,840 --a------ C:\WINNT\system32\xymsvwbv.dll
2007-09-18 18:51 11,840 --a------ C:\WINNT\system32\gobylhnm.dll
2007-09-18 18:35 <DIR> d-------- C:\Program Files\Hamachi
2007-09-18 18:35 25,544 --a------ C:\WINNT\system32\drivers\hamachi.sys
2007-09-17 13:46 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_248.dat
2007-09-15 10:44 <DIR> d-------- C:\WINNT\QuickRipper
2007-09-15 10:44 <DIR> d-------- C:\Program Files\QuickRipper
2007-09-15 10:32 403,968 --a------ C:\WINNT\system32\NCTWMAFile2.dll
2007-09-15 10:31 <DIR> d-------- C:\Program Files\Okoker Audio Recorder & Editor
2007-09-15 10:17 <DIR> d-------- C:\Program Files\Free CD Rip
2007-09-15 10:17 158,208 --a------ C:\WINNT\system32\CDRipUpd.exe
2007-09-14 18:12 <DIR> d-------- C:\Program Files\WMA To MP3 Plus
2007-09-14 18:03 <DIR> d-------- C:\Program Files\Codec Pack - All In 1
2007-09-14 18:03 737,280 --a------ C:\WINNT\iun6002.exe
2007-09-11 18:05 <DIR> d-------- C:\Program Files\ESTsoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-10 17:50 --------- d-----w C:\Program Files\Call of Duty
2007-10-10 15:50 22,328 ----a-w C:\WINNT\system32\drivers\PnkBstrK.sys
2007-10-05 16:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-21 12:22 --------- d-----w C:\Program Files\GamePark
2007-09-15 11:47 --------- d-----w C:\Program Files\uTorrent
2007-09-12 17:29 --------- d-----w C:\Program Files\IrfanView
2007-09-08 20:16 --------- d-----w C:\Program Files\Cenega Czech
2007-09-06 10:05 94,416 ----a-w C:\WINNT\system32\drivers\aswmon2.sys
2007-09-06 10:05 92,848 ----a-w C:\WINNT\system32\drivers\aswmon.sys
2007-09-06 10:03 23,152 ----a-w C:\WINNT\system32\drivers\aswRdr.sys
2007-09-06 10:02 42,912 ----a-w C:\WINNT\system32\drivers\aswTdi.sys
2007-09-06 10:00 26,624 ----a-w C:\WINNT\system32\drivers\aavmker4.sys
2007-09-04 14:06 --------- d---a-w C:\Program Files\ICQLite
2007-09-04 11:59 --------- d-----w C:\Program Files\Common Files\Adaptec Shared
2007-09-02 08:50 --------- d-----w C:\Program Files\BSplayer Pro
2007-08-31 15:55 --------- d-----w C:\Program Files\QuickTime Alternative
2007-08-31 15:55 --------- d-----w C:\Program Files\Media Player Classic
2007-08-30 18:04 --------- d-----w C:\Program Files\Microsoft Works
2007-08-30 18:03 --------- d-----w C:\Program Files\Microsoft.NET
2007-08-25 10:21 --------- d-----w C:\Program Files\DAEMON Tools
2007-08-24 18:27 --------- d-----w C:\Program Files\QIP
2007-08-24 17:26 685,816 ----a-w C:\WINNT\system32\drivers\sptd.sys
2007-08-23 13:10 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-08-23 12:52 82,380 ----a-w C:\WINNT\system32\drivers\AFS2K.SYS
2007-08-23 12:52 --------- d-----w C:\Program Files\Hewlett-Packard
2007-08-23 10:35 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2007-08-23 10:06 --------- d-----w C:\Program Files\Zoner
2007-08-23 10:01 --------- d-----w C:\Program Files\Google
2007-08-23 09:21 --------- d-----w C:\Program Files\Nokia
2007-08-23 09:20 --------- d-----w C:\Program Files\Common Files\PCSuite
2007-08-23 09:20 --------- d-----w C:\Program Files\Common Files\Nokia
2007-08-23 08:24 --------- d-----w C:\Program Files\Winamp
2007-08-23 07:48 --------- d-----w C:\Program Files\MSXML 4.0
2007-08-22 13:41 --------- d-----w C:\Program Files\Sony Ericsson
2007-08-22 13:40 --------- d-----w C:\Program Files\SEMC
2007-08-22 13:36 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2007-08-22 13:30 97,056 ----a-w C:\WINNT\system32\drivers\W700mdm.sys
2007-08-22 13:30 9,264 ----a-w C:\WINNT\system32\drivers\W700mdfl.sys
2007-08-22 13:30 88,560 ----a-w C:\WINNT\system32\drivers\W700mgmt.sys
2007-08-22 13:30 86,368 ----a-w C:\WINNT\system32\drivers\W700obex.sys
2007-08-22 13:30 61,536 ----a-w C:\WINNT\system32\drivers\W700bus.sys
2007-08-22 13:30 6,208 ----a-w C:\WINNT\system32\drivers\W700cmnt.sys
2007-08-22 13:30 6,208 ----a-w C:\WINNT\system32\drivers\W700cm.sys
2007-08-22 13:30 5,840 ----a-w C:\WINNT\system32\drivers\W700whnt.sys
2007-08-22 13:30 5,840 ----a-w C:\WINNT\system32\drivers\W700wh.sys
2007-08-22 13:28 48,458,980 ----a-w C:\Program Files\Sony Ericsson PC Suite 1.20.173.msi
2007-08-22 13:27 3,584 ----a-w C:\Program Files\1033.MST
2007-08-22 12:10 --------- d-----w C:\Program Files\GRETECH
2007-08-22 11:51 --------- d-----w C:\Program Files\Skype
2007-08-22 11:51 --------- d-----w C:\Program Files\Common Files\Skype
2007-08-22 10:52 --------- d-----w C:\Program Files\Opera
2007-08-22 09:59 --------- d-----w C:\Program Files\Corel
2007-08-22 09:42 --------- d-----w C:\Program Files\Ahead
2007-08-22 09:41 --------- d-----w C:\Program Files\Common Files\Ahead
2007-08-21 20:07 57,344 ----a-w C:\WINNT\uneng.exe
2007-08-21 17:54 --------- d-----w C:\Program Files\VIA
2007-08-21 10:07 --------- d-----w C:\Program Files\Realtek Sound Manager
2007-08-21 10:07 --------- d-----w C:\Program Files\Realtek AC97
2007-08-21 10:07 --------- d-----w C:\Program Files\AvRack
2007-08-21 10:06 --------- d-----w C:\Program Files\IZArc
2007-08-21 09:55 --------- d-----w C:\Program Files\Příslušenství
2007-08-21 09:54 --------- d-----w C:\Program Files\Alwil Software
2007-08-21 09:09 --------- d-----w C:\Program Files\HWiNFO32
2007-08-21 08:59 --------- d-----w C:\Program Files\microsoft frontpage
2007-08-21 08:57 271 ---h--w C:\Program Files\desktop.ini
2007-08-21 08:57 22,034 ---h--w C:\Program Files\folder.htt
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B7672BAF-E9A3-49B6-86B2-C81719A18A4C}]
07-10-10 19:17 11840 --a------ C:\WINNT\system32\widfmiux.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [03-06-19 12:05 C:\WINNT\system32\mobsync.exe]
"NvCplDaemon"="C:\WINNT\system32\NvCpl.dll" [07-06-29 00:43 ]
"nwiz"="nwiz.exe" [07-06-29 00:43 C:\WINNT\system32\nwiz.exe]
"NvMediaCenter"="C:\WINNT\system32\NvMcTray.dll" [07-06-29 00:43 ]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [07-09-06 12:06 ]
"SoundMan"="SOUNDMAN.EXE" [06-11-17 05:42 C:\WINNT\soundman.exe]
"NeroFilterCheck"="C:\WINNT\system32\NeroCheck.exe" [01-07-09 11:50 ]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [05-10-26 16:17 ]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [05-03-22 09:39 ]
"DataLayer"="C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe" [05-03-31 09:30 ]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [00-09-05 02:00 C:\WINNT\system32\internat.exe]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [07-08-17 03:45 ]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" []
"µTorrent"="C:\Program Files\uTorrent\utorrent.exe" [06-07-02 18:29 ]
"CDRipUpd.exe"="C:\WINNT\system32\CDRipUpd.exe" [07-08-11 20:05 ]
"QIP2005"="C:\Program Files\QIP\qip.exe" [07-07-15 12:43 ]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"internat.exe"=internat.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

R0 SONYPVM1;Sony Memory Stick Driver(SONYPVM1);C:\WINNT\system32\DRIVERS\SONYPVM1.SYS
R0 videX32;videX32;C:\WINNT\system32\DRIVERS\videX32.sys
R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;C:\WINNT\system32\DRIVERS\dwvkbd.sys
R2 aswMon;avast! Standard Shield Support;C:\WINNT\system32\drivers\aswMon.sys
R2 HWiNFO32;HWiNFO32 Kernel Driver;\??\C:\Program Files\HWiNFO32\HWiNFO32.SYS
R3 DwMirror;DwMirror;C:\WINNT\system32\DRIVERS\DamewareMini.sys
R3 usbhub20;Podpora kořenového rozbočovač rozbočovače sběrnice USB 2.0;C:\WINNT\system32\DRIVERS\usbhub20.sys
R3 zebrceb;Sony Ericsson Cable Emulation Bus (WDM);C:\WINNT\system32\DRIVERS\zebrceb.sys
S3 W700bus;Sony Ericsson W700 Driver driver (WDM);C:\WINNT\system32\DRIVERS\W700bus.sys
S3 W700mdfl;Sony Ericsson W700 USB WMC Modem Filter;C:\WINNT\system32\DRIVERS\W700mdfl.sys
S3 W700mdm;Sony Ericsson W700 USB WMC Modem Driver;C:\WINNT\system32\DRIVERS\W700mdm.sys
S3 W700mgmt;Sony Ericsson W700 USB WMC Device Management Drivers (WDM);C:\WINNT\system32\DRIVERS\W700mgmt.sys
S3 W700obex;Sony Ericsson W700 USB WMC OBEX Interface;C:\WINNT\system32\DRIVERS\W700obex.sys

*Newly Created Service* - IPNAT
*Newly Created Service* - RASAUTO
*Newly Created Service* - SHAREDACCESS
.
Contents of the 'Scheduled Tasks' folder
"2007-09-23 16:19:10 C:\WINNT\Tasks\FRU Task #Hewlett-Packard#hp psc 1100 series#1187885890.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-10 20:37:05
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINNT\system32\Perflib_Perfdata_3d0.dat

scan completed successfully
hidden files: 1

**************************************************************************
.
Completion time: 2007-10-10 20:40:45 - machine was rebooted
.
--- E O F ---

Stáhni si SUPERAntiSpyware
Nainstaluj a spusť ho a klikni na tlačítko Check for Updates...
Po provedení Update klikni na tlačítko: Scan your computer
Zvol možnost: Perform Complete Scan a klikni na tlačítko Další >

Proběhne kontrola, po skončení vypíše vše co našel.
Ujisti se že všechny položko jsou zaškrtnuty a pak zvol tlačítko Další
Pak klikni na tlačítko Finish a měl by ses dostat na úvodní obrazovku.
Tam klikni na tlačítko: Preferences... a tam zvol záložku Statistics/Logs
Tam klikni na log s dnešním datem který tam bude a dej tlačítko: View Log...
Otevře se ti Okno s logem tak jeho obsah sem zkopíruj.

* * * * * * * * * * * * * * * * * * * * * * * * * * * *

Pak si stáhni Mwav, proveď update a vlož sem log ze spodního okna Virus Log Information. Nic v logu nehledej jak je uvedeno v návodu. Nastav si Mwav jak je tady na tom obrázku

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/14/2007 at 12:38 PM

Application Version : 3.9.1008

Core Rules Database Version : 3259
Trace Rules Database Version: 1270

Scan type : Complete Scan
Total Scan Time : 00:48:45

Memory items scanned : 420
Memory threats detected : 0
Registry items scanned : 5448
Registry threats detected : 4
File items scanned : 26113
File threats detected : 28

Adware.Vundo Variant
HKLM\Software\Classes\CLSID\{9E180F3E-3E0E-40BA-AE14-5B0DA4021375}
HKCR\CLSID\{9E180F3E-3E0E-40BA-AE14-5B0DA4021375}
HKCR\CLSID\{9E180F3E-3E0E-40BA-AE14-5B0DA4021375}\InprocServer32
HKCR\CLSID\{9E180F3E-3E0E-40BA-AE14-5B0DA4021375}\InprocServer32#ThreadingModel
C:\WINNT\SYSTEM32\GEBYX.DLL

Adware.Tracking Cookie
C:\Documents and Settings\user\Cookies\user@2o7[2].txt
C:\Documents and Settings\user\Cookies\user@adtech[1].txt
C:\Documents and Settings\user\Cookies\user@rambler[2].txt
C:\Documents and Settings\user\Cookies\user@atwola[2].txt
C:\Documents and Settings\user\Cookies\user@stats1.reliablestats[2].txt
C:\Documents and Settings\user\Cookies\user@adultfriendfinder[2].txt
C:\Documents and Settings\user\Cookies\user@atdmt[2].txt
C:\Documents and Settings\user\Cookies\user@please[1].txt
C:\Documents and Settings\user\Cookies\user@please[3].txt
C:\Documents and Settings\user\Cookies\user@altastat[1].txt
C:\Documents and Settings\user\Cookies\user@adredired[1].txt
C:\Documents and Settings\user\Cookies\user@windowsmedia[2].txt
C:\Documents and Settings\user\Cookies\user@please[4].txt
C:\Documents and Settings\user\Cookies\user@tradedoubler[2].txt
C:\Documents and Settings\user\Cookies\user@zedo[2].txt
C:\Documents and Settings\user\Cookies\user@doubleclick[1].txt
C:\Documents and Settings\user\Cookies\user@toplist[1].txt
C:\Documents and Settings\user\Cookies\user@interclick[2].txt
C:\Documents and Settings\user\Cookies\user@cpvfeed[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.watersoul[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@atwola[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@counter.msi.com[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@toplist[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@windowsmedia[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@yadro[1].txt