System allert

[meridian.c]

Dobrý den,

potřebovala bych poradit s problémem s vyskakujícím oknem System Allert.
Už jsem skenovala celý komp superantispy warem. A pořád se to tam objevuje.
V kurýrní službě jsem nastavila zákaz.
A přesto se pořád objevuje jakási blikající ikona - System Allert,
chce to přepnout na nějaký web a stáhnout tam něco, pravděpodobně viry apod.

Ještě mě napadlo se podívat do nastavení připojení na net.
Byla tam dána jako domovská adresa adresa toho serveru, ze kterého mi vyskakuje
to varování, dala jsem tam změnit domovskou adr. na about: blank
A ted mi tu vyskakuje okno varovani od superantispyware, že se někdo snaží
zase mi dát zpět tu domovskou adresu přes ten špatný server.. A musím odklikávat
do not allow this change.

Prosím, pomůže mi s tím někdo? Mám antivirový program - NOD32

Děkuji moooooc předem!

Výpis z hijackthis je nyní:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:59:44, on 21.2.2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\T-Mobile\web'n'walk Manager\Manager.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ostatní\Plocha\HIJ\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/ju.....&lid=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 66.98.238.8:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: SXG Advisor - {81F4697D-617D-40B4-85BA-C7684D9BC543} - C:\WINDOWS\dmdvpnvmq.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: emotigt - {B2F479AD-17DE-4F73-B844-7CF69003B916} - C:\WINDOWS\emotigt.dll
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [hgfedcba] c:\windows\system32\hgfedcba.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [Unldr16] c:\windows\system32\unldr16.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [T-Mobile Communication Centre] "C:\Program Files\T-Mobile\web'n'walk Manager\Manager.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/t.....p=ZNfox000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: cinternet - {DB313088-41A3-4D68-9076-698C73DDEE77} - C:\Documents and Settings\Ostatní\Nabídka Start\Programy\cinternet\cinternet.lnk (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O16 - DPF: {26D73573-F1B3-48C9-A989-E6CE071957A1} - http://akamai.downloadv3.com/b.....057_XP.cab
O16 - DPF: {AD688740-5246-40C3-AF27-090006046834} - http://v-nature.biz/e/tshomer/tshomer.exe
O16 - DPF: {BFC9677B-8006-4336-9D49-2C797AEFCB9E} - http://akamai.downloadv3.com/b.....058_XP.cab
O16 - DPF: {C2481ED1-9896-4D49-AE90-69858DFDE446} - http://scripts.downloadv3.com/.....073_XP.cab
O16 - DPF: {EF4DCD99-D26B-44A4-BA77-CFDCC97E7291} - http://akamai.downloadv3.com/b.....062_XP.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/downloa....._1_6_0.cab
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} (ddm_download.ddm_control) - http://download.rfwnad.com/cab/toolbar.CAB
O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downloadv3.com/b....._EN_XP.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B3D7A085-8106-4060-94B9-A5D8B5508B0B}: NameServer = 62.84.128.6
O18 - Filter hijack: text/html - {4C2EAFBF-7262-487A-BD6A-EE2EEFD8BED0} - C:\Documents and Settings\Ostatní\Local Settings\Data aplikací\microsoft\internet explorer\V0.39.dat
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: admgcx - {F6274F7A-6A78-4300-B763-7CC59FD3AD79} - C:\WINDOWS\admgcx.dll
O21 - SSODL: bdmanager - {CCCACB02-7121-4336-9B40-45BDDD21AD66} - C:\WINDOWS\bdmanager.dll
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: VNC Server (winvnc) - Constantin Kaplinsky - C:\Program Files\TightVNC\WinVNC.exe

[Reklama]

[memphisto]

Vítej na fóru PC-HELP.CZ

nezakládej prosím více stejných témat! pokračuj tady. vyčkej na rady

prosím o LOCK tady toho: viewtopic.php?t=24449

[Baron Prášil]

tak vítej na fóru
tento log je z počítače,který již není tvůj. je virů

vypni obnovu systému
pravím na Tento počítač>vlastnosti>obnova systému a zaškrtni a ok a potvrdit

začneme tím,že zkontroluješ jestli máš zapnutej firewall ve windows(ovl.panely)

ty nody tam máš dva najednou-starej i novej,běž do ovl.panelů>přidat odebrat a odinstaluj
Antivirový systém NOD32

po tom restartu,vypni štít toho novýho noda a použij tyto dva nástroje
COMBOFIX
Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log, který se ti zobrazí, jinak ho najdeš zde: C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Stáhni si SDFix
a spusť ho,vybalí se do vlastní složky (bude asi na C:\SDfix).

Poté restartuj PC do nouzového režimu.Otevři složku kde je vybalený SDFix a spusť soubor RunThis.bat a stiskni Y pro zahájení čistícího procesu.
Pro dokončení bude třeba stisknout libovolnou klávesu a počítač se restartuje.
Při nabíhání operačního systému budeš muset po vyzvání stisknout libovolnou klávesu pro vstup do do Win.

Po naběhnutí OS by ti měl zobrazit výpis SDFixu tak ho sem zkopíruj. pokud ti nevyběhne tak je umístěný ve své vlastní složce jako Report.txt+ pošli nový HJT log.

udělej co pude,co nepude přeskoč,pošli logy a povídání

(musím tě,již bez legrace upozornit,že toto je skutečně unikum a já ti při nejlepší vůli nemůžu zaručit
že se komp bude po likvidaci šmejdů chovat jako novej a je v tomto případě asi více než jen zanedbatelná teoretická možnost,že bude nakonec stejně třeba přeinstal)

[meridian.c]

Ahoj Barone

Díky moc za pomoc..

Za chvíli se vypravím k tomu nakaženému miminku a věřím,
že zvládnu vše, co si mi tu popsal.

Je to peklo

[meridian.c]

ComboFix 08-02-22 - Ostatní 2008-02-22 10:03:36.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.1.1250.1.1029.18.57 [GMT 1:00]Running from: C:\Documents and Settings\Ostatní\Plocha\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\Ostatnˇ\Plocha\Error Cleaner.url
C:\Documents and Settings\Ostatnˇ\Plocha\Privacy Protector.url
C:\Documents and Settings\Ostatní\Oblíbené položky\Error Cleaner.url
C:\Documents and Settings\Ostatní\Oblíbené položky\Privacy Protector.url
C:\Documents and Settings\Ostatní\Oblíbené položky\Spyware&Malware Protection.url
C:\Documents and Settings\Ostatní\Plocha\Spyware&Malware Protection.url
C:\Program Files\DDM
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.htmlx
C:\Program Files\mailskinner
C:\Program Files\mailskinner\anim_0.gif
C:\Program Files\mailskinner\anim_help.gif
C:\Program Files\mailskinner\OESkinner.dll
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\3.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\3.bin\F3CJPEG.DLL
C:\Program Files\MyWebSearch\bar\3.bin\F3DTACTL.DLL
C:\Program Files\MyWebSearch\bar\3.bin\F3HISTSW.DLL
C:\Program Files\MyWebSearch\bar\3.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\3.bin\F3POPSWT.DLL
C:\Program Files\MyWebSearch\bar\3.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\3.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\3.bin\F3SCRCTR.DLL
C:\Program Files\MyWebSearch\bar\3.bin\F3SCHMON.EXE
C:\Program Files\MyWebSearch\bar\3.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\3.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\3.bin\F3WPHOOK.DLL
C:\Program Files\MyWebSearch\bar\3.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\3.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\3.bin\M3NTSTBR.JAR
C:\Program Files\MyWebSearch\bar\3.bin\M3OUTLCN.DLL
C:\Program Files\MyWebSearch\bar\3.bin\M3PLUGIN.DLL
C:\Program Files\MyWebSearch\bar\3.bin\M3SKIN.DLL
C:\Program Files\MyWebSearch\bar\3.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\3.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\3.bin\NPMYWEBS.DLL
C:\Program Files\MyWebSearch\bar\Cache\000128A3
C:\Program Files\MyWebSearch\bar\Cache\000156E0.bin
C:\Program Files\MyWebSearch\bar\Cache\000173E6.bin
C:\Program Files\MyWebSearch\bar\Cache\00019260.bin
C:\Program Files\MyWebSearch\bar\Cache\0001A2D8
C:\Program Files\MyWebSearch\bar\Cache\0001A4B8.bin
C:\Program Files\MyWebSearch\bar\Cache\0001CE3A.bin
C:\Program Files\MyWebSearch\bar\Cache\0001F359.bin
C:\Program Files\MyWebSearch\bar\Cache\001650AA
C:\Program Files\MyWebSearch\bar\Cache\0016BA67
C:\Program Files\MyWebSearch\bar\Cache\0016C565
C:\Program Files\MyWebSearch\bar\Cache\002DD3A2.bin
C:\Program Files\MyWebSearch\bar\Cache\00374DB3.bin
C:\Program Files\MyWebSearch\bar\Cache\0037612E.bin
C:\Program Files\MyWebSearch\bar\Cache\00376F2F.bin
C:\Program Files\MyWebSearch\bar\Cache\0049FDCE
C:\Program Files\MyWebSearch\bar\Cache\files.ini
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\WINDOWS\dat.txt
C:\WINDOWS\Downloaded Program Files\egdaccess.inf
C:\WINDOWS\Downloaded Program Files\netslv32.inf
C:\WINDOWS\msskinner
C:\WINDOWS\msskinner\msbackup.dat
C:\WINDOWS\system32\eoyjghpfzl.dat
C:\WINDOWS\system32\eoyjghpfzl_nav.dat
C:\WINDOWS\system32\eoyjghpfzl_navps.dat

----- BITS: Possible infected sites -----

hxxp://onsafepro.com
.
((((((((((((((((((((((((( Files Created from 2008-01-22 to 2008-02-22 )))))))))))))))))))))))))))))))
.

2008-02-21 15:22 . 2008-02-21 15:22 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\SUPERAntiSpyware.com
2008-02-21 15:21 . 2008-02-21 18:20 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-21 15:21 . 2008-02-21 15:21 <DIR> d-------- C:\Documents and Settings\Ostatní\Data aplikací\SUPERAntiSpyware.com
2008-02-21 15:21 . 2008-02-21 15:21 <DIR> d-------- C:\Documents and Settings\Ostatní\Data aplikací\SUPERAntiSpyware.com
2008-02-21 15:21 . 2008-02-21 15:21 <DIR> d-------- C:\Documents and Settings\Ostatní\Data aplikací\SUPERAntiSpyware.com
2008-02-21 14:54 . 2008-02-21 14:54 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-21 14:10 . 2008-02-21 14:10 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\ESET
2008-02-21 13:50 . 2008-02-21 13:50 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-02-21 13:45 . 2008-02-21 13:45 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab Setup Files
2008-02-20 10:38 . 2008-02-20 10:38 <DIR> d-------- C:\Program Files\Hide IP Platinum2
2008-02-20 10:36 . 2008-02-20 00:04 344,064 --a------ C:\WINDOWS\dmdvpnvmq.dll
2008-02-20 10:36 . 2008-02-20 00:04 286,720 --a------ C:\WINDOWS\bdmanager.dll
2008-02-20 10:36 . 2008-02-20 00:04 249,856 --a------ C:\WINDOWS\admgcx.dll
2008-02-20 10:36 . 2008-02-20 00:04 221,184 --a------ C:\WINDOWS\emotigt.dll
2008-02-20 10:36 . 2008-02-20 00:04 94,208 --a------ C:\WINDOWS\fsxloqf.exe
2008-02-20 08:44 . 2008-02-20 08:44 32 --a------ C:\WINDOWS\go
2008-02-07 19:43 . 2008-02-14 19:36 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-07 19:43 . 2008-02-07 19:43 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-21 15:01 --------- d-----w C:\Program Files\Common Files\CMEII
2008-02-21 13:10 --------- d-----w C:\Program Files\ESET
2008-02-09 13:51 --------- d-----w C:\Program Files\DC++
2008-01-25 17:16 --------- d-----w C:\Program Files\ICQ6
2008-01-24 19:49 --------- d-----w C:\Documents and Settings\Ostatní\Data aplikací\ICQ
2008-01-24 19:49 --------- d-----w C:\Documents and Settings\Ostatní\Data aplikací\ICQ
2008-01-24 19:49 --------- d-----w C:\Documents and Settings\Ostatní\Data aplikací\ICQ
2006-10-06 16:11 1,355,912 ----a-w C:\Documents and Settings\Ostatní\install_flash_player.exe
2006-10-06 16:11 1,355,912 ----a-w C:\Documents and Settings\Ostatní\install_flash_player.exe
2006-07-15 21:10 11,007,760 ----a-w C:\Documents and Settings\Ostatní\setupcze.exe
2006-07-15 21:10 11,007,760 ----a-w C:\Documents and Settings\Ostatní\setupcze.exe
2006-05-13 10:38 6,078,464 ----a-w C:\Documents and Settings\Ostatní\icq5_1_setup.exe
2006-05-13 10:38 6,078,464 ----a-w C:\Documents and Settings\Ostatní\icq5_1_setup.exe
2005-03-01 17:13 4,275,280 ----a-w C:\Documents and Settings\Ostatní\icq5_setup.exe
2005-03-01 17:13 4,275,280 ----a-w C:\Documents and Settings\Ostatní\icq5_setup.exe
2005-01-20 13:16 1,690 ----a-w C:\Program Files\INSTALL.LOG
1999-08-26 07:38 96,935 ------w C:\Program Files\readme.html
1998-03-24 11:10 3,824 ------w C:\Program Files\newdaisy.gif
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{81F4697D-617D-40B4-85BA-C7684D9BC543}]
2008-02-20 00:04 344064 --a------ C:\WINDOWS\dmdvpnvmq.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4FE6-8A56-BBB695989046}
{8E718888-423F-11D2-876E-00A0C9082467}
{B2F479AD-17DE-4F73-B844-7CF69003B916}

[HKEY_CLASSES_ROOT\clsid\{b2f479ad-17de-4f73-b844-7cf69003b916}]
[HKEY_CLASSES_ROOT\emotigt.1]
[HKEY_CLASSES_ROOT\TypeLib\{46BE135C-8A32-46C9-9420-3018DF1BC3CB}]
[HKEY_CLASSES_ROOT\emotigt]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-20 17:05 13312]
"WebCamRT.exe"="" []
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" [ ]
"Unldr16"="c:\windows\system32\unldr16.exe" [ ]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2007-10-22 16:45 177400]
"T-Mobile Communication Centre"="C:\Program Files\T-Mobile\web'n'walk Manager\Manager.exe" [2007-02-21 14:28 928448]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-08-18 10:49 307200]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 16:54 127022]
"LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 17:32 155648]
"LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 17:31 61440]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-05-02 14:19 4640768]
"nwiz"="nwiz.exe" [2003-05-02 14:19 323584 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2002-10-16 11:24 47104 C:\WINDOWS\SOUNDMAN.EXE]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-06-04 11:38 286720]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-07-05 15:45 98304]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [ ]
"hgfedcba"="c:\windows\system32\hgfedcba.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03 36975]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 08:21 1443072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-09-20 17:05 13312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2002-11-27 15:48 52224 C:\WINDOWS\system32\narrator.exe]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"admgcx"= {F6274F7A-6A78-4300-B763-7CC59FD3AD79} - C:\WINDOWS\admgcx.dll [2008-02-20 00:04 249856]
"bdmanager"= {CCCACB02-7121-4336-9B40-45BDDD21AD66} - C:\WINDOWS\bdmanager.dll [2008-02-20 00:04 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

R1 atm;NettGain 1200 ATM;C:\WINDOWS\System32\drivers\atm.sys [2005-10-06 17:58]
R1 epfwtdir;epfwtdir;C:\WINDOWS\System32\DRIVERS\epfwtdir.sys [2007-12-21 08:21]
R1 TSM;TSM Driver - Layered Version;C:\WINDOWS\System32\drivers\tsm.sys [2005-10-26 10:38]
R2 Ethpdrv;Ethernet Packet Driver;C:\WINDOWS\System32\DRIVERS\ethpdrv.sys [2005-09-08 00:18]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\System32\DRIVERS\psched.sys [2002-08-29 00:35]
S3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\System32\DRIVERS\CamDrL21.sys [2002-12-10 16:53]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-22 10:05:59
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-22 10:07:04
ComboFix-quarantined-files.txt 2008-02-22 09:06:50
.
2008-02-22 07:50:18 --- E O F ---





No a teď jdu na ten SDFix[/b]

[meridian.c]

SDFix: Version 1.144

Run by Ostatní on pá 22.02.2008 at 10:26

Microsoft Windows XP [Verze 5.1.2600]
Running From: C:\SDFix

Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default HomePage Value
Restoring Default Desktop Components Value

Rebooting...


Checking Files:

Trojan Files Found:

C:\Documents and Settings\Ostatní\Plocha\Error Cleaner.url - Deleted
C:\Documents and Settings\Ostatní\Plocha\Privacy Protector.url - Deleted
C:\WINDOWS\admgcx.dll - Deleted
C:\WINDOWS\bdmanager.dll - Deleted
C:\WINDOWS\emotigt.dll - Deleted
C:\WINDOWS\fsxloqf.exe - Deleted
C:\WINDOWS\DMDVPN~1.DLL - Deleted
C:\WINDOWS\DMDVPN~1.DLL - Deleted





Removing Temp Files...

ADS Check:



Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-22 10:30:19
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\\f\1e]
"SlowInfoCache"=hex:28,02,00,00,01,00,00,00,00,40,01,00,00,00,00,00,00,11,b1,b8,92,..
"Changed"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?\xe9?)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1\xed?)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\f\1e]
"DisplayName"="\x010ce\x161tina do Hide IP Platinum 3.21"
"UninstallString"="C:\Program Files\Hide IP Platinum2\Odinstalovat.exe"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Sat 13 Nov 2004 37,376 ...H. --- "C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe"

Finished!

[meridian.c]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:37:37, on 22.2.2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\ICQ6\ICQ.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\T-Mobile\web'n'walk Manager\Manager.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ostatní\Plocha\HIJ\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 66.98.238.8:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [hgfedcba] c:\windows\system32\hgfedcba.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [Unldr16] c:\windows\system32\unldr16.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [T-Mobile Communication Centre] "C:\Program Files\T-Mobile\web'n'walk Manager\Manager.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZNfox000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: cinternet - {DB313088-41A3-4D68-9076-698C73DDEE77} - C:\Documents and Settings\Ostatní\Nabídka Start\Programy\cinternet\cinternet.lnk (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O16 - DPF: {AD688740-5246-40C3-AF27-090006046834} - http://v-nature.biz/e/tshomer/tshomer.exe
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.compani ... _1_6_0.cab
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} (ddm_download.ddm_control) - http://download.rfwnad.com/cab/toolbar.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{B3D7A085-8106-4060-94B9-A5D8B5508B0B}: NameServer = 62.84.128.6
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: VNC Server (winvnc) - Constantin Kaplinsky - C:\Program Files\TightVNC\WinVNC.exe

--
End of file - 7524 bytes

[meridian.c]

Udělala jsem vše, jak jsem dostala v instrukcích.

Už tu varování system allert nevyskakuje, už ani nevyskakuje to
okno exploreru, ze kterého to chtělo cosi stahovat.
Ani tu už nevyskakuje žluté okno, které mě strašně varovalo o
infekci, kterou můžu vyléčit pouze kliknutím na ANO..

[Baron Prášil]

tady asi přizveme ke konzultaci římskokatolickou církev-protože tohle je zázrak!(viz.hořící keř )

fixni
v okně programu HJT zaškrtni nalevo u položek co napíšu a potom klik na Fix checked
O4 - HKCU\..\Run: [Unldr16] c:\windows\system32\unldr16.exe
O4 - HKLM\..\Run: [hgfedcba] c:\windows\system32\hgfedcba.exe /install
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/t.....p=ZNfox000
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O16 - DPF: {AD688740-5246-40C3-AF27-090006046834} - http://v-nature.biz/e/tshomer/tshomer.exe
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/downloa....._1_6_0.cab
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} (ddm_download.ddm_control) - http://download.rfwnad.com/cab/toolbar.CAB

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:

Kód: Vybrat vše

File::
C:\WINDOWS\dmdvpnvmq.dll
C:\WINDOWS\bdmanager.dll
C:\WINDOWS\admgcx.dll
C:\WINDOWS\emotigt.dll
C:\WINDOWS\fsxloqf.exe
c:\windows\system32\unldr16.exe
c:\windows\system32\hgfedcba.exe

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{81F4697D-617D-40B4-85BA-C7684D9BC543}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Unldr16"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hgfedcba"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"admgcx"=-
"bdmanager"=-

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu+log z hijackthis+info ochování kompu

[meridian.c]

ComboFix 08-02-22 - Ostatní 2008-02-22 11:19:50.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.1.1250.1.1029.18.70 [GMT 1:00]
Running from: C:\Documents and Settings\Ostatní\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\Ostatní\Plocha\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-01-22 to 2008-02-22 )))))))))))))))))))))))))))))))
.

2008-02-22 10:24 . 2008-02-22 10:24 <DIR> d-------- C:\WINDOWS\ERUNT
2008-02-22 10:17 . 2008-02-22 10:33 <DIR> d-------- C:\SDFix
2008-02-21 15:22 . 2008-02-21 15:22 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\SUPERAntiSpyware.com
2008-02-21 15:21 . 2008-02-21 18:20 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-21 15:21 . 2008-02-21 15:21 <DIR> d-------- C:\Documents and Settings\Ostatní\Data aplikací\SUPERAntiSpyware.com
2008-02-21 15:21 . 2008-02-21 15:21 <DIR> d-------- C:\Documents and Settings\Ostatní\Data aplikací\SUPERAntiSpyware.com
2008-02-21 15:21 . 2008-02-21 15:21 <DIR> d-------- C:\Documents and Settings\Ostatní\Data aplikací\SUPERAntiSpyware.com
2008-02-21 14:54 . 2008-02-21 14:54 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-21 14:10 . 2008-02-21 14:10 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\ESET
2008-02-21 13:50 . 2008-02-21 13:50 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-02-21 13:45 . 2008-02-21 13:45 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab Setup Files
2008-02-20 10:38 . 2008-02-20 10:38 <DIR> d-------- C:\Program Files\Hide IP Platinum2
2008-02-20 08:44 . 2008-02-20 08:44 32 --a------ C:\WINDOWS\go
2008-02-07 19:43 . 2008-02-14 19:36 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-07 19:43 . 2008-02-07 19:43 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-21 15:01 --------- d-----w C:\Program Files\Common Files\CMEII
2008-02-21 13:10 --------- d-----w C:\Program Files\ESET
2008-02-09 13:51 --------- d-----w C:\Program Files\DC++
2008-01-25 17:16 --------- d-----w C:\Program Files\ICQ6
2008-01-24 19:49 --------- d-----w C:\Documents and Settings\Ostatní\Data aplikací\ICQ
2008-01-24 19:49 --------- d-----w C:\Documents and Settings\Ostatní\Data aplikací\ICQ
2008-01-24 19:49 --------- d-----w C:\Documents and Settings\Ostatní\Data aplikací\ICQ
2006-10-06 16:11 1,355,912 ----a-w C:\Documents and Settings\Ostatní\install_flash_player.exe
2006-10-06 16:11 1,355,912 ----a-w C:\Documents and Settings\Ostatní\install_flash_player.exe
2006-07-15 21:10 11,007,760 ----a-w C:\Documents and Settings\Ostatní\setupcze.exe
2006-07-15 21:10 11,007,760 ----a-w C:\Documents and Settings\Ostatní\setupcze.exe
2006-05-13 10:38 6,078,464 ----a-w C:\Documents and Settings\Ostatní\icq5_1_setup.exe
2006-05-13 10:38 6,078,464 ----a-w C:\Documents and Settings\Ostatní\icq5_1_setup.exe
2005-03-01 17:13 4,275,280 ----a-w C:\Documents and Settings\Ostatní\icq5_setup.exe
2005-03-01 17:13 4,275,280 ----a-w C:\Documents and Settings\Ostatní\icq5_setup.exe
2005-01-20 13:16 1,690 ----a-w C:\Program Files\INSTALL.LOG
1999-08-26 07:38 96,935 ------w C:\Program Files\readme.html
1998-03-24 11:10 3,824 ------w C:\Program Files\newdaisy.gif
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-20 17:05 13312]
"WebCamRT.exe"="" []
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" [ ]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2007-10-22 16:45 177400]
"T-Mobile Communication Centre"="C:\Program Files\T-Mobile\web'n'walk Manager\Manager.exe" [2007-02-21 14:28 928448]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-08-18 10:49 307200]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[meridian.c]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:33:45, on 22.2.2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\T-Mobile\web'n'walk Manager\Manager.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Ostatní\Plocha\HIJ\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 66.98.238.8:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [T-Mobile Communication Centre] "C:\Program Files\T-Mobile\web'n'walk Manager\Manager.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZNfox000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: cinternet - {DB313088-41A3-4D68-9076-698C73DDEE77} - C:\Documents and Settings\Ostatní\Nabídka Start\Programy\cinternet\cinternet.lnk (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{B3D7A085-8106-4060-94B9-A5D8B5508B0B}: NameServer = 62.84.128.6
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: VNC Server (winvnc) - Constantin Kaplinsky - C:\Program Files\TightVNC\WinVNC.exe

--
End of file - 6892 bytes

[meridian.c]

Zdá se, že se chová docela normálně.

Nepozoruji, že by byl nějak pomalý. Programy snad také
pracují v celku normálně.

Žádné varovné a vykakovácí okna... Nic..

Zatím nepozoruji nic neobvyklého..

Jinak jsi teda tak trošku profi machýrek


A mám za co děkovat...