kontrola logu z hJT

[immortateles]

http://www.pc-help.cz/viewtopic.php?p=137744#137744



Log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:01:22, on 9.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\StorageProtector\strpmon.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
C:\Program Files\StorageProtector\ucookw.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\T\Plocha\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.icq.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ar.atwola.com/redir/B0/-OY0SRy7p ... om/people/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [6892b935] rundll32.exe "C:\WINDOWS\system32\khvnnrbv.dll",b
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\StorageProtector\strpmon.exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [StorageProtector] C:\Program Files\StorageProtector\SysRep.exe
O4 - HKLM\..\Run: [ucookw] "C:\PROGRA~1\STORAG~1\ucookw.exe" -start
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9100BA25-85A6-4C80-86E9-426D2899F8EF} (WirelessContactHandler Class) - http://xtraz.icq.com/xtraz/products/wir ... ontact.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8A057282-459F-4B3B-B035-0D3B476742DD}: NameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F7E08D3E-C43A-4CD9-9AC3-33E987107762}: NameServer = 194.228.41.65 194.228.41.113
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\mmmgycgy.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6873 bytes

[Reklama]

[fredik]

Odinstaluj přes Přidat nebo odebrat programy jestli tam bude:
StorageProtector

Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[immortateles]

..Log by ComboFix:


ComboFix 08-02.05.3 - T 2008-02-09 13:23:56.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.276 [GMT 1:00]
Running from: C:\Documents and Settings\T\Plocha\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\ddccb.dll
C:\WINDOWS\system32\tuvwvsr.dll
C:\Documents and Settings\T\Data aplikací\storageprotector
C:\Documents and Settings\T\Data aplikací\storageprotector\Logs\update.log
C:\Program Files\Common Files\StorageProtector
C:\Program Files\Common Files\StorageProtector\strpmon.exe
C:\Program Files\Helper
C:\Program Files\Helper\1202409118.dll
C:\Program Files\Helper\1202409158.dll
C:\Program Files\Helper\1202409205.dll
C:\WINDOWS\lnk_dados_2.dll
C:\WINDOWS\nwan.dat
C:\WINDOWS\system32\bccdd.ini
C:\WINDOWS\system32\bccdd.ini2
C:\WINDOWS\system32\ddccb.dll
C:\WINDOWS\system32\drivers\KSD43.sys
C:\WINDOWS\system32\drivers\symavc32.sys . . . . failed to delete
C:\WINDOWS\system32\dwyvbnkm.dll
C:\WINDOWS\system32\khvnnrbv.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mvvxhtqd.dll
C:\WINDOWS\system32\swogbiud.dll
C:\WINDOWS\system32\swogbiud.dll . . . . failed to delete
C:\WINDOWS\system32\swogbiud.dllbox
C:\WINDOWS\system32\tuvwvsr.dll
C:\WINDOWS\system32\vbrnnvhk.ini
C:\WINDOWS\system32\windows

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_KSD43


((((((((((((((((((((((((( Files Created from 2008-01-09 to 2008-02-09 )))))))))))))))))))))))))))))))
.

2008-02-09 13:31 . 2008-02-09 13:31 134 ---hs---- C:\WINDOWS\system32\swogbiud.dllbox
2008-02-09 00:23 . 2008-02-09 00:23 2,694 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-02-09 00:20 . 2004-08-17 15:49 32,866 --------- C:\WINDOWS\slrundll.exe
2008-02-09 00:18 . 2008-02-09 00:18 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-02-09 00:16 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\000001_.tmp
2008-02-09 00:15 . 2008-02-09 00:15 <DIR> d-------- C:\WINDOWS\EHome
2008-02-08 23:00 . 2008-02-08 23:00 <DIR> d-------- C:\Program Files\ICQToolbar
2008-02-08 22:58 . 2008-02-08 22:59 <DIR> d-------- C:\Program Files\ICQ6
2008-02-08 11:31 . 2008-02-09 13:27 163,904 --a------ C:\WINDOWS\system32\swogbiud.dll
2008-02-08 11:00 . 2008-02-08 11:00 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-02-07 20:36 . 2008-02-07 20:36 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-02-07 19:43 . 2008-02-07 19:43 29 --a------ C:\WINDOWS\system32\tpyugrhd.tmp
2008-02-07 19:35 . 2008-02-07 19:35 167,936 --a------ C:\WINDOWS\system32\drivers\symavc32.sys
2008-02-07 19:35 . 2008-02-07 19:34 60,961 --a------ C:\0x57.exe
2008-02-07 19:34 . 2008-02-07 19:34 151,552 --a------ C:\qsdjpwpb.exe
2008-02-07 19:34 . 2008-02-07 19:34 60,961 --a------ C:\exujd.exe
2008-02-07 19:32 . 2008-02-07 19:32 62,976 --a------ C:\nethlpr.exe
2008-02-07 19:32 . 2008-02-07 19:32 60,961 --a------ C:\exujd.exe~
2008-02-07 19:32 . 2008-02-07 19:32 60,961 --a------ C:\0x57.exe~
2008-02-07 19:32 . 2008-02-07 19:32 37,632 --a------ C:\WINDOWS\system32\drivers\ntio922.sys
2008-02-07 19:32 . 2008-02-07 19:32 16,384 --a------ C:\WINDOWS\system32\mmmgycgy.dll
2008-02-07 19:32 . 2008-02-07 19:32 16,384 --a------ C:\WINDOWS\system32\mmmctqct.dll
2008-02-07 19:32 . 2008-02-07 19:32 7,040 --a------ C:\WINDOWS\system32\drivers\ndisaluo.sys
2008-02-07 19:32 . 2008-02-07 19:34 3,584 --a------ C:\qrwkjyd.exe
2008-02-07 19:32 . 2008-02-07 19:32 2 --a------ C:\1754446234
2008-02-07 19:31 . 2008-02-07 19:34 58,368 --a------ C:\wpohl.exe
2008-02-07 19:31 . 2008-02-07 19:31 54,764 --a------ C:\WINDOWS\system32\4fdw.dll
2008-02-07 19:31 . 2008-02-07 19:34 37,446 --a------ C:\jupss.exe
2008-02-06 16:15 . 2008-02-08 23:20 <DIR> d-------- C:\Program Files\ICQLite
2008-02-05 20:26 . 2008-02-05 20:26 <DIR> d-------- C:\Program Files\EarMaster Pro 5
2008-02-02 21:50 . 2008-02-02 21:56 <DIR> d-------- C:\Program Files\RegCleaner
2008-02-02 20:35 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-02 20:34 . 2008-02-02 20:35 <DIR> d-------- C:\Program Files\Java
2008-02-02 20:34 . 2008-02-02 20:34 <DIR> d-------- C:\Program Files\Common Files\Java
2008-02-02 20:33 . 2008-02-02 20:34 15,852,952 --a------ C:\WINDOWS\jre-6u4-windows-i586-p.exe
2008-02-02 20:16 . 2008-02-02 20:16 1,251 --a------ C:\WINDOWS\1201979764004-integrated.jnlp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-07 18:31 --------- d-----w C:\Program Files\Winamp
2008-02-06 14:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-02 19:38 84 ----a-w C:\Program Files\mlchtsma.txt
2008-01-06 08:47 --------- d-----w C:\Program Files\AceMoney
2008-01-04 15:45 --------- d-----w C:\Program Files\Last.fm
2007-12-24 16:06 --------- d-----w C:\Program Files\Illustrate
2007-12-20 05:57 0 ----a-w C:\Documents and Settings\C\Emails.dat
2007-12-19 19:15 0 ----a-w C:\Documents and Settings\T\Emails.dat
2007-12-18 06:01 0 ----a-w C:\Documents and Settings\Karel\Emails.dat
2007-12-17 15:37 --------- d-----w C:\Program Files\EA SPORTS
2007-12-10 18:12 --------- d-----w C:\Program Files\Avast4
2007-12-03 10:41 10 ----a-w C:\Documents and Settings\Karel\user.dat
2007-12-02 14:13 10 ----a-w C:\Documents and Settings\T\user.dat
2007-12-02 10:18 10 ----a-w C:\Documents and Settings\C\user.dat
2007-04-09 10:58 16,663,907 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_04_09_12_09_59_full.dmp.zip
2007-04-09 10:57 16,518,321 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_04_09_12_09_27_full.dmp.zip
2007-04-09 10:56 87,762 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_04_09_12_09_39_small.dmp.zip
2007-03-31 13:45 101,529 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_03_31_09_32_07_small.dmp.zip
2007-03-26 17:47 121,933 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_03_26_19_28_31_small.dmp.zip
2007-03-15 14:52 104,112 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_03_14_22_07_49_small.dmp.zip
2007-03-07 18:56 105,325 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_03_07_17_01_36_small.dmp.zip
2007-05-24 12:06 20,011,296 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-05-24 08:37 1,417,248 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-10-04 21:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2008-02-09 13:27 163904 --a------ C:\WINDOWS\system32\swogbiud.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4FE6-8A56-BBB695989046}
{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-18 15:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [2006-10-19 21:29 585728]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-11 11:06 3144800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-03-24 10:04 3309568]
"nwiz"="nwiz.exe" [2004-03-24 10:04 782336 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-03-24 10:04 46080]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-11 11:06 3144800]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-18 15:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\swogbiud]
swogbiud.dll 2008-02-09 13:27 163904 C:\WINDOWS\system32\swogbiud.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\WINDOWS\system32\mmmgycgy.dll

R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-18 15:00]
S0 khgsqkfw;khgsqkfw;C:\WINDOWS\system32\drivers\ndetxxwt.sys []
S3 MSControlService;Microsoft cache control;C:\WINDOWS\system32\windows []

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-09 13:31:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\swogbiud.dll

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\system32\swogbiud.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
.
**************************************************************************
.
Completion time: 2008-02-09 13:33:48 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-09 12:33:43
.
2008-02-09 00:10:51 --- E O F ---

[fredik]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:

Kód: Vybrat vše

Driver::
MSControlService
 
Collect::
C:\WINDOWS\system32\swogbiud.dll
C:\WINDOWS\system32\drivers\symavc32.sys
C:\WINDOWS\system32\mmmgycgy.dll
C:\WINDOWS\system32\mmmctqct.dll
C:\WINDOWS\system32\drivers\ntio922.sys
C:\WINDOWS\system32\drivers\ndisaluo.sys
C:\WINDOWS\system32\4fdw.dll

File::
C:\WINDOWS\system32\swogbiud.dllbox
C:\0x57.exe
C:\qsdjpwpb.exe
C:\exujd.exe
C:\nethlpr.exe
C:\exujd.exe~
C:\0x57.exe~
C:\qrwkjyd.exe
C:\1754446234
C:\jupss.exe

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\swogbiud]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

Na ploše se ti vytvoří soubor Submit(Datum+Čas).zip, vlož ho jako přílohu ke svému dalšímu příspěvku.

***********************************************************************************************************************

Stáhni si Deckard's System Scanner (DSS) a ulož si ho na plochu
Jdi přes Start -> Spustit... a napiš do okna tento příkaz označený modře "%userprofile%\plocha\dss.exe" /config
- Otevře se ti okna kde v sekci Main Log zruš všechny zatržené položky a nech zatržené/zatrhni jen tyto dvě (ostatní části nech jak jsou):

Drivers
Services

- Pak dole klikni na tlačítko Scan!
Za chvíli se ti objeví log main.txt tak sem vlož jeho obsah (jinak ho najdeš zde: C:\Deckard\System Scanner\main.txt)

[immortateles]

Log of ComboFix:

ComboFix 08-02.05.3 - T 2008-02-09 21:37:30.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.315 [GMT 1:00]
Running from: C:\Documents and Settings\T\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\T\Plocha\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\0x57.exe
C:\0x57.exe~
C:\1754446234
C:\exujd.exe
C:\exujd.exe~
C:\jupss.exe
C:\nethlpr.exe
C:\qrwkjyd.exe
C:\qsdjpwpb.exe
C:\WINDOWS\system32\swogbiud.dllbox
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\0x57.exe
C:\0x57.exe~
C:\1754446234
C:\exujd.exe
C:\exujd.exe~
C:\jupss.exe
C:\nethlpr.exe
C:\qrwkjyd.exe
C:\qsdjpwpb.exe
C:\WINDOWS\system32\4fdw.dll
C:\WINDOWS\system32\drivers\ndisaluo.sys
C:\WINDOWS\system32\drivers\ntio922.sys
C:\WINDOWS\system32\drivers\symavc32.sys
C:\WINDOWS\system32\mmmctqct.dll
C:\WINDOWS\system32\mmmgycgy.dll
C:\WINDOWS\system32\swogbiud.dllbox

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_MSCONTROLSERVICE
-------\MSControlService


((((((((((((((((((((((((( Files Created from 2008-01-09 to 2008-02-09 )))))))))))))))))))))))))))))))
.

2008-02-09 13:21 . 2004-08-18 15:00 389,632 --a------ C:\kmd.exe
2008-02-09 00:23 . 2008-02-09 00:23 2,694 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-02-09 00:20 . 2004-08-17 15:49 32,866 --------- C:\WINDOWS\slrundll.exe
2008-02-09 00:18 . 2008-02-09 00:18 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-02-09 00:16 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\000001_.tmp
2008-02-09 00:15 . 2008-02-09 00:15 <DIR> d-------- C:\WINDOWS\EHome
2008-02-08 23:00 . 2008-02-08 23:00 <DIR> d-------- C:\Program Files\ICQToolbar
2008-02-08 22:58 . 2008-02-08 22:59 <DIR> d-------- C:\Program Files\ICQ6
2008-02-08 11:00 . 2008-02-08 11:00 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-02-07 20:36 . 2008-02-07 20:36 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-02-07 19:43 . 2008-02-07 19:43 29 --a------ C:\WINDOWS\system32\tpyugrhd.tmp
2008-02-07 19:31 . 2008-02-07 19:34 58,368 --a------ C:\wpohl.exe
2008-02-06 16:15 . 2008-02-08 23:20 <DIR> d-------- C:\Program Files\ICQLite
2008-02-05 20:26 . 2008-02-05 20:26 <DIR> d-------- C:\Program Files\EarMaster Pro 5
2008-02-02 21:50 . 2008-02-02 21:56 <DIR> d-------- C:\Program Files\RegCleaner
2008-02-02 20:35 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-02 20:34 . 2008-02-02 20:35 <DIR> d-------- C:\Program Files\Java
2008-02-02 20:34 . 2008-02-02 20:34 <DIR> d-------- C:\Program Files\Common Files\Java
2008-02-02 20:33 . 2008-02-02 20:34 15,852,952 --a------ C:\WINDOWS\jre-6u4-windows-i586-p.exe
2008-02-02 20:16 . 2008-02-02 20:16 1,251 --a------ C:\WINDOWS\1201979764004-integrated.jnlp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-07 18:31 --------- d-----w C:\Program Files\Winamp
2008-02-06 14:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-02 19:38 84 ----a-w C:\Program Files\mlchtsma.txt
2008-01-06 08:47 --------- d-----w C:\Program Files\AceMoney
2008-01-04 15:45 --------- d-----w C:\Program Files\Last.fm
2007-12-24 16:06 --------- d-----w C:\Program Files\Illustrate
2007-12-20 05:57 0 ----a-w C:\Documents and Settings\C\Emails.dat
2007-12-19 19:15 0 ----a-w C:\Documents and Settings\T\Emails.dat
2007-12-18 06:01 0 ----a-w C:\Documents and Settings\Karel\Emails.dat
2007-12-17 15:37 --------- d-----w C:\Program Files\EA SPORTS
2007-12-10 18:12 --------- d-----w C:\Program Files\Avast4
2007-12-03 10:41 10 ----a-w C:\Documents and Settings\Karel\user.dat
2007-12-02 14:13 10 ----a-w C:\Documents and Settings\T\user.dat
2007-12-02 10:18 10 ----a-w C:\Documents and Settings\C\user.dat
2007-04-09 10:58 16,663,907 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_04_09_12_09_59_full.dmp.zip
2007-04-09 10:57 16,518,321 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_04_09_12_09_27_full.dmp.zip
2007-04-09 10:56 87,762 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_04_09_12_09_39_small.dmp.zip
2007-03-31 13:45 101,529 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_03_31_09_32_07_small.dmp.zip
2007-03-26 17:47 121,933 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_03_26_19_28_31_small.dmp.zip
2007-03-15 14:52 104,112 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_03_14_22_07_49_small.dmp.zip
2007-03-07 18:56 105,325 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_03_07_17_01_36_small.dmp.zip
2007-05-24 12:06 20,011,296 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-05-24 08:37 1,417,248 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-10-04 21:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4FE6-8A56-BBB695989046}
{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-18 15:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [2006-10-19 21:29 585728]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-11 11:06 3144800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-03-24 10:04 3309568]
"nwiz"="nwiz.exe" [2004-03-24 10:04 782336 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-03-24 10:04 46080]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-11 11:06 3144800]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-18 15:00 15360]

R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-18 15:00]
S0 khgsqkfw;khgsqkfw;C:\WINDOWS\system32\drivers\ndetxxwt.sys []

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-09 21:40:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
.
**************************************************************************
.
Completion time: 2008-02-09 21:43:02 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-09 20:42:53
ComboFix2.txt 2008-02-09 12:33:49
.
2008-02-09 00:10:51 --- E O F ---

//přílohu sem poslal přímo rádci-zavirovaná
//Baron Prášil

[immortateles]

Log of DSS:

Deckard's System Scanner v20071014.68
Run by T on 2008-02-09 21:54:21
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed up registry hives.



-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S0 khgsqkfw - c:\windows\system32\drivers\ndetxxwt.sys (file missing)
S3 catchme - c:\docume~1\t\locals~1\temp\catchme.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- End of Deckard's System Scanner: finished at 2008-02-09 21:54:54 ------------

[fredik]

Smaž ještě ručně tento soubor:
C:\wpohl.exe
pokud by to nešlo tak dej vědět.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Proveď kontrolu a vlož sem log z Kaspersky Online Scanner! (potřeba spustit v IE)
- klikni na tlačítko Accept
- budeš vyzván k nainstalovaní ActiveX komponenty od Kasperského, tak to povol
- program si stáhne potřebnou databázi
- po stažení klikni na volbu:
Po té klikni na tlačítko: Scan Settings
- dostaneš se do okna Scan settings a tam zvol následující možnosti vyber následující:

Pod položkou: Scan using the following antivirus database:

standard - detect viruses, worms, Trojans, rootkits

Pod položkou: Scan Options: - nech zvlolené obě možnosti:

Scan Archives - scan files inside archives
Scan Mail Bases - scan e-mails/attachments inside mail base files

Pak klikni na tlačítko OK

Nyní pak pod položkou Please select a target to scan zvol možnost:

- spustí se kontrola systému
- po jejím proběhnutí se ti zobrazí seznam co našel
Klikni na tlačítko Save Report As...
- ulož si ho třeba na plochu a zvol tyto parametry:
- Název souboru: zde napiš: Kavlog
- Uložit jako typ: tak tam vyber: Text file (*.txt)

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Vlož sem pak celý jeho obsah + nový log z HJT

[immortateles]

Mám takový menší problém,IE mi nejde spustit,objeví se na liště,dole,ale nejde maximalizovat...

[immortateles]

Log of hJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:28:38, on 10.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\T\Plocha\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ar.atwola.com/redir/B0/-OY0SRy7p ... om/people/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {9100BA25-85A6-4C80-86E9-426D2899F8EF} (WirelessContactHandler Class) - http://xtraz.icq.com/xtraz/products/wir ... ontact.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8A057282-459F-4B3B-B035-0D3B476742DD}: NameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F7E08D3E-C43A-4CD9-9AC3-33E987107762}: NameServer = 194.228.41.65 194.228.41.113
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6748 bytes


Kavlog.txt:


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, February 10, 2008 8:26:15 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 10/02/2008
Kaspersky Anti-Virus database records: 515315
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 51968
Number of viruses found: 20
Number of infected objects: 54
Number of suspicious objects: 0
Duration of the scan process: 01:08:23

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\T\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\T\Data aplikací\Sun\Java\Deployment\cache\6.0\30\640178de-76f0e8d7 Infected: Exploit.Java.Gimsh.a skipped
C:\Documents and Settings\T\Local Settings\Data aplikací\Last.fm\Client\lastfmhelper.log Object is locked skipped
C:\Documents and Settings\T\Local Settings\Data aplikací\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\T\Local Settings\Data aplikací\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\T\Local Settings\Data aplikací\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\T\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\T\Local Settings\History\History.IE5\MSHist012008021020080211\index.dat Object is locked skipped
C:\Documents and Settings\T\Local Settings\Temp\~DF2561.tmp Object is locked skipped
C:\Documents and Settings\T\Local Settings\Temp\~DF256C.tmp Object is locked skipped
C:\Documents and Settings\T\Local Settings\Temp\~DF2A3D.tmp Object is locked skipped
C:\Documents and Settings\T\Local Settings\Temp\~DFA871.tmp Object is locked skipped
C:\Documents and Settings\T\Local Settings\Temp\~DFA88F.tmp Object is locked skipped
C:\Documents and Settings\T\Local Settings\Temp\~DFA89E.tmp Object is locked skipped
C:\Documents and Settings\T\Local Settings\Temp\~DFA8A9.tmp Object is locked skipped
C:\Documents and Settings\T\Local Settings\Temp\~DFA8B7.tmp Object is locked skipped
C:\Documents and Settings\T\Local Settings\Temp\~DFA8D2.tmp Object is locked skipped
C:\Documents and Settings\T\Local Settings\Temp\~DFA8F0.tmp Object is locked skipped
C:\Documents and Settings\T\Local Settings\Temp\~DFA8FB.tmp Object is locked skipped
C:\Documents and Settings\T\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\T\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\T\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\T\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\T\Plocha\[4]-Submit_2008-02-09@21.37.zip/4fdw.dll Infected: Trojan.Win32.Agent.fcn skipped
C:\Documents and Settings\T\Plocha\[4]-Submit_2008-02-09@21.37.zip/ndisaluo.sys Infected: Trojan-Proxy.Win32.Wopla.at skipped
C:\Documents and Settings\T\Plocha\[4]-Submit_2008-02-09@21.37.zip/ntio922.sys Infected: Trojan-Proxy.Win32.Wopla.at skipped
C:\Documents and Settings\T\Plocha\[4]-Submit_2008-02-09@21.37.zip/mmmctqct.dll Infected: Trojan-Downloader.Win32.Murlo.jt skipped
C:\Documents and Settings\T\Plocha\[4]-Submit_2008-02-09@21.37.zip/mmmgycgy.dll Infected: Trojan-Downloader.Win32.Murlo.jt skipped
C:\Documents and Settings\T\Plocha\[4]-Submit_2008-02-09@21.37.zip ZIP: infected - 5 skipped
C:\Program Files\Avast4\DATA\moved\start.bat.vir Infected: Trojan.BAT.KillFiles.gh skipped
C:\QooBox\Quarantine\C\0x57.exe.vir Infected: Trojan-Proxy.Win32.Wopla.at skipped
C:\QooBox\Quarantine\C\0x57.exe~.vir Infected: Trojan-Proxy.Win32.Wopla.at skipped
C:\QooBox\Quarantine\C\exujd.exe.vir Infected: Trojan-Proxy.Win32.Wopla.at skipped
C:\QooBox\Quarantine\C\exujd.exe~.vir Infected: Trojan-Proxy.Win32.Wopla.at skipped
C:\QooBox\Quarantine\C\jupss.exe.vir Infected: Trojan-Proxy.Win32.Saturn.am skipped
C:\QooBox\Quarantine\C\nethlpr.exe.vir Infected: Trojan-Proxy.Win32.Wopla.at skipped
C:\QooBox\Quarantine\C\qrwkjyd.exe.vir Infected: Trojan-Downloader.Win32.Agent.hyy skipped
C:\QooBox\Quarantine\C\qsdjpwpb.exe.vir Infected: Trojan.Win32.Pakes.cci skipped
C:\QooBox\Quarantine\C\WINDOWS\nwan.dat.vir Infected: Trojan-Proxy.Win32.Saturn.ab skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\Ksd43.sys.vir Infected: Trojan.Win32.Srizbi.j skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\windows.vir Infected: Trojan.Win32.Zapchast.dt skipped
C:\QooBox\Quarantine\catchme2008-02-09_133043.29.zip/symavc32.sys Infected: Trojan.Win32.Srizbi.j skipped
C:\QooBox\Quarantine\catchme2008-02-09_133043.29.zip ZIP: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{081DD4E3-407D-4EDE-B0FE-EE6BAB72F165}\RP171\A0109007.exe Infected: Backdoor.Win32.Delf.cjc skipped
C:\System Volume Information\_restore{081DD4E3-407D-4EDE-B0FE-EE6BAB72F165}\RP171\A0109029.exe Infected: Backdoor.Win32.Delf.cjc skipped
C:\System Volume Information\_restore{081DD4E3-407D-4EDE-B0FE-EE6BAB72F165}\RP172\A0109057.exe Infected: Backdoor.Win32.Delf.cdd skipped
C:\System Volume Information\_restore{081DD4E3-407D-4EDE-B0FE-EE6BAB72F165}\RP172\A0110071.exe Infected: Backdoor.Win32.Delf.cdd skipped
C:\System Volume Information\_restore{081DD4E3-407D-4EDE-B0FE-EE6BAB72F165}\RP172\A0110105.exe Infected: Backdoor.Win32.Delf.cdd skipped
C:\System Volume Information\_restore{081DD4E3-407D-4EDE-B0FE-EE6BAB72F165}\RP173\A0111171.exe Infected: Backdoor.Win32.Delf.cdd skipped
C:\System Volume Information\_restore{081DD4E3-407D-4EDE-B0FE-EE6BAB72F165}\RP173\A0111199.exe Infected: Backdoor.Win32.Delf.cdd skipped
C:\System Volume Information\_restore{081DD4E3-407D-4EDE-B0FE-EE6BAB72F165}\RP174\A0113297.exe Infected: Backdoor.Win32.Delf.cnj skipped
C:\System Volume Information\_restore{081DD4E3-407D-4EDE-B0FE-EE6BAB72F165}\RP183\A0120213.exe Infected: Backdoor.Win32.Delf.cnj skipped
C:\System Volume Information\_restore{081DD4E3-407D-4EDE-B0FE-EE6BAB72F165}\RP203\A0139546.sCR Infected: Trojan-Downloader.Win32.Small.gxg skipped
C:\System Volume Information\_restore{081DD4E3-407D-4EDE-B0FE-EE6BAB72F165}\RP205\A0141927.exe Infected: Trojan-Downloader.Win32.Delf.egx skipped
C:\System Volume Information\_restore{081DD4E3-407D-4EDE-B0FE-EE6BAB72F165}\RP205\A0141928.exe Infected: Trojan-Downloader.Win32.Delf.egx skipped
C:\System Volume Information\_restore{081DD4E3-407D-4EDE-B0FE-EE6BAB72F165}\RP205\A0141933.exe/data0007 Infected: Trojan-Downloader.Win32.Zlob.grl skipped
C:\System Volume Information\_restore{081DD4E3-407D-4EDE-B0FE-EE6BAB72F165}\RP205\A0141933.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{081DD4E3-407D-4EDE-B0FE-EE6BAB72F165}\RP205\A0141934.exe/data0007 Infected: Trojan-Downloader.Win32.Zlob.grl skipped
C:\System Volume Information\_restore{081DD4E3-407D-4EDE-B0FE-EE6BAB72F165}\RP205\A0141934.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{081DD4E3-407D-4EDE-B0FE-EE6BAB72F165}\RP205\A0141935.exe/data0007 Infected: Trojan-Downloader.Win32.Zlob.grl skipped
C:\System Volume Information\_restore{081DD4E3-407D-4EDE-B0FE-EE6BAB72F165}\RP205\A0141935.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{081DD4E3-407D-4EDE-B0FE-EE6BAB72F165}\RP206\A0144002.dll Infected: Trojan-Downloader.Win32.Delf.ehb skipped
C:\System Volume Information\_restore{081DD4E3-407D-4EDE-B0FE-EE6BAB72F165}\RP206\A0144016.dll Infected: Trojan-Downloader.Win32.Delf.ehb skipped
C:\System Volume Information\_restore{081DD4E3-407D-4EDE-B0FE-EE6BAB72F165}\RP215\A0151181.exe/data.rar/keygen.exe Infected: Trojan-Downloader.Win32.Small.ieg skipped
C:\System Volume Information\_restore{081DD4E3-407D-4EDE-B0FE-EE6BAB72F165}\RP215\A0151181.exe/data.rar Infected: Trojan-Downloader.Win32.Small.ieg skipped
C:\System Volume Information\_restore{081DD4E3-407D-4EDE-B0FE-EE6BAB72F165}\RP215\A0151181.exe RarSFX: infected - 2 skipped
C:\System Volume Information\_restore{081DD4E3-407D-4EDE-B0FE-EE6BAB72F165}\RP215\A0151183.exe Infected: Trojan-Downloader.Win32.Small.ieg skipped
C:\System Volume Information\_restore{081DD4E3-407D-4EDE-B0FE-EE6BAB72F165}\RP219\A0159274.sys Infected: Trojan.Win32.Srizbi.j skipped
C:\System Volume Information\_restore{081DD4E3-407D-4EDE-B0FE-EE6BAB72F165}\RP220\A0159346.dll Infected: Trojan.Win32.Agent.fcn skipped
C:\System Volume Information\_restore{081DD4E3-407D-4EDE-B0FE-EE6BAB72F165}\RP220\A0159351.exe Infected: Trojan-Proxy.Win32.Wopla.at skipped
C:\System Volume Information\_restore{081DD4E3-407D-4EDE-B0FE-EE6BAB72F165}\RP220\A0159352.exe Infected: Trojan-Proxy.Win32.Wopla.at skipped
C:\System Volume Information\_restore{081DD4E3-407D-4EDE-B0FE-EE6BAB72F165}\RP220\A0159353.exe Infected: Trojan-Proxy.Win32.Saturn.am skipped
C:\System Volume Information\_restore{081DD4E3-407D-4EDE-B0FE-EE6BAB72F165}\RP220\A0159354.exe Infected: Trojan-Proxy.Win32.Wopla.at skipped
C:\System Volume Information\_restore{081DD4E3-407D-4EDE-B0FE-EE6BAB72F165}\RP220\A0159355.exe Infected: Trojan-Downloader.Win32.Agent.hyy skipped
C:\System Volume Information\_restore{081DD4E3-407D-4EDE-B0FE-EE6BAB72F165}\RP220\A0159356.exe Infected: Trojan.Win32.Pakes.cci skipped
C:\System Volume Information\_restore{081DD4E3-407D-4EDE-B0FE-EE6BAB72F165}\RP221\A0159483.exe Infected: Backdoor.Win32.Agobot.app skipped
C:\System Volume Information\_restore{081DD4E3-407D-4EDE-B0FE-EE6BAB72F165}\RP226\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{31409072-7D48-4B8B-92DC-654050137E73}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

[fredik]

Ad HJT:

#Krok 1:

Fixni v HJT tyto položky:
Spusť znovu HijackThis a zaškrtni v něm okénka před řádky:
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ar.atwola.com/redir/B0/.....om/people/
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
po zaškrtnutí klikni na tlačítko Fix Checked

Pro lepší zabezpečení by bylo dobré si doinstalovat firewall, můžeš si vybrat některý zde uvedený nebo některý jiný z odkazu:
Přehled osobních firewallů
Firewally zdarma:
Comodo - kvalitní, pokročilý, s mnoha funkcemi, originálně v angličtině
Kerio - přehledný, větší možnosti nastavení, náročnější na systémové prostředky, v češtině
ZoneAlarm - jednoduchý, kompatibilní, nenáročný na systémové prostředky, málo možností nastavení, v angličtině

Pokud využíváš často OpenOffice, tak bych ti doporučil provést jeho aktualizaci: OpenOffice.org 2.3.1 CZ

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

#Krok 2:
Jdi přes Start -> Spustit... a napiš do okna tento příkaz označený modře ComboFix /u (mezi comobofix a /u musí být mezera) a dej Ok.

#Krok 3:
Vypni obnovu systému:
Jdi přes Start -> Spustit... a napiš do okna tento příkaz označený modře control sysdm.cpl,,4 Otevře se ti okno na záložce Obnovení systému a tam zaškrtni možnost Vypnout nástroj Obnova systému na všech jednotkách a klikni na tlačítko Ok. Restartuj Pc.
Po najetí zpět si ji můžeš zapnout zpět.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

#Krok 4:
Stáhni si ATF-Cleaner (by Atribune) a spusť ho

Pod položkou Main zatrhni možnost: Select All
Pak klikni na tlačítko: Empty Selected

Pokud používáš jako prohlížeč FireFox:

- Zvol nahoře možnost Firefox
- Zatrhni možnost: Select All
- Budeš dotázán na to zda si přeješ odstranit uložené hesla z Firefoxu, podle potřeby zvol buď Ano nebo Ne
- Pak klikni na tlačítko: Empty Selected

Pokud používáš jako prohlížeč Operu:

- Zvol nahoře možnost Opera
- Zatrhni možnost: Select All
- Budeš dotázán na to zda si přeješ odstranit uložené hesla z Opery, podle potřeby zvol buď Ano nebo Ne
- Pak klikni na tlačítko: Empty Selected

Pak můžeš program zavřít.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

#Krok 5:
Stáhni si a spusť T-cleaner a postupuj podle instrukcí.

Pak dej vědět jak to vypadá s PC.

[immortateles]

Tak s PC to vypadá dobře,neseká se
Bude potřeba,kdyžtak pro kontrolu,log z hJT???

[fredik]

Pokud nemáš problémy, tak ne.