PC-HELP.CZ

České diskuzní fórum o počítačích
https://pc-help.cnews.cz/

Chybová hláška - pravděpodobně infekce+HJT

https://pc-help.cnews.cz/viewtopic.php?f=47&t=28129

Stránka 1 z 1

Chybová hláška - pravděpodobně infekce+HJT

Napsal: 07 čer 2008 17:18
od fidis
Ahoj

V poslední době mě doslova ubíjí tato hláška:

Obrázek

Oběvuje se při procházení adresáři či spouštění programů s náhodnou častostí. Awast ani SpyDoctor si s problémem nic nenašli, posloužil až mwav

tohle mi po testu našel mwav:

Soubor C:\WINDOWS\apsagy.dll je infikovaný virem Trojan.Win32.Inject.coe !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\WINDOWS\apsagy.dll je infikovaný virem Trojan.Win32.Inject.coe !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\WINDOWS\apsagy.dll je infikovaný virem Trojan.Win32.Inject.coe !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\DOCUME~1\user\LOCALS~1\Temp\A11-tmpaASI.exe//PE_Patch.UPX//UPX je infikovaný virem Trojan.Win32.Inject.coe !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Documents and Settings\user\Dokumenty\Hudba\andrew spence.mp3 je infikovaný virem Trojan-Downloader.WMA.Wimad.n !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Documents and Settings\user\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\dfbswxxv.default\Cache\4499FF9Fd01//data0003 indentifikován jako "not-a-virus:FraudTool.Win32.IeDefender.cy". Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Documents and Settings\user\Local Settings\Temp\A11-tmpaASI.exe//PE_Patch.UPX//UPX je infikovaný virem Trojan.Win32.Inject.coe !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\WINDOWS\apsagy.dll je infikovaný virem Trojan.Win32.Inject.coe !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\WINDOWS\system32\247880\247880.dll//PE_Patch.UPX//UPX indentifikován jako "not-a-virus:AdWare.Win32.E404.co". Provedené akce: Ponecháno, neodstraněno!.


a zde je log z HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:59:13, on 7.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Seznam\Postak\Postak.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Documents and Settings\user\Plocha\DC\StrongDC.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\user\LOCALS~1\Temp\mexe.com
C:\DOCUME~1\user\LOCALS~1\Temp\ScanningProcess.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SACert Class - {740FE5FB-65F1-46C5-9E54-A19C8A8D7AC2} - C:\WINDOWS\system32\SoftAheadCert.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: SVC plugin - {7EA5E375-6136-496E-9616-E03B4F9EA1C0} - C:\WINDOWS\apsagy.dll
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam\Postak\SRank.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SMail] "C:\Program Files\Seznam\Postak\Postak.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

--
End of file - 9696 bytes

no a to je zatím vše, jinak nic víc nevim. Předem díky za vaší pomoc

Re: Chybová hláška - pravděpodobně infekce

Napsal: 07 čer 2008 17:26
od ReCall
Hláška píše trojany, něco tam bude, ale je to taková reklama na antispyware.
Počkej na kontrolu logu, připiš do názvu +HJT.

Re: Chybová hláška - pravděpodobně infekce+HJT

Napsal: 08 čer 2008 18:42
od zlobyl
Použij ComboFix:
fredik píše:Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Re: Chybová hláška - pravděpodobně infekce+HJT

Napsal: 08 čer 2008 20:20
od fidis
Zde je žádaný log:

ComboFix 08-06-07.3 - user 2008-06-08 19:54:29.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.513 [GMT 2:00]
Running from: C:\Documents and Settings\user\Plocha\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\smp.bat
C:\WINDOWS\apsagy.dll
C:\WINDOWS\regedit.com
C:\WINDOWS\system32\taskmgr.com

.
((((((((((((((((((((((((( Files Created from 2008-05-08 to 2008-06-08 )))))))))))))))))))))))))))))))
.

2008-06-07 16:58 . 2008-06-07 16:58 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-07 16:52 . 2008-06-07 16:52 0 --a------ C:\23990098.$$$
2008-06-07 13:53 . 2008-06-07 13:53 <DIR> d-a------ C:\WINDOWS\zts2.exe
2008-06-07 13:53 . 2008-06-07 13:53 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2008-06-07 13:53 . 2008-06-07 13:53 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2008-06-07 13:53 . 2008-06-07 13:53 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2008-06-07 13:53 . 2008-06-07 13:53 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2008-06-07 13:53 . 2008-06-07 13:53 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2008-06-07 13:50 . 2008-06-08 19:39 50 --a------ C:\WINDOWS\Lic.xxx
2008-06-07 13:48 . 2006-03-02 14:00 147,968 --a------ C:\WINDOWS\R.COM
2008-06-07 13:48 . 2006-03-02 14:00 137,216 --a------ C:\WINDOWS\system32\T.COM
2008-06-07 12:24 . 2008-06-07 12:24 <DIR> d-------- C:\Program Files\Uniblue
2008-06-06 19:08 . 2008-06-06 19:12 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-06-06 18:14 . 2008-06-06 18:14 <DIR> d-------- C:\WINDOWS\system32\247880
2008-06-06 17:23 . 2008-06-06 17:23 <DIR> d-------- C:\Program Files\Electronic Arts
2008-06-05 15:31 . 2008-06-06 18:02 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-06-05 15:31 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-06-05 15:31 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-06-05 15:31 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-06-05 15:31 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-06-05 14:18 . 2008-06-08 20:00 <DIR> d-------- C:\Program Files\PeerGuardian2
2008-06-02 18:46 . 2008-06-02 18:46 <DIR> d-------- C:\Program Files\Webteh
2008-06-02 17:09 . 2008-06-02 18:55 771 -r-h----- C:\WINDOWS\system32\ttri.dat
2008-06-02 17:07 . 2008-06-02 17:07 <DIR> d-------- C:\Program Files\LANGMaster
2008-05-25 17:27 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-05-25 17:27 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2008-05-25 17:27 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2008-05-25 17:27 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2008-05-25 17:27 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2008-05-25 17:27 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2008-05-25 17:27 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2008-05-25 17:27 . 2007-07-20 00:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2008-05-25 12:25 . 2008-05-25 12:25 <DIR> d-------- C:\Documents and Settings\user\SystemRequirementsLab
2008-05-20 16:30 . 2008-05-30 14:43 <DIR> d-------- C:\Program Files\DOSBox-0.72
2008-05-15 20:45 . 2008-05-15 20:45 <DIR> d-------- C:\Documents and Settings\NetworkService\Dokumenty
2008-05-14 14:07 . 2008-05-14 14:07 <DIR> d-------- C:\Program Files\Google
2008-05-11 19:42 . 2008-05-11 19:42 <DIR> d--h----- C:\WINDOWS\PIF
2008-05-09 11:39 . 2008-05-09 11:39 <DIR> d-------- C:\Program Files\CodePad
2008-05-09 11:30 . 2008-05-14 13:30 <DIR> d-------- C:\ThiefG
2008-05-08 17:33 . 1996-11-11 08:00 51,472 -ra------ C:\WINDOWS\system32\dllcache\IMAGECFG.EXE
2008-05-08 17:32 . 1996-11-11 08:00 51,472 -ra------ C:\WINDOWS\system32\IMAGECFG.EXE
2008-05-08 13:17 . 2008-05-08 13:17 <DIR> d-------- C:\Thief 2 ¬eçtina
2008-05-08 12:33 . 2008-05-08 12:33 58,151 --a------ C:\WINDOWS\system32\Uninstal.exe
2008-05-08 11:54 . 2008-05-19 18:24 <DIR> d-------- C:\Program Files\Thief2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-07 11:13 --------- d-----w C:\Program Files\AV MP3 Player-Morpher
2008-06-07 10:11 --------- d-----w C:\Program Files\CyberLink DVD Solution
2008-06-07 09:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-06 16:58 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys.91082292
2008-05-25 15:17 --------- d-----w C:\Program Files\Ubisoft
2008-05-25 10:25 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-05-23 16:46 --------- d-----w C:\Program Files\Railroad Tycoon 3
2008-05-14 16:12 --------- d-----w C:\Program Files\VirtualDJ
2008-04-28 17:51 --------- d-----w C:\Program Files\BitComet FLV Converter
2008-04-28 15:14 --------- d-----w C:\Program Files\Acala 3GP Movies Free
2008-04-28 15:04 --------- d-----w C:\Program Files\MediaCoder
2008-04-28 13:43 --------- d-----w C:\Program Files\AV Music Morpher Gold
2008-04-27 14:56 --------- d-----w C:\Program Files\Common Files\Futuremark Shared
2008-04-27 14:28 --------- d-----w C:\Program Files\IVCsoft
2008-04-27 12:36 --------- d-----w C:\Program Files\QuickMediaConverter
2008-04-18 19:43 --------- d-----w C:\Program Files\ICQ6
2008-04-12 13:28 --------- d-----w C:\Program Files\Medieval II Total War
2008-04-10 14:49 --------- d-----w C:\Program Files\EA GAMES
2008-04-10 08:32 --------- d-----w C:\Program Files\SiSoftware
2004-10-01 14:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 19:40 1421824]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-13 14:05 16239616 C:\WINDOWS\RTHDCPL.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 21:24 32768]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2006-03-16 10:00 1397760]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"SMail"="C:\Program Files\Seznam\Postak\Postak.exe" [2006-05-18 15:36 450560]
"ezShieldProtector for Px"="C:\WINDOWS\system32\ezSP_Px.exe" [2002-08-20 11:29 40960]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 14:06 40048]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"OODefragTray"="C:\WINDOWS\system32\oodtray.exe" [2007-05-11 03:08 2512392]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-04-10 15:14 1107848]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.vp31"= vp31vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\EA GAMES\\Command & Conquer Generals Zero Hour\\game.dat"=
"C:\\Program Files\\Call of Duty\\CoDMP.exe"=
"C:\\Program Files\\Codemasters\\Worms 4 Mayhem\\WORMS 4 MAYHEM.EXE"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"C:\\Program Files\\Empire Interactive\\FlatOut2\\FlatOut2.exe"=
"C:\\totalcmd\\TOTALCMD.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP1\\Win32\\RpcDataSrv.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP1\\RpcSandraSrv.exe"=
"C:\\Program Files\\EA GAMES\\Command and Conquer Generals\\game.dat"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"C:\\Documents and Settings\\user\\Plocha\\DC\\StrongDC.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"27057:TCP"= 27057:TCP:BitComet 27057 TCP
"27057:UDP"= 27057:UDP:BitComet 27057 UDP
"6346:TCP"= 6346:TCP:Shareaza
"6346:UDP"= 6346:UDP:Shareaza
"8283:TCP"= 8283:TCP:a
"8283:UDP"= 8283:UDP:a

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2006-03-02 14:00]
S3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\system32\ASNDIS5.SYS [2002-09-09 20:54]
S3 pohci13F;pohci13F;C:\DOCUME~1\user\LOCALS~1\Temp\pohci13F.sys []
S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 15:58]
S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se44mdfl.sys [2006-11-30 15:58]
S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se44mdm.sys [2006-11-30 15:58]
S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se44mgmt.sys [2006-11-30 15:58]
S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS);C:\WINDOWS\system32\DRIVERS\se44nd5.sys [2006-11-30 15:58]
S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se44obex.sys [2006-11-30 15:58]
S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM);C:\WINDOWS\system32\DRIVERS\se44unic.sys [2006-11-30 15:58]

*Newly Created Service* - PGFILTER
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-08 20:03:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2008-06-08 20:08:21 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-08 18:08:12

Adresářů: 19, Volných bajtů: 40,465,420,288
Adres ý…: 22, Volněch bajt…: 40,567,476,224

183 --- E O F --- 2008-05-28 13:56:38

rád zašlu jakékoliv další info...

Re: Chybová hláška - pravděpodobně infekce+HJT

Napsal: 09 čer 2008 19:37
od zlobyl
Použij v CFixu script:

Zkopíruj si následující text do poznámkového bloku (Start-Spustit-Notepad) a ulož ho na Plochu jako CFScript.txt.
(nepoužívej funkci Vybrat vše!)

Kód: Vybrat vše

Folder::
C:\WINDOWS\system32\247880

Driver::
pohci13F


Pak tento soubor přetáhni na ikonu ComboFixu a pusť.(předpokládám, že máš ComboFix také na ploše)

Obrázek

Pak sem dej log, který ti z něj vyleze.


Dále kompletně vyčisti PC pomocí CCleaneru (hlavně vymaž dočasné soubory).


A ještě udělej nový log z HJT.


A popiš, jak se PC chová.

Re: Chybová hláška - pravděpodobně infekce+HJT

Napsal: 14 čer 2008 11:37
od fidis
ahoj
Tak vše je provedeno, zde je log z combofixu:

ComboFix 08-06-07.3 - user 2008-06-14 11:07:00.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.561 [GMT 2:00]
Running from: C:\Documents and Settings\user\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\user\Plocha\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\247880
C:\WINDOWS\system32\247880\247880.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_POHCI13F
-------\Service_pohci13F


((((((((((((((((((((((((( Files Created from 2008-05-14 to 2008-06-14 )))))))))))))))))))))))))))))))
.

2008-06-12 18:19 . 2008-06-12 18:25 <DIR> d-------- C:\Program Files\uTorrent
2008-06-11 14:55 . 2008-06-11 14:55 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-06-11 14:54 . 2008-04-14 17:53 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 14:54 . 2008-04-14 17:53 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-08 20:58 . 2008-06-13 15:37 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-06-08 20:53 . 2008-06-08 20:53 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-06-07 16:58 . 2008-06-07 16:58 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-07 16:52 . 2008-06-07 16:52 0 --a------ C:\23990098.$$$
2008-06-07 13:53 . 2008-06-07 13:53 <DIR> d-a------ C:\WINDOWS\zts2.exe
2008-06-07 13:53 . 2008-06-07 13:53 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2008-06-07 13:53 . 2008-06-07 13:53 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2008-06-07 13:53 . 2008-06-07 13:53 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2008-06-07 13:53 . 2008-06-07 13:53 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2008-06-07 13:53 . 2008-06-07 13:53 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2008-06-07 13:50 . 2008-06-08 19:39 50 --a------ C:\WINDOWS\Lic.xxx
2008-06-07 13:48 . 2006-03-02 14:00 147,968 --a------ C:\WINDOWS\R.COM
2008-06-07 13:48 . 2006-03-02 14:00 137,216 --a------ C:\WINDOWS\system32\T.COM
2008-06-07 12:24 . 2008-06-07 12:24 <DIR> d-------- C:\Program Files\Uniblue
2008-06-06 17:23 . 2008-06-06 17:23 <DIR> d-------- C:\Program Files\Electronic Arts
2008-06-05 15:31 . 2008-06-06 18:02 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-06-05 15:31 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-06-05 15:31 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-06-05 15:31 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-06-05 15:31 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-06-05 14:18 . 2008-06-14 11:11 <DIR> d-------- C:\Program Files\PeerGuardian2
2008-06-02 18:46 . 2008-06-02 18:46 <DIR> d-------- C:\Program Files\Webteh
2008-06-02 17:09 . 2008-06-13 20:46 771 -r-h----- C:\WINDOWS\system32\ttri.dat
2008-06-02 17:07 . 2008-06-02 17:07 <DIR> d-------- C:\Program Files\LANGMaster
2008-05-25 17:27 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-05-25 17:27 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2008-05-25 17:27 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2008-05-25 17:27 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2008-05-25 17:27 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2008-05-25 17:27 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2008-05-25 17:27 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2008-05-25 17:27 . 2007-07-20 00:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2008-05-25 12:25 . 2008-05-25 12:25 <DIR> d-------- C:\Documents and Settings\user\SystemRequirementsLab
2008-05-20 16:30 . 2008-05-30 14:43 <DIR> d-------- C:\Program Files\DOSBox-0.72
2008-05-15 20:45 . 2008-05-15 20:45 <DIR> d-------- C:\Documents and Settings\NetworkService\Dokumenty
2008-05-14 14:07 . 2008-05-14 14:07 <DIR> d-------- C:\Program Files\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-07 11:13 --------- d-----w C:\Program Files\AV MP3 Player-Morpher
2008-06-07 10:11 --------- d-----w C:\Program Files\CyberLink DVD Solution
2008-06-07 09:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-06 16:58 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys.91082292
2008-05-25 15:17 --------- d-----w C:\Program Files\Ubisoft
2008-05-25 10:25 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-05-23 16:46 --------- d-----w C:\Program Files\Railroad Tycoon 3
2008-05-19 16:24 --------- d-----w C:\Program Files\Thief2
2008-05-14 16:12 --------- d-----w C:\Program Files\VirtualDJ
2008-05-09 09:39 --------- d-----w C:\Program Files\CodePad
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-28 17:51 --------- d-----w C:\Program Files\BitComet FLV Converter
2008-04-28 15:14 --------- d-----w C:\Program Files\Acala 3GP Movies Free
2008-04-28 15:04 --------- d-----w C:\Program Files\MediaCoder
2008-04-28 13:43 --------- d-----w C:\Program Files\AV Music Morpher Gold
2008-04-27 14:56 --------- d-----w C:\Program Files\Common Files\Futuremark Shared
2008-04-27 14:28 --------- d-----w C:\Program Files\IVCsoft
2008-04-27 12:36 --------- d-----w C:\Program Files\QuickMediaConverter
2008-04-18 19:43 --------- d-----w C:\Program Files\ICQ6
2004-10-01 14:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 18:40 1421824]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-13 14:05 16239616 C:\WINDOWS\RTHDCPL.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 21:24 32768]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2006-03-16 10:00 1397760]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"SMail"="C:\Program Files\Seznam\Postak\Postak.exe" [2006-05-18 15:36 450560]
"ezShieldProtector for Px"="C:\WINDOWS\system32\ezSP_Px.exe" [2002-08-20 11:29 40960]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 14:06 40048]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"OODefragTray"="C:\WINDOWS\system32\oodtray.exe" [2007-05-11 03:08 2512392]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-04-10 15:14 1107848]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.vp31"= vp31vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\EA GAMES\\Command & Conquer Generals Zero Hour\\game.dat"=
"C:\\Program Files\\Call of Duty\\CoDMP.exe"=
"C:\\Program Files\\Codemasters\\Worms 4 Mayhem\\WORMS 4 MAYHEM.EXE"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"C:\\Program Files\\Empire Interactive\\FlatOut2\\FlatOut2.exe"=
"C:\\totalcmd\\TOTALCMD.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP1\\Win32\\RpcDataSrv.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP1\\RpcSandraSrv.exe"=
"C:\\Program Files\\EA GAMES\\Command and Conquer Generals\\game.dat"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"C:\\Documents and Settings\\user\\Plocha\\DC\\StrongDC.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"27057:TCP"= 27057:TCP:BitComet 27057 TCP
"27057:UDP"= 27057:UDP:BitComet 27057 UDP
"6346:TCP"= 6346:TCP:Shareaza
"6346:UDP"= 6346:UDP:Shareaza
"8283:TCP"= 8283:TCP:a
"8283:UDP"= 8283:UDP:a

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2006-03-02 14:00]
S3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\system32\ASNDIS5.SYS [2002-09-09 20:54]
S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 15:58]
S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se44mdfl.sys [2006-11-30 15:58]
S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se44mdm.sys [2006-11-30 15:58]
S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se44mgmt.sys [2006-11-30 15:58]
S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS);C:\WINDOWS\system32\DRIVERS\se44nd5.sys [2006-11-30 15:58]
S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se44obex.sys [2006-11-30 15:58]
S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM);C:\WINDOWS\system32\DRIVERS\se44unic.sys [2006-11-30 15:58]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-14 11:13:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2008-06-14 11:19:01 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-14 09:18:36
ComboFix2.txt 2008-06-08 18:08:22

Adresářů: 19, Volných bajtů: 5,162,237,952
Adres ý…: 21, Volněch bajt…: 5,112,074,240

182 --- E O F --- 2008-06-11 12:57:27





a zde z HijackThis:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:24:45, on 14.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Seznam\Postak\Postak.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SACert Class - {740FE5FB-65F1-46C5-9E54-A19C8A8D7AC2} - C:\WINDOWS\system32\SoftAheadCert.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam\Postak\SRank.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SMail] "C:\Program Files\Seznam\Postak\Postak.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

--
End of file - 8789 bytes


Jinak musím ti poděkovat, hláška zmizela už po prvním spuštění ComboFixu. V pravdě jsem nečekal, že se tu najde někdo, kdo my s tím poradí... Tak ještě jednou: dík moc, měj se

Re: Chybová hláška - pravděpodobně infekce+HJT

Napsal: 15 čer 2008 15:18
od zlobyl
Nemáš zač-jsem rád, že se mi podařilo problém vyřešit.

Ještě pár drobnůstek:

  • V HJT můžeš fixnout zbytečnost:

    Kód: Vybrat vše

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

  • Můžeš odinstalovat ComboFix:

    Start-Spustit a zadej ComboFix[mezera]/u

  • A ještě si aktualizuj Javu:
    1. Najdi si na té stránce položku Java Runtime Environment (JRE) 6 Update 6 a klikni u ní na tlačítko Download.
    2. Na následující stránce zvol platformu Windows a zaškrtni políčko u I agree to the Java SE Runtime Environment 6 License Agreement.
    3. Tlačítkem Continue se dostaneš na stránku pro stažení.
    4. Klikni na odkaz pod Windows Offline Instalation jre-6u6-windows-i586-p.exe a stáhni si soubor do PC.
    5. Zavři všechny prohlížeče a přes Start-Ovládací panely-Přidat nebo odebrat programy odinstaluj všechny staré verze javy (položky se budou pravděpodobně jmenovat Java (TM)... nebo podobně)
    6. Restartuj PC a nainstaluj javu ze staženého souboru.


Takže tímto jsme hotovi.

Měj se hezky. :lookround:
Časové pásmo: UTC+02:00
Stránka 1 z 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/