Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:09:31, on 24.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\PCI Audio Applications\Bin\EchoCtrl.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\StorageProtector\strpmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\programy\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\programy\Opera\Opera.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [C-Media Echo Control] C:\Program Files\PCI Audio Applications\Bin\EchoCtrl.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\programy\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [54654ec5] rundll32.exe "C:\WINDOWS\system32\vdckluyt.dll",b
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\StorageProtector\strpmon.exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\programy\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout pomocí Download &Express - C:\Program Files\Download Express\Add_Url.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{565DB8BE-E5A5-433D-8B7C-33B4F0E37A99}: NameServer = 85.255.115.38,85.255.112.9
O17 - HKLM\System\CCS\Services\Tcpip\..\{6AB924B1-8293-48D6-A172-902866720376}: NameServer = 85.255.115.38,85.255.112.9
O17 - HKLM\System\CCS\Services\Tcpip\..\{9BCEDB53-98DB-4788-8EA5-EDFD28FA6FAF}: NameServer = 85.255.115.38,85.255.112.9
O17 - HKLM\System\CCS\Services\Tcpip\..\{E11DAC05-B0CD-4885-A2C8-4EEAB7FC030D}: NameServer = 85.255.115.38,85.255.112.9
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.38 85.255.112.9
O17 - HKLM\System\CS1\Services\Tcpip\..\{565DB8BE-E5A5-433D-8B7C-33B4F0E37A99}: NameServer = 85.255.115.38,85.255.112.9
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.38 85.255.112.9
O17 - HKLM\System\CS2\Services\Tcpip\..\{565DB8BE-E5A5-433D-8B7C-33B4F0E37A99}: NameServer = 85.255.115.38,85.255.112.9
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.38 85.255.112.9
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 8491 bytes
děkuji
Prosím o kontrolu logu Vyřešeno
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
Stáhni si SmitFraudFix (by S!Ri)
Restartuj PC do nouzového režimu:
Spustíš SmitFraudFix - objeví se modrá obrazovka aplikace a stiskni libovolnou klávesu, tím se dostaneš do menu.
Zde zvol volbu číslo 2
Nechej proskenovat počítač.
Pokud budeš dotázán, zda povolíš čištění registrů (Do you want to clean the registry ?), stiskni klávesu Y (pozor na záměnu Y a Z na klávesnici)
Pokud budeš dotázán na odstranění zavirovaných souborů z počítače (Replace infected file ?), stiskneš opět klávesu Y.
Pak restartuj PC do normálního režimu, vlož sem z něho log který najdeš v souboru na C:\rapport.txt
a poté
Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log, který se ti zobrazí, jinak ho najdeš zde: C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
takže oba logy prosím
Restartuj PC do nouzového režimu:
Spustíš SmitFraudFix - objeví se modrá obrazovka aplikace a stiskni libovolnou klávesu, tím se dostaneš do menu.
Zde zvol volbu číslo 2
Nechej proskenovat počítač.
Pokud budeš dotázán, zda povolíš čištění registrů (Do you want to clean the registry ?), stiskni klávesu Y (pozor na záměnu Y a Z na klávesnici)
Pokud budeš dotázán na odstranění zavirovaných souborů z počítače (Replace infected file ?), stiskneš opět klávesu Y.
Pak restartuj PC do normálního režimu, vlož sem z něho log který najdeš v souboru na C:\rapport.txt
a poté
Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log, který se ti zobrazí, jinak ho najdeš zde: C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
takže oba logy prosím
tak jsem to nakonec stihnul i o trochu driv prikladam logy
prvni log
SmitFraudFix v2.296
Scan done at 21:58:21,65, Łt 26.02.2008
Run from C:\Documents and Settings\spake\Plocha\SmitfraudFix
OS: Microsoft Windows XP [Verze 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{565DB8BE-E5A5-433D-8B7C-33B4F0E37A99}: DhcpNameServer=85.255.115.38,85.255.112.9
HKLM\SYSTEM\CCS\Services\Tcpip\..\{565DB8BE-E5A5-433D-8B7C-33B4F0E37A99}: NameServer=85.255.115.38,85.255.112.9
HKLM\SYSTEM\CCS\Services\Tcpip\..\{6AB924B1-8293-48D6-A172-902866720376}: NameServer=85.255.115.38,85.255.112.9
HKLM\SYSTEM\CCS\Services\Tcpip\..\{9BCEDB53-98DB-4788-8EA5-EDFD28FA6FAF}: NameServer=85.255.115.38,85.255.112.9
HKLM\SYSTEM\CCS\Services\Tcpip\..\{BF865243-8F68-4E7B-BE97-B255DC06C630}: DhcpNameServer=85.255.115.38,85.255.112.9
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E11DAC05-B0CD-4885-A2C8-4EEAB7FC030D}: DhcpNameServer=85.255.115.38,85.255.112.9
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E11DAC05-B0CD-4885-A2C8-4EEAB7FC030D}: NameServer=85.255.115.38,85.255.112.9
HKLM\SYSTEM\CS1\Services\Tcpip\..\{565DB8BE-E5A5-433D-8B7C-33B4F0E37A99}: DhcpNameServer=85.255.115.38,85.255.112.9
HKLM\SYSTEM\CS1\Services\Tcpip\..\{565DB8BE-E5A5-433D-8B7C-33B4F0E37A99}: NameServer=85.255.115.38,85.255.112.9
HKLM\SYSTEM\CS1\Services\Tcpip\..\{6AB924B1-8293-48D6-A172-902866720376}: NameServer=85.255.115.38,85.255.112.9
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9BCEDB53-98DB-4788-8EA5-EDFD28FA6FAF}: NameServer=85.255.115.38,85.255.112.9
HKLM\SYSTEM\CS1\Services\Tcpip\..\{BF865243-8F68-4E7B-BE97-B255DC06C630}: DhcpNameServer=85.255.115.38,85.255.112.9
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E11DAC05-B0CD-4885-A2C8-4EEAB7FC030D}: DhcpNameServer=85.255.115.38,85.255.112.9
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E11DAC05-B0CD-4885-A2C8-4EEAB7FC030D}: NameServer=85.255.115.38,85.255.112.9
HKLM\SYSTEM\CS2\Services\Tcpip\..\{565DB8BE-E5A5-433D-8B7C-33B4F0E37A99}: DhcpNameServer=85.255.115.38,85.255.112.9
HKLM\SYSTEM\CS2\Services\Tcpip\..\{565DB8BE-E5A5-433D-8B7C-33B4F0E37A99}: NameServer=85.255.115.38,85.255.112.9
HKLM\SYSTEM\CS2\Services\Tcpip\..\{6AB924B1-8293-48D6-A172-902866720376}: NameServer=85.255.115.38,85.255.112.9
HKLM\SYSTEM\CS2\Services\Tcpip\..\{9BCEDB53-98DB-4788-8EA5-EDFD28FA6FAF}: NameServer=85.255.115.38,85.255.112.9
HKLM\SYSTEM\CS2\Services\Tcpip\..\{BF865243-8F68-4E7B-BE97-B255DC06C630}: DhcpNameServer=85.255.115.38,85.255.112.9
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E11DAC05-B0CD-4885-A2C8-4EEAB7FC030D}: DhcpNameServer=85.255.115.38,85.255.112.9
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E11DAC05-B0CD-4885-A2C8-4EEAB7FC030D}: NameServer=85.255.115.38,85.255.112.9
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.115.38 85.255.112.9
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.115.38 85.255.112.9
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: NameServer=85.255.115.38 85.255.112.9
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"="kddxq.exe"
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Reboot
C:\WINDOWS\system32\kddxq.exe Deleted
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» End
druhy log
ComboFix 08-02-25.3 - spake 2008-02-26 22:08:41.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.463 [GMT 1:00]
Running from: C:\Documents and Settings\spake\Plocha\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Common Files\StorageProtector
C:\Program Files\Common Files\StorageProtector\strpmon.exe
C:\Program Files\Internet Explorer\setupapi.dll
C:\Program Files\StorageProtector
C:\Program Files\StorageProtector\swupd.log
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\8_exception.nls
C:\WINDOWS\system32\abijwtwj.dll
C:\WINDOWS\system32\awtst.dll
C:\WINDOWS\system32\blbypvtj.dll
C:\WINDOWS\system32\dcxdgjjr.dllbox
C:\WINDOWS\system32\ddcdbab.dll
C:\WINDOWS\system32\dkfwgmmk.dll
C:\WINDOWS\system32\hgyonlav.ini
C:\WINDOWS\system32\chhqbyhi.ini
C:\WINDOWS\system32\ihybqhhc.dll
C:\WINDOWS\system32\jpemrqiu.ini
C:\WINDOWS\system32\jqwtextt.ini
C:\WINDOWS\system32\msfvbexs.dll
C:\WINDOWS\system32\nxqysmag.ini
C:\WINDOWS\system32\oeqlkevy.ini
C:\WINDOWS\system32\ojbncrmc.dll
C:\WINDOWS\system32\qiheklvd.dll
C:\WINDOWS\system32\qlmirpah.dll
C:\WINDOWS\system32\tierrpgq.dll
C:\WINDOWS\system32\tstwa.ini
C:\WINDOWS\system32\tstwa.ini2
C:\WINDOWS\system32\tyulkcdv.ini
C:\WINDOWS\system32\uiqrmepj.dll
C:\WINDOWS\system32\uwdrojqk.dll
C:\WINDOWS\system32\valnoygh.dll
C:\WINDOWS\system32\windows
C:\WINDOWS\system32\xhwgjkbt.ini
C:\WINDOWS\system32\ykyrehjk.dll
C:\WINDOWS\system32\ytnitkkx.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\runtime
((((((((((((((((((((((((( Files Created from 2008-01-26 to 2008-02-26 )))))))))))))))))))))))))))))))
.
2008-02-26 21:59 . 2008-02-26 21:59 4,308 --a------ C:\WINDOWS\system32\tmp.reg
2008-02-26 21:58 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-02-26 21:58 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-02-26 21:58 . 2008-02-22 18:44 86,016 --a------ C:\WINDOWS\system32\VACFix.exe
2008-02-26 21:58 . 2008-02-08 10:37 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-02-26 21:58 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-02-26 21:58 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-02-26 21:58 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-02-26 21:56 . 2008-02-26 21:56 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-02-26 21:27 . 2008-02-26 21:42 63,880 --a------ C:\WINDOWS\BM57567d59.xml
2008-02-26 21:27 . 2008-02-26 22:08 21 --a------ C:\WINDOWS\pskt.ini
2008-02-25 14:38 . 2008-02-25 14:38 <DIR> d-------- C:\totalcmd
2008-02-25 14:38 . 2006-10-23 06:55 545 --a------ C:\WINDOWS\UC.PIF
2008-02-25 14:38 . 2006-10-23 06:55 545 --a------ C:\WINDOWS\RAR.PIF
2008-02-25 14:38 . 2006-10-23 06:55 545 --a------ C:\WINDOWS\PKZIP.PIF
2008-02-25 14:38 . 2006-10-23 06:55 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2008-02-25 14:38 . 2006-10-23 06:55 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2008-02-25 14:38 . 2006-10-23 06:55 545 --a------ C:\WINDOWS\LHA.PIF
2008-02-25 14:38 . 2006-10-23 06:55 545 --a------ C:\WINDOWS\ARJ.PIF
2008-02-25 14:38 . 2008-02-25 15:06 506 --a------ C:\WINDOWS\wincmd.ini
2008-02-24 16:08 . 2008-02-24 16:08 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-23 00:32 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-02-23 00:32 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-02-23 00:32 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-02-23 00:32 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-02-23 00:32 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-02-23 00:31 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-02-23 00:31 . 2004-01-09 11:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-02-23 00:31 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AVASTSS.scr
2008-02-22 18:34 . 2008-02-22 18:34 334,336 --a------ C:\WINDOWS\system32\awtst.V01dll
2008-02-22 18:34 . 2008-02-22 18:34 334,336 --a------ C:\WINDOWS\system32\awtst.V00dll
2008-02-22 18:34 . 2008-02-22 18:34 40,448 --a------ C:\WINDOWS\system32\ddcdbab.V02dll
2008-02-22 18:33 . 2008-02-22 18:33 334,336 --a------ C:\WINDOWS\system32\awtst.Vdll
2008-02-22 18:33 . 2008-02-22 18:33 40,448 --a------ C:\WINDOWS\system32\ddcdbab.V01dll
2008-02-20 21:54 . 2008-02-20 21:54 8 --a------ C:\WINDOWS\system32\54655c4b
2008-02-19 16:32 . 2008-02-19 16:32 40,448 --a------ C:\WINDOWS\system32\ddcdbab.V00dll
2008-02-19 16:31 . 2008-02-19 16:31 40,448 --a------ C:\WINDOWS\system32\ddcdbab.Vdll
2008-02-16 11:20 . 2008-02-23 09:12 <DIR> d-------- C:\Program Files\ESET
2008-02-13 22:29 . 2008-02-13 22:29 <DIR> d-------- C:\Program Files\Macromedia
2008-02-13 22:29 . 2008-02-13 22:29 <DIR> d-------- C:\Program Files\Common Files\Vbox
2008-02-13 19:22 . 2008-02-13 19:22 54,762 --a------ C:\WINDOWS\system32\jkghje.dll
2008-02-13 19:17 . 1999-12-17 08:13 86,016 --a------ C:\WINDOWS\unvise32.exe
2008-02-13 14:19 . 2008-02-13 14:19 220,160 --a------ C:\Documents and Settings\spake\Update.exe
2008-02-13 14:19 . 2008-02-13 14:19 1,214 --a------ C:\Documents and Settings\spake\channels.dat
2008-02-11 20:38 . 1999-10-13 12:12 4,398 --a------ C:\WINDOWS\caesar3.ico
2008-02-11 20:35 . 2008-02-11 20:35 <DIR> d-------- C:\SIERRA
2008-02-11 20:34 . 2008-02-11 20:34 <DIR> d-------- C:\Program Files\Sierra On-Line
2008-02-11 20:34 . 2008-02-11 20:34 <DIR> d-------- C:\Documents and Settings\spake\WINDOWS
2008-02-11 20:34 . 2008-02-11 20:38 298 --a------ C:\WINDOWS\SIERRA.INI
2008-02-11 19:10 . 2008-02-25 14:22 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-11 19:10 . 2008-02-11 19:10 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-03 14:45 . 2008-02-03 14:51 <DIR> d-------- C:\Temp
2008-02-03 13:34 . 2008-02-03 13:37 7,680 --a------ C:\MyGraph.grf
2008-02-02 23:01 . 2008-02-02 23:01 <DIR> d-------- C:\Program Files\Electronic Arts
2008-01-26 23:45 . 2008-01-26 23:47 276 --a------ C:\WINDOWS\XIIIHooligans.ini
2008-01-26 23:36 . 2008-01-26 23:36 <DIR> d-------- C:\Program Files\Cenega Czech
2008-01-26 18:26 . 2008-01-26 18:26 33,824 --a------ C:\WINDOWS\system32\drivers\oreans32.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-13 22:34 --------- d-----w C:\Program Files\TrackMania Nations ESWC
2008-02-13 21:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-13 20:36 --------- d-----w C:\Program Files\Valve
2008-02-13 19:11 --------- d-----w C:\Program Files\uTorrent
2008-02-13 13:19 1,214 ----a-w C:\Documents and Settings\spake\channels.dat
2008-02-12 12:10 --------- d-----w C:\Program Files\Download Express
2008-01-24 12:48 --------- d-----w C:\Program Files\Sony Ericsson
2008-01-24 12:47 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-01-24 12:20 --------- d-----w C:\Program Files\Java
2008-01-24 11:44 --------- d--h--w C:\Program Files\Zero G Registry
2008-01-24 11:31 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-01-24 11:31 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf
2008-01-24 10:22 20,520 ----a-w C:\WINDOWS\system32\drivers\ggsemc.sys
2008-01-24 10:22 13,352 ----a-w C:\WINDOWS\system32\drivers\ggflt.sys
2008-01-21 08:11 --------- d-----w C:\Program Files\SmartSound Software
2008-01-21 08:10 --------- d-----w C:\Program Files\Windows Media Components
2008-01-21 08:09 --------- d-----w C:\Program Files\Ulead Systems
2008-01-21 08:09 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2008-01-21 08:09 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-19 21:08 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-01 14:40 --------- d-----w C:\Program Files\DVD X Studios
2007-12-29 11:20 --------- d-----w C:\Program Files\EA Games
2007-12-28 17:48 --------- d-----w C:\Program Files\HP
2007-12-28 17:48 --------- d-----w C:\Program Files\Common Files\HP
2007-12-27 20:09 --------- d-----w C:\Program Files\QuickTime
2007-12-27 17:37 --------- d-----w C:\Program Files\D-Tools
2007-12-27 17:34 --------- d-----w C:\Program Files\ImTOO
2007-12-27 16:24 --------- d-----w C:\Program Files\America's Army Server Manager
2007-12-27 16:24 --------- d-----w C:\Program Files\America's Army
2007-12-27 15:54 --------- d-----w C:\Program Files\QIP
2007-12-27 15:36 --------- d-----w C:\Program Files\MSXML 4.0
2007-12-27 15:25 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-12-27 15:19 --------- d-----w C:\Program Files\Common Files\Ahead
2007-12-27 15:15 --------- d-----w C:\Program Files\Winamp
2007-12-27 15:15 --------- d-----w C:\Program Files\Nero
2007-12-27 15:11 --------- d-----w C:\Program Files\programy
2007-12-27 15:04 --------- d-----w C:\Program Files\Common Files\Java
2007-12-27 15:00 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-27 14:55 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-12-27 14:55 --------- d-----w C:\Program Files\Codec Pack - All In 1
2007-12-27 14:54 --------- d-----w C:\Program Files\windowsy
2007-12-27 14:48 --------- d-----w C:\Program Files\Microsoft IntelliType Pro
2007-12-27 14:47 --------- d-----w C:\Program Files\Microsoft IntelliType Pro 5.0
2007-12-27 14:47 --------- d-----w C:\Program Files\Microsoft IntelliPoint
2007-12-27 14:46 --------- d-----w C:\Program Files\Microsoft IntelliPoint 5.2
2007-12-27 13:52 --------- d-----w C:\Program Files\Alwil Software
2007-12-27 13:49 --------- d-----w C:\Program Files\Hewlett-Packard
2007-12-27 13:48 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2007-12-27 10:30 --------- d-----w C:\Program Files\PCI Audio Applications
2007-12-27 10:30 --------- d-----w C:\Program Files\C-Media
2007-12-27 10:21 --------- d-----w C:\Program Files\ASUS
2007-12-27 10:19 --------- d-----w C:\Program Files\Analog Devices
2007-12-27 10:17 --------- d-----w C:\Program Files\Intel
2007-12-26 21:13 --------- d-----w C:\Program Files\microsoft frontpage
2003-03-21 12:37 16,056 ----a-w C:\Program Files\owcstp16.dll
2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\audio3d.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-18 13:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-18 13:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 16:28 790528]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\smax4.exe" [2003-05-30 09:42 585728]
"C-Media Echo Control"="C:\Program Files\PCI Audio Applications\Bin\EchoCtrl.exe" [2001-12-05 16:47 147456]
"C-Media Mixer"="Mixer.exe" [2002-03-04 04:02 1454080 C:\WINDOWS\mixer.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-07-12 09:50 4112384]
"nwiz"="nwiz.exe" [2004-07-12 09:50 843776 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-07-12 09:50 81920]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-06-03 01:50 204800]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2003-05-15 15:45 114688]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
"WinampAgent"="C:\Program Files\programy\Winamp\winampa.exe" [ ]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-27 21:09 155648]
"UVS10 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe" [2006-03-07 00:52 36864]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-18 13:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dcxdgjjr]
dcxdgjjr.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LogCrypt]
LogCrypt.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]
WLCtrl32.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\QIP\\qip.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Valve\\hl.exe"=
"C:\\Program Files\\America's Army\\System\\ArmyOps.exe"=
"C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"C:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2008-01-26 18:26]
S0 Vbg72;Vbg72;C:\WINDOWS\system32\Drivers\Vbg72.sys []
S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-01-24 11:22]
S3 SE31bus;Sony Ericsson Device 049 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE31bus.sys [2006-11-10 09:45]
S3 SE31mdfl;Sony Ericsson Device 049 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE31mdfl.sys [2006-11-10 09:45]
S3 SE31mdm;Sony Ericsson Device 049 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE31mdm.sys [2006-11-10 09:45]
S3 SE31mgmt;Sony Ericsson Device 049 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE31mgmt.sys [2006-11-10 09:45]
S3 se31nd5;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (NDIS);C:\WINDOWS\system32\DRIVERS\se31nd5.sys [2006-11-10 09:46]
S3 SE31obex;Sony Ericsson Device 049 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE31obex.sys [2006-11-10 09:46]
S3 se31unic;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (WDM);C:\WINDOWS\system32\DRIVERS\se31unic.sys [2006-11-10 09:46]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-26 22:16:24
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\programy\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Completion time: 2008-02-26 22:19:09 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-26 21:19:04
.
2008-02-13 13:19:01 --- E O F ---
prvni log
SmitFraudFix v2.296
Scan done at 21:58:21,65, Łt 26.02.2008
Run from C:\Documents and Settings\spake\Plocha\SmitfraudFix
OS: Microsoft Windows XP [Verze 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{565DB8BE-E5A5-433D-8B7C-33B4F0E37A99}: DhcpNameServer=85.255.115.38,85.255.112.9
HKLM\SYSTEM\CCS\Services\Tcpip\..\{565DB8BE-E5A5-433D-8B7C-33B4F0E37A99}: NameServer=85.255.115.38,85.255.112.9
HKLM\SYSTEM\CCS\Services\Tcpip\..\{6AB924B1-8293-48D6-A172-902866720376}: NameServer=85.255.115.38,85.255.112.9
HKLM\SYSTEM\CCS\Services\Tcpip\..\{9BCEDB53-98DB-4788-8EA5-EDFD28FA6FAF}: NameServer=85.255.115.38,85.255.112.9
HKLM\SYSTEM\CCS\Services\Tcpip\..\{BF865243-8F68-4E7B-BE97-B255DC06C630}: DhcpNameServer=85.255.115.38,85.255.112.9
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E11DAC05-B0CD-4885-A2C8-4EEAB7FC030D}: DhcpNameServer=85.255.115.38,85.255.112.9
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E11DAC05-B0CD-4885-A2C8-4EEAB7FC030D}: NameServer=85.255.115.38,85.255.112.9
HKLM\SYSTEM\CS1\Services\Tcpip\..\{565DB8BE-E5A5-433D-8B7C-33B4F0E37A99}: DhcpNameServer=85.255.115.38,85.255.112.9
HKLM\SYSTEM\CS1\Services\Tcpip\..\{565DB8BE-E5A5-433D-8B7C-33B4F0E37A99}: NameServer=85.255.115.38,85.255.112.9
HKLM\SYSTEM\CS1\Services\Tcpip\..\{6AB924B1-8293-48D6-A172-902866720376}: NameServer=85.255.115.38,85.255.112.9
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9BCEDB53-98DB-4788-8EA5-EDFD28FA6FAF}: NameServer=85.255.115.38,85.255.112.9
HKLM\SYSTEM\CS1\Services\Tcpip\..\{BF865243-8F68-4E7B-BE97-B255DC06C630}: DhcpNameServer=85.255.115.38,85.255.112.9
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E11DAC05-B0CD-4885-A2C8-4EEAB7FC030D}: DhcpNameServer=85.255.115.38,85.255.112.9
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E11DAC05-B0CD-4885-A2C8-4EEAB7FC030D}: NameServer=85.255.115.38,85.255.112.9
HKLM\SYSTEM\CS2\Services\Tcpip\..\{565DB8BE-E5A5-433D-8B7C-33B4F0E37A99}: DhcpNameServer=85.255.115.38,85.255.112.9
HKLM\SYSTEM\CS2\Services\Tcpip\..\{565DB8BE-E5A5-433D-8B7C-33B4F0E37A99}: NameServer=85.255.115.38,85.255.112.9
HKLM\SYSTEM\CS2\Services\Tcpip\..\{6AB924B1-8293-48D6-A172-902866720376}: NameServer=85.255.115.38,85.255.112.9
HKLM\SYSTEM\CS2\Services\Tcpip\..\{9BCEDB53-98DB-4788-8EA5-EDFD28FA6FAF}: NameServer=85.255.115.38,85.255.112.9
HKLM\SYSTEM\CS2\Services\Tcpip\..\{BF865243-8F68-4E7B-BE97-B255DC06C630}: DhcpNameServer=85.255.115.38,85.255.112.9
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E11DAC05-B0CD-4885-A2C8-4EEAB7FC030D}: DhcpNameServer=85.255.115.38,85.255.112.9
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E11DAC05-B0CD-4885-A2C8-4EEAB7FC030D}: NameServer=85.255.115.38,85.255.112.9
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.115.38 85.255.112.9
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.115.38 85.255.112.9
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: NameServer=85.255.115.38 85.255.112.9
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"="kddxq.exe"
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Reboot
C:\WINDOWS\system32\kddxq.exe Deleted
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» End
druhy log
ComboFix 08-02-25.3 - spake 2008-02-26 22:08:41.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.463 [GMT 1:00]
Running from: C:\Documents and Settings\spake\Plocha\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Common Files\StorageProtector
C:\Program Files\Common Files\StorageProtector\strpmon.exe
C:\Program Files\Internet Explorer\setupapi.dll
C:\Program Files\StorageProtector
C:\Program Files\StorageProtector\swupd.log
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\8_exception.nls
C:\WINDOWS\system32\abijwtwj.dll
C:\WINDOWS\system32\awtst.dll
C:\WINDOWS\system32\blbypvtj.dll
C:\WINDOWS\system32\dcxdgjjr.dllbox
C:\WINDOWS\system32\ddcdbab.dll
C:\WINDOWS\system32\dkfwgmmk.dll
C:\WINDOWS\system32\hgyonlav.ini
C:\WINDOWS\system32\chhqbyhi.ini
C:\WINDOWS\system32\ihybqhhc.dll
C:\WINDOWS\system32\jpemrqiu.ini
C:\WINDOWS\system32\jqwtextt.ini
C:\WINDOWS\system32\msfvbexs.dll
C:\WINDOWS\system32\nxqysmag.ini
C:\WINDOWS\system32\oeqlkevy.ini
C:\WINDOWS\system32\ojbncrmc.dll
C:\WINDOWS\system32\qiheklvd.dll
C:\WINDOWS\system32\qlmirpah.dll
C:\WINDOWS\system32\tierrpgq.dll
C:\WINDOWS\system32\tstwa.ini
C:\WINDOWS\system32\tstwa.ini2
C:\WINDOWS\system32\tyulkcdv.ini
C:\WINDOWS\system32\uiqrmepj.dll
C:\WINDOWS\system32\uwdrojqk.dll
C:\WINDOWS\system32\valnoygh.dll
C:\WINDOWS\system32\windows
C:\WINDOWS\system32\xhwgjkbt.ini
C:\WINDOWS\system32\ykyrehjk.dll
C:\WINDOWS\system32\ytnitkkx.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\runtime
((((((((((((((((((((((((( Files Created from 2008-01-26 to 2008-02-26 )))))))))))))))))))))))))))))))
.
2008-02-26 21:59 . 2008-02-26 21:59 4,308 --a------ C:\WINDOWS\system32\tmp.reg
2008-02-26 21:58 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-02-26 21:58 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-02-26 21:58 . 2008-02-22 18:44 86,016 --a------ C:\WINDOWS\system32\VACFix.exe
2008-02-26 21:58 . 2008-02-08 10:37 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-02-26 21:58 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-02-26 21:58 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-02-26 21:58 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-02-26 21:56 . 2008-02-26 21:56 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-02-26 21:27 . 2008-02-26 21:42 63,880 --a------ C:\WINDOWS\BM57567d59.xml
2008-02-26 21:27 . 2008-02-26 22:08 21 --a------ C:\WINDOWS\pskt.ini
2008-02-25 14:38 . 2008-02-25 14:38 <DIR> d-------- C:\totalcmd
2008-02-25 14:38 . 2006-10-23 06:55 545 --a------ C:\WINDOWS\UC.PIF
2008-02-25 14:38 . 2006-10-23 06:55 545 --a------ C:\WINDOWS\RAR.PIF
2008-02-25 14:38 . 2006-10-23 06:55 545 --a------ C:\WINDOWS\PKZIP.PIF
2008-02-25 14:38 . 2006-10-23 06:55 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2008-02-25 14:38 . 2006-10-23 06:55 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2008-02-25 14:38 . 2006-10-23 06:55 545 --a------ C:\WINDOWS\LHA.PIF
2008-02-25 14:38 . 2006-10-23 06:55 545 --a------ C:\WINDOWS\ARJ.PIF
2008-02-25 14:38 . 2008-02-25 15:06 506 --a------ C:\WINDOWS\wincmd.ini
2008-02-24 16:08 . 2008-02-24 16:08 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-23 00:32 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-02-23 00:32 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-02-23 00:32 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-02-23 00:32 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-02-23 00:32 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-02-23 00:31 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-02-23 00:31 . 2004-01-09 11:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-02-23 00:31 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AVASTSS.scr
2008-02-22 18:34 . 2008-02-22 18:34 334,336 --a------ C:\WINDOWS\system32\awtst.V01dll
2008-02-22 18:34 . 2008-02-22 18:34 334,336 --a------ C:\WINDOWS\system32\awtst.V00dll
2008-02-22 18:34 . 2008-02-22 18:34 40,448 --a------ C:\WINDOWS\system32\ddcdbab.V02dll
2008-02-22 18:33 . 2008-02-22 18:33 334,336 --a------ C:\WINDOWS\system32\awtst.Vdll
2008-02-22 18:33 . 2008-02-22 18:33 40,448 --a------ C:\WINDOWS\system32\ddcdbab.V01dll
2008-02-20 21:54 . 2008-02-20 21:54 8 --a------ C:\WINDOWS\system32\54655c4b
2008-02-19 16:32 . 2008-02-19 16:32 40,448 --a------ C:\WINDOWS\system32\ddcdbab.V00dll
2008-02-19 16:31 . 2008-02-19 16:31 40,448 --a------ C:\WINDOWS\system32\ddcdbab.Vdll
2008-02-16 11:20 . 2008-02-23 09:12 <DIR> d-------- C:\Program Files\ESET
2008-02-13 22:29 . 2008-02-13 22:29 <DIR> d-------- C:\Program Files\Macromedia
2008-02-13 22:29 . 2008-02-13 22:29 <DIR> d-------- C:\Program Files\Common Files\Vbox
2008-02-13 19:22 . 2008-02-13 19:22 54,762 --a------ C:\WINDOWS\system32\jkghje.dll
2008-02-13 19:17 . 1999-12-17 08:13 86,016 --a------ C:\WINDOWS\unvise32.exe
2008-02-13 14:19 . 2008-02-13 14:19 220,160 --a------ C:\Documents and Settings\spake\Update.exe
2008-02-13 14:19 . 2008-02-13 14:19 1,214 --a------ C:\Documents and Settings\spake\channels.dat
2008-02-11 20:38 . 1999-10-13 12:12 4,398 --a------ C:\WINDOWS\caesar3.ico
2008-02-11 20:35 . 2008-02-11 20:35 <DIR> d-------- C:\SIERRA
2008-02-11 20:34 . 2008-02-11 20:34 <DIR> d-------- C:\Program Files\Sierra On-Line
2008-02-11 20:34 . 2008-02-11 20:34 <DIR> d-------- C:\Documents and Settings\spake\WINDOWS
2008-02-11 20:34 . 2008-02-11 20:38 298 --a------ C:\WINDOWS\SIERRA.INI
2008-02-11 19:10 . 2008-02-25 14:22 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-11 19:10 . 2008-02-11 19:10 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-03 14:45 . 2008-02-03 14:51 <DIR> d-------- C:\Temp
2008-02-03 13:34 . 2008-02-03 13:37 7,680 --a------ C:\MyGraph.grf
2008-02-02 23:01 . 2008-02-02 23:01 <DIR> d-------- C:\Program Files\Electronic Arts
2008-01-26 23:45 . 2008-01-26 23:47 276 --a------ C:\WINDOWS\XIIIHooligans.ini
2008-01-26 23:36 . 2008-01-26 23:36 <DIR> d-------- C:\Program Files\Cenega Czech
2008-01-26 18:26 . 2008-01-26 18:26 33,824 --a------ C:\WINDOWS\system32\drivers\oreans32.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-13 22:34 --------- d-----w C:\Program Files\TrackMania Nations ESWC
2008-02-13 21:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-13 20:36 --------- d-----w C:\Program Files\Valve
2008-02-13 19:11 --------- d-----w C:\Program Files\uTorrent
2008-02-13 13:19 1,214 ----a-w C:\Documents and Settings\spake\channels.dat
2008-02-12 12:10 --------- d-----w C:\Program Files\Download Express
2008-01-24 12:48 --------- d-----w C:\Program Files\Sony Ericsson
2008-01-24 12:47 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-01-24 12:20 --------- d-----w C:\Program Files\Java
2008-01-24 11:44 --------- d--h--w C:\Program Files\Zero G Registry
2008-01-24 11:31 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-01-24 11:31 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf
2008-01-24 10:22 20,520 ----a-w C:\WINDOWS\system32\drivers\ggsemc.sys
2008-01-24 10:22 13,352 ----a-w C:\WINDOWS\system32\drivers\ggflt.sys
2008-01-21 08:11 --------- d-----w C:\Program Files\SmartSound Software
2008-01-21 08:10 --------- d-----w C:\Program Files\Windows Media Components
2008-01-21 08:09 --------- d-----w C:\Program Files\Ulead Systems
2008-01-21 08:09 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2008-01-21 08:09 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-19 21:08 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-01 14:40 --------- d-----w C:\Program Files\DVD X Studios
2007-12-29 11:20 --------- d-----w C:\Program Files\EA Games
2007-12-28 17:48 --------- d-----w C:\Program Files\HP
2007-12-28 17:48 --------- d-----w C:\Program Files\Common Files\HP
2007-12-27 20:09 --------- d-----w C:\Program Files\QuickTime
2007-12-27 17:37 --------- d-----w C:\Program Files\D-Tools
2007-12-27 17:34 --------- d-----w C:\Program Files\ImTOO
2007-12-27 16:24 --------- d-----w C:\Program Files\America's Army Server Manager
2007-12-27 16:24 --------- d-----w C:\Program Files\America's Army
2007-12-27 15:54 --------- d-----w C:\Program Files\QIP
2007-12-27 15:36 --------- d-----w C:\Program Files\MSXML 4.0
2007-12-27 15:25 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-12-27 15:19 --------- d-----w C:\Program Files\Common Files\Ahead
2007-12-27 15:15 --------- d-----w C:\Program Files\Winamp
2007-12-27 15:15 --------- d-----w C:\Program Files\Nero
2007-12-27 15:11 --------- d-----w C:\Program Files\programy
2007-12-27 15:04 --------- d-----w C:\Program Files\Common Files\Java
2007-12-27 15:00 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-27 14:55 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-12-27 14:55 --------- d-----w C:\Program Files\Codec Pack - All In 1
2007-12-27 14:54 --------- d-----w C:\Program Files\windowsy
2007-12-27 14:48 --------- d-----w C:\Program Files\Microsoft IntelliType Pro
2007-12-27 14:47 --------- d-----w C:\Program Files\Microsoft IntelliType Pro 5.0
2007-12-27 14:47 --------- d-----w C:\Program Files\Microsoft IntelliPoint
2007-12-27 14:46 --------- d-----w C:\Program Files\Microsoft IntelliPoint 5.2
2007-12-27 13:52 --------- d-----w C:\Program Files\Alwil Software
2007-12-27 13:49 --------- d-----w C:\Program Files\Hewlett-Packard
2007-12-27 13:48 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2007-12-27 10:30 --------- d-----w C:\Program Files\PCI Audio Applications
2007-12-27 10:30 --------- d-----w C:\Program Files\C-Media
2007-12-27 10:21 --------- d-----w C:\Program Files\ASUS
2007-12-27 10:19 --------- d-----w C:\Program Files\Analog Devices
2007-12-27 10:17 --------- d-----w C:\Program Files\Intel
2007-12-26 21:13 --------- d-----w C:\Program Files\microsoft frontpage
2003-03-21 12:37 16,056 ----a-w C:\Program Files\owcstp16.dll
2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\audio3d.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-18 13:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-18 13:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 16:28 790528]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\smax4.exe" [2003-05-30 09:42 585728]
"C-Media Echo Control"="C:\Program Files\PCI Audio Applications\Bin\EchoCtrl.exe" [2001-12-05 16:47 147456]
"C-Media Mixer"="Mixer.exe" [2002-03-04 04:02 1454080 C:\WINDOWS\mixer.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-07-12 09:50 4112384]
"nwiz"="nwiz.exe" [2004-07-12 09:50 843776 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-07-12 09:50 81920]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-06-03 01:50 204800]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2003-05-15 15:45 114688]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
"WinampAgent"="C:\Program Files\programy\Winamp\winampa.exe" [ ]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-27 21:09 155648]
"UVS10 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe" [2006-03-07 00:52 36864]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-18 13:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dcxdgjjr]
dcxdgjjr.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LogCrypt]
LogCrypt.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]
WLCtrl32.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\QIP\\qip.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Valve\\hl.exe"=
"C:\\Program Files\\America's Army\\System\\ArmyOps.exe"=
"C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"C:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2008-01-26 18:26]
S0 Vbg72;Vbg72;C:\WINDOWS\system32\Drivers\Vbg72.sys []
S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-01-24 11:22]
S3 SE31bus;Sony Ericsson Device 049 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE31bus.sys [2006-11-10 09:45]
S3 SE31mdfl;Sony Ericsson Device 049 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE31mdfl.sys [2006-11-10 09:45]
S3 SE31mdm;Sony Ericsson Device 049 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE31mdm.sys [2006-11-10 09:45]
S3 SE31mgmt;Sony Ericsson Device 049 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE31mgmt.sys [2006-11-10 09:45]
S3 se31nd5;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (NDIS);C:\WINDOWS\system32\DRIVERS\se31nd5.sys [2006-11-10 09:46]
S3 SE31obex;Sony Ericsson Device 049 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE31obex.sys [2006-11-10 09:46]
S3 se31unic;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (WDM);C:\WINDOWS\system32\DRIVERS\se31unic.sys [2006-11-10 09:46]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-26 22:16:24
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\programy\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Completion time: 2008-02-26 22:19:09 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-26 21:19:04
.
2008-02-13 13:19:01 --- E O F ---
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
ták.vyhrnem si rukávy,kdyš se kola... (až nás zase ty komančové voblbnou,já budu první vyset 
)
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu+nový hijackthis+info o problému
)
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:
Kód: Vybrat vše
File::
C:\WINDOWS\system32\Process.exe
C:\WINDOWS\system32\jkghje.dll
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dcxdgjjr]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LogCrypt]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu+nový hijackthis+info o problému
tak jsem zase tady i s logama. info o problemu myslite pred nebo po????
první log
ComboFix 08-02-25.3 - spake 2008-02-29 15:27:37.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.377 [GMT 1:00]
Running from: C:\Documents and Settings\spake\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\spake\Plocha\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\WINDOWS\system32\jkghje.dll
C:\WINDOWS\system32\Process.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Common Files\StorageProtector
C:\Program Files\Common Files\StorageProtector\strpmon.exe
C:\Program Files\Internet Explorer\setupapi.dll
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\abijwtwj.dll
C:\WINDOWS\system32\awtst.dll
C:\WINDOWS\system32\blbypvtj.dll
C:\WINDOWS\system32\ddcdbab.dll
C:\WINDOWS\system32\dkfwgmmk.dll
C:\WINDOWS\system32\hgyonlav.ini
C:\WINDOWS\system32\chhqbyhi.ini
C:\WINDOWS\system32\ihybqhhc.dll
C:\WINDOWS\system32\jkghje.dll
C:\WINDOWS\system32\jpemrqiu.ini
C:\WINDOWS\system32\jqwtextt.ini
C:\WINDOWS\system32\msfvbexs.dll
C:\WINDOWS\system32\nxqysmag.ini
C:\WINDOWS\system32\oeqlkevy.ini
C:\WINDOWS\system32\ojbncrmc.dll
C:\WINDOWS\system32\Process.exe
C:\WINDOWS\system32\qiheklvd.dll
C:\WINDOWS\system32\qlmirpah.dll
C:\WINDOWS\system32\tierrpgq.dll
C:\WINDOWS\system32\tstwa.ini
C:\WINDOWS\system32\tyulkcdv.ini
C:\WINDOWS\system32\uiqrmepj.dll
C:\WINDOWS\system32\uwdrojqk.dll
C:\WINDOWS\system32\valnoygh.dll
C:\WINDOWS\system32\xhwgjkbt.ini
C:\WINDOWS\system32\ykyrehjk.dll
C:\WINDOWS\system32\ytnitkkx.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\runtime
((((((((((((((((((((((((( Files Created from 2008-01-28 to 2008-02-29 )))))))))))))))))))))))))))))))
.
2008-02-27 01:01 . 2008-02-27 01:01 <DIR> d-------- C:\Program Files\FLVPlayer
2008-02-26 21:59 . 2008-02-26 21:59 4,308 --a------ C:\WINDOWS\system32\tmp.reg
2008-02-26 21:58 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-02-26 21:58 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-02-26 21:58 . 2008-02-22 18:44 86,016 --a------ C:\WINDOWS\system32\VACFix.exe
2008-02-26 21:58 . 2008-02-08 10:37 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-02-26 21:58 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-02-26 21:58 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-02-26 21:56 . 2008-02-26 21:56 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-02-26 21:27 . 2008-02-29 15:26 99,629 --a------ C:\WINDOWS\BM57567d59.xml
2008-02-26 21:27 . 2008-02-29 15:27 21 --a------ C:\WINDOWS\pskt.ini
2008-02-25 14:38 . 2008-02-25 14:38 <DIR> d-------- C:\totalcmd
2008-02-25 14:38 . 2006-10-23 06:55 545 --a------ C:\WINDOWS\UC.PIF
2008-02-25 14:38 . 2006-10-23 06:55 545 --a------ C:\WINDOWS\RAR.PIF
2008-02-25 14:38 . 2006-10-23 06:55 545 --a------ C:\WINDOWS\PKZIP.PIF
2008-02-25 14:38 . 2006-10-23 06:55 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2008-02-25 14:38 . 2006-10-23 06:55 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2008-02-25 14:38 . 2006-10-23 06:55 545 --a------ C:\WINDOWS\LHA.PIF
2008-02-25 14:38 . 2006-10-23 06:55 545 --a------ C:\WINDOWS\ARJ.PIF
2008-02-25 14:38 . 2008-02-25 15:06 506 --a------ C:\WINDOWS\wincmd.ini
2008-02-24 16:08 . 2008-02-24 16:08 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-23 00:32 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-02-23 00:32 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-02-23 00:32 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-02-23 00:32 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-02-23 00:32 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-02-23 00:31 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-02-23 00:31 . 2004-01-09 11:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-02-23 00:31 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AVASTSS.scr
2008-02-22 18:34 . 2008-02-22 18:34 334,336 --a------ C:\WINDOWS\system32\awtst.V01dll
2008-02-22 18:34 . 2008-02-22 18:34 334,336 --a------ C:\WINDOWS\system32\awtst.V00dll
2008-02-22 18:34 . 2008-02-22 18:34 40,448 --a------ C:\WINDOWS\system32\ddcdbab.V02dll
2008-02-22 18:33 . 2008-02-22 18:33 334,336 --a------ C:\WINDOWS\system32\awtst.Vdll
2008-02-22 18:33 . 2008-02-22 18:33 40,448 --a------ C:\WINDOWS\system32\ddcdbab.V01dll
2008-02-20 21:54 . 2008-02-20 21:54 8 --a------ C:\WINDOWS\system32\54655c4b
2008-02-19 16:32 . 2008-02-19 16:32 40,448 --a------ C:\WINDOWS\system32\ddcdbab.V00dll
2008-02-19 16:31 . 2008-02-19 16:31 40,448 --a------ C:\WINDOWS\system32\ddcdbab.Vdll
2008-02-16 11:20 . 2008-02-23 09:12 <DIR> d-------- C:\Program Files\ESET
2008-02-13 22:29 . 2008-02-13 22:29 <DIR> d-------- C:\Program Files\Macromedia
2008-02-13 22:29 . 2008-02-13 22:29 <DIR> d-------- C:\Program Files\Common Files\Vbox
2008-02-13 19:17 . 1999-12-17 08:13 86,016 --a------ C:\WINDOWS\unvise32.exe
2008-02-13 14:19 . 2008-02-13 14:19 220,160 --a------ C:\Documents and Settings\spake\Update.exe
2008-02-13 14:19 . 2008-02-13 14:19 1,214 --a------ C:\Documents and Settings\spake\channels.dat
2008-02-11 20:38 . 1999-10-13 12:12 4,398 --a------ C:\WINDOWS\caesar3.ico
2008-02-11 20:35 . 2008-02-11 20:35 <DIR> d-------- C:\SIERRA
2008-02-11 20:34 . 2008-02-11 20:34 <DIR> d-------- C:\Program Files\Sierra On-Line
2008-02-11 20:34 . 2008-02-11 20:34 <DIR> d-------- C:\Documents and Settings\spake\WINDOWS
2008-02-11 20:34 . 2008-02-11 20:38 298 --a------ C:\WINDOWS\SIERRA.INI
2008-02-11 19:10 . 2008-02-25 14:22 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-11 19:10 . 2008-02-11 19:10 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-03 14:45 . 2008-02-03 14:51 <DIR> d-------- C:\Temp
2008-02-03 13:34 . 2008-02-03 13:37 7,680 --a------ C:\MyGraph.grf
2008-02-02 23:01 . 2008-02-02 23:01 <DIR> d-------- C:\Program Files\Electronic Arts
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-13 22:34 --------- d-----w C:\Program Files\TrackMania Nations ESWC
2008-02-13 21:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-13 20:36 --------- d-----w C:\Program Files\Valve
2008-02-13 19:11 --------- d-----w C:\Program Files\uTorrent
2008-02-13 13:19 1,214 ----a-w C:\Documents and Settings\spake\channels.dat
2008-02-12 12:10 --------- d-----w C:\Program Files\Download Express
2008-01-26 22:36 --------- d-----w C:\Program Files\Cenega Czech
2008-01-26 17:26 33,824 ----a-w C:\WINDOWS\system32\drivers\oreans32.sys
2008-01-24 12:48 --------- d-----w C:\Program Files\Sony Ericsson
2008-01-24 12:47 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-01-24 12:20 --------- d-----w C:\Program Files\Java
2008-01-24 11:44 --------- d--h--w C:\Program Files\Zero G Registry
2008-01-24 11:31 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-01-24 11:31 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf
2008-01-24 10:22 20,520 ----a-w C:\WINDOWS\system32\drivers\ggsemc.sys
2008-01-24 10:22 13,352 ----a-w C:\WINDOWS\system32\drivers\ggflt.sys
2008-01-21 08:11 --------- d-----w C:\Program Files\SmartSound Software
2008-01-21 08:10 --------- d-----w C:\Program Files\Windows Media Components
2008-01-21 08:09 --------- d-----w C:\Program Files\Ulead Systems
2008-01-21 08:09 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2008-01-21 08:09 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-19 21:08 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-01 14:40 --------- d-----w C:\Program Files\DVD X Studios
2007-12-29 11:20 --------- d-----w C:\Program Files\EA Games
2007-12-28 17:48 --------- d-----w C:\Program Files\HP
2007-12-28 17:48 --------- d-----w C:\Program Files\Common Files\HP
2007-12-27 14:55 737,280 ----a-w C:\WINDOWS\iun6002.exe
2003-03-21 12:37 16,056 ----a-w C:\Program Files\owcstp16.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-18 13:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-18 13:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 16:28 790528]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\smax4.exe" [2003-05-30 09:42 585728]
"C-Media Echo Control"="C:\Program Files\PCI Audio Applications\Bin\EchoCtrl.exe" [2001-12-05 16:47 147456]
"C-Media Mixer"="Mixer.exe" [2002-03-04 04:02 1454080 C:\WINDOWS\mixer.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-07-12 09:50 4112384]
"nwiz"="nwiz.exe" [2004-07-12 09:50 843776 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-07-12 09:50 81920]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-06-03 01:50 204800]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2003-05-15 15:45 114688]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
"WinampAgent"="C:\Program Files\programy\Winamp\winampa.exe" [ ]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-27 21:09 155648]
"UVS10 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe" [2006-03-07 00:52 36864]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-18 13:00 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\QIP\\qip.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Valve\\hl.exe"=
"C:\\Program Files\\America's Army\\System\\ArmyOps.exe"=
"C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"C:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2008-01-26 18:26]
S0 Vbg72;Vbg72;C:\WINDOWS\system32\Drivers\Vbg72.sys []
S1 wer32;wer32;C:\WINDOWS\system32\jkghje.dll []
S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-01-24 11:22]
S3 SE31bus;Sony Ericsson Device 049 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE31bus.sys [2006-11-10 09:45]
S3 SE31mdfl;Sony Ericsson Device 049 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE31mdfl.sys [2006-11-10 09:45]
S3 SE31mdm;Sony Ericsson Device 049 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE31mdm.sys [2006-11-10 09:45]
S3 SE31mgmt;Sony Ericsson Device 049 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE31mgmt.sys [2006-11-10 09:45]
S3 se31nd5;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (NDIS);C:\WINDOWS\system32\DRIVERS\se31nd5.sys [2006-11-10 09:46]
S3 SE31obex;Sony Ericsson Device 049 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE31obex.sys [2006-11-10 09:46]
S3 se31unic;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (WDM);C:\WINDOWS\system32\DRIVERS\se31unic.sys [2006-11-10 09:46]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-29 15:32:46
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-02-29 15:35:06 - machine was rebooted [spake]
ComboFix-quarantined-files.txt 2008-02-29 14:35:02
ComboFix2.txt 2008-02-26 21:19:09
.
2008-02-13 13:19:01 --- E O F ---
log hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:36:32, on 29.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\PCI Audio Applications\Bin\EchoCtrl.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Programy\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [C-Media Echo Control] C:\Program Files\PCI Audio Applications\Bin\EchoCtrl.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\programy\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\programy\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout pomocí Download &Express - C:\Program Files\Download Express\Add_Url.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{565DB8BE-E5A5-433D-8B7C-33B4F0E37A99}: NameServer = 85.255.115.38,85.255.112.9
O17 - HKLM\System\CCS\Services\Tcpip\..\{6AB924B1-8293-48D6-A172-902866720376}: NameServer = 85.255.115.38,85.255.112.9
O17 - HKLM\System\CCS\Services\Tcpip\..\{9BCEDB53-98DB-4788-8EA5-EDFD28FA6FAF}: NameServer = 85.255.115.38,85.255.112.9
O17 - HKLM\System\CCS\Services\Tcpip\..\{E11DAC05-B0CD-4885-A2C8-4EEAB7FC030D}: NameServer = 85.255.115.38,85.255.112.9
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.38 85.255.112.9
O17 - HKLM\System\CS1\Services\Tcpip\..\{565DB8BE-E5A5-433D-8B7C-33B4F0E37A99}: NameServer = 85.255.115.38,85.255.112.9
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.38 85.255.112.9
O17 - HKLM\System\CS2\Services\Tcpip\..\{565DB8BE-E5A5-433D-8B7C-33B4F0E37A99}: NameServer = 85.255.115.38,85.255.112.9
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.38 85.255.112.9
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 7239 bytes
první log
ComboFix 08-02-25.3 - spake 2008-02-29 15:27:37.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.377 [GMT 1:00]
Running from: C:\Documents and Settings\spake\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\spake\Plocha\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\WINDOWS\system32\jkghje.dll
C:\WINDOWS\system32\Process.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Common Files\StorageProtector
C:\Program Files\Common Files\StorageProtector\strpmon.exe
C:\Program Files\Internet Explorer\setupapi.dll
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\abijwtwj.dll
C:\WINDOWS\system32\awtst.dll
C:\WINDOWS\system32\blbypvtj.dll
C:\WINDOWS\system32\ddcdbab.dll
C:\WINDOWS\system32\dkfwgmmk.dll
C:\WINDOWS\system32\hgyonlav.ini
C:\WINDOWS\system32\chhqbyhi.ini
C:\WINDOWS\system32\ihybqhhc.dll
C:\WINDOWS\system32\jkghje.dll
C:\WINDOWS\system32\jpemrqiu.ini
C:\WINDOWS\system32\jqwtextt.ini
C:\WINDOWS\system32\msfvbexs.dll
C:\WINDOWS\system32\nxqysmag.ini
C:\WINDOWS\system32\oeqlkevy.ini
C:\WINDOWS\system32\ojbncrmc.dll
C:\WINDOWS\system32\Process.exe
C:\WINDOWS\system32\qiheklvd.dll
C:\WINDOWS\system32\qlmirpah.dll
C:\WINDOWS\system32\tierrpgq.dll
C:\WINDOWS\system32\tstwa.ini
C:\WINDOWS\system32\tyulkcdv.ini
C:\WINDOWS\system32\uiqrmepj.dll
C:\WINDOWS\system32\uwdrojqk.dll
C:\WINDOWS\system32\valnoygh.dll
C:\WINDOWS\system32\xhwgjkbt.ini
C:\WINDOWS\system32\ykyrehjk.dll
C:\WINDOWS\system32\ytnitkkx.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\runtime
((((((((((((((((((((((((( Files Created from 2008-01-28 to 2008-02-29 )))))))))))))))))))))))))))))))
.
2008-02-27 01:01 . 2008-02-27 01:01 <DIR> d-------- C:\Program Files\FLVPlayer
2008-02-26 21:59 . 2008-02-26 21:59 4,308 --a------ C:\WINDOWS\system32\tmp.reg
2008-02-26 21:58 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-02-26 21:58 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-02-26 21:58 . 2008-02-22 18:44 86,016 --a------ C:\WINDOWS\system32\VACFix.exe
2008-02-26 21:58 . 2008-02-08 10:37 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-02-26 21:58 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-02-26 21:58 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-02-26 21:56 . 2008-02-26 21:56 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-02-26 21:27 . 2008-02-29 15:26 99,629 --a------ C:\WINDOWS\BM57567d59.xml
2008-02-26 21:27 . 2008-02-29 15:27 21 --a------ C:\WINDOWS\pskt.ini
2008-02-25 14:38 . 2008-02-25 14:38 <DIR> d-------- C:\totalcmd
2008-02-25 14:38 . 2006-10-23 06:55 545 --a------ C:\WINDOWS\UC.PIF
2008-02-25 14:38 . 2006-10-23 06:55 545 --a------ C:\WINDOWS\RAR.PIF
2008-02-25 14:38 . 2006-10-23 06:55 545 --a------ C:\WINDOWS\PKZIP.PIF
2008-02-25 14:38 . 2006-10-23 06:55 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2008-02-25 14:38 . 2006-10-23 06:55 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2008-02-25 14:38 . 2006-10-23 06:55 545 --a------ C:\WINDOWS\LHA.PIF
2008-02-25 14:38 . 2006-10-23 06:55 545 --a------ C:\WINDOWS\ARJ.PIF
2008-02-25 14:38 . 2008-02-25 15:06 506 --a------ C:\WINDOWS\wincmd.ini
2008-02-24 16:08 . 2008-02-24 16:08 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-23 00:32 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-02-23 00:32 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-02-23 00:32 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-02-23 00:32 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-02-23 00:32 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-02-23 00:31 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-02-23 00:31 . 2004-01-09 11:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-02-23 00:31 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AVASTSS.scr
2008-02-22 18:34 . 2008-02-22 18:34 334,336 --a------ C:\WINDOWS\system32\awtst.V01dll
2008-02-22 18:34 . 2008-02-22 18:34 334,336 --a------ C:\WINDOWS\system32\awtst.V00dll
2008-02-22 18:34 . 2008-02-22 18:34 40,448 --a------ C:\WINDOWS\system32\ddcdbab.V02dll
2008-02-22 18:33 . 2008-02-22 18:33 334,336 --a------ C:\WINDOWS\system32\awtst.Vdll
2008-02-22 18:33 . 2008-02-22 18:33 40,448 --a------ C:\WINDOWS\system32\ddcdbab.V01dll
2008-02-20 21:54 . 2008-02-20 21:54 8 --a------ C:\WINDOWS\system32\54655c4b
2008-02-19 16:32 . 2008-02-19 16:32 40,448 --a------ C:\WINDOWS\system32\ddcdbab.V00dll
2008-02-19 16:31 . 2008-02-19 16:31 40,448 --a------ C:\WINDOWS\system32\ddcdbab.Vdll
2008-02-16 11:20 . 2008-02-23 09:12 <DIR> d-------- C:\Program Files\ESET
2008-02-13 22:29 . 2008-02-13 22:29 <DIR> d-------- C:\Program Files\Macromedia
2008-02-13 22:29 . 2008-02-13 22:29 <DIR> d-------- C:\Program Files\Common Files\Vbox
2008-02-13 19:17 . 1999-12-17 08:13 86,016 --a------ C:\WINDOWS\unvise32.exe
2008-02-13 14:19 . 2008-02-13 14:19 220,160 --a------ C:\Documents and Settings\spake\Update.exe
2008-02-13 14:19 . 2008-02-13 14:19 1,214 --a------ C:\Documents and Settings\spake\channels.dat
2008-02-11 20:38 . 1999-10-13 12:12 4,398 --a------ C:\WINDOWS\caesar3.ico
2008-02-11 20:35 . 2008-02-11 20:35 <DIR> d-------- C:\SIERRA
2008-02-11 20:34 . 2008-02-11 20:34 <DIR> d-------- C:\Program Files\Sierra On-Line
2008-02-11 20:34 . 2008-02-11 20:34 <DIR> d-------- C:\Documents and Settings\spake\WINDOWS
2008-02-11 20:34 . 2008-02-11 20:38 298 --a------ C:\WINDOWS\SIERRA.INI
2008-02-11 19:10 . 2008-02-25 14:22 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-11 19:10 . 2008-02-11 19:10 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-03 14:45 . 2008-02-03 14:51 <DIR> d-------- C:\Temp
2008-02-03 13:34 . 2008-02-03 13:37 7,680 --a------ C:\MyGraph.grf
2008-02-02 23:01 . 2008-02-02 23:01 <DIR> d-------- C:\Program Files\Electronic Arts
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-13 22:34 --------- d-----w C:\Program Files\TrackMania Nations ESWC
2008-02-13 21:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-13 20:36 --------- d-----w C:\Program Files\Valve
2008-02-13 19:11 --------- d-----w C:\Program Files\uTorrent
2008-02-13 13:19 1,214 ----a-w C:\Documents and Settings\spake\channels.dat
2008-02-12 12:10 --------- d-----w C:\Program Files\Download Express
2008-01-26 22:36 --------- d-----w C:\Program Files\Cenega Czech
2008-01-26 17:26 33,824 ----a-w C:\WINDOWS\system32\drivers\oreans32.sys
2008-01-24 12:48 --------- d-----w C:\Program Files\Sony Ericsson
2008-01-24 12:47 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-01-24 12:20 --------- d-----w C:\Program Files\Java
2008-01-24 11:44 --------- d--h--w C:\Program Files\Zero G Registry
2008-01-24 11:31 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-01-24 11:31 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf
2008-01-24 10:22 20,520 ----a-w C:\WINDOWS\system32\drivers\ggsemc.sys
2008-01-24 10:22 13,352 ----a-w C:\WINDOWS\system32\drivers\ggflt.sys
2008-01-21 08:11 --------- d-----w C:\Program Files\SmartSound Software
2008-01-21 08:10 --------- d-----w C:\Program Files\Windows Media Components
2008-01-21 08:09 --------- d-----w C:\Program Files\Ulead Systems
2008-01-21 08:09 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2008-01-21 08:09 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-19 21:08 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-01 14:40 --------- d-----w C:\Program Files\DVD X Studios
2007-12-29 11:20 --------- d-----w C:\Program Files\EA Games
2007-12-28 17:48 --------- d-----w C:\Program Files\HP
2007-12-28 17:48 --------- d-----w C:\Program Files\Common Files\HP
2007-12-27 14:55 737,280 ----a-w C:\WINDOWS\iun6002.exe
2003-03-21 12:37 16,056 ----a-w C:\Program Files\owcstp16.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-18 13:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-18 13:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 16:28 790528]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\smax4.exe" [2003-05-30 09:42 585728]
"C-Media Echo Control"="C:\Program Files\PCI Audio Applications\Bin\EchoCtrl.exe" [2001-12-05 16:47 147456]
"C-Media Mixer"="Mixer.exe" [2002-03-04 04:02 1454080 C:\WINDOWS\mixer.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-07-12 09:50 4112384]
"nwiz"="nwiz.exe" [2004-07-12 09:50 843776 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-07-12 09:50 81920]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-06-03 01:50 204800]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2003-05-15 15:45 114688]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
"WinampAgent"="C:\Program Files\programy\Winamp\winampa.exe" [ ]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-27 21:09 155648]
"UVS10 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe" [2006-03-07 00:52 36864]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-18 13:00 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\QIP\\qip.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Valve\\hl.exe"=
"C:\\Program Files\\America's Army\\System\\ArmyOps.exe"=
"C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"C:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2008-01-26 18:26]
S0 Vbg72;Vbg72;C:\WINDOWS\system32\Drivers\Vbg72.sys []
S1 wer32;wer32;C:\WINDOWS\system32\jkghje.dll []
S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-01-24 11:22]
S3 SE31bus;Sony Ericsson Device 049 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE31bus.sys [2006-11-10 09:45]
S3 SE31mdfl;Sony Ericsson Device 049 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE31mdfl.sys [2006-11-10 09:45]
S3 SE31mdm;Sony Ericsson Device 049 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE31mdm.sys [2006-11-10 09:45]
S3 SE31mgmt;Sony Ericsson Device 049 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE31mgmt.sys [2006-11-10 09:45]
S3 se31nd5;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (NDIS);C:\WINDOWS\system32\DRIVERS\se31nd5.sys [2006-11-10 09:46]
S3 SE31obex;Sony Ericsson Device 049 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE31obex.sys [2006-11-10 09:46]
S3 se31unic;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (WDM);C:\WINDOWS\system32\DRIVERS\se31unic.sys [2006-11-10 09:46]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-29 15:32:46
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-02-29 15:35:06 - machine was rebooted [spake]
ComboFix-quarantined-files.txt 2008-02-29 14:35:02
ComboFix2.txt 2008-02-26 21:19:09
.
2008-02-13 13:19:01 --- E O F ---
log hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:36:32, on 29.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\PCI Audio Applications\Bin\EchoCtrl.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Programy\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [C-Media Echo Control] C:\Program Files\PCI Audio Applications\Bin\EchoCtrl.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\programy\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\programy\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout pomocí Download &Express - C:\Program Files\Download Express\Add_Url.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{565DB8BE-E5A5-433D-8B7C-33B4F0E37A99}: NameServer = 85.255.115.38,85.255.112.9
O17 - HKLM\System\CCS\Services\Tcpip\..\{6AB924B1-8293-48D6-A172-902866720376}: NameServer = 85.255.115.38,85.255.112.9
O17 - HKLM\System\CCS\Services\Tcpip\..\{9BCEDB53-98DB-4788-8EA5-EDFD28FA6FAF}: NameServer = 85.255.115.38,85.255.112.9
O17 - HKLM\System\CCS\Services\Tcpip\..\{E11DAC05-B0CD-4885-A2C8-4EEAB7FC030D}: NameServer = 85.255.115.38,85.255.112.9
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.38 85.255.112.9
O17 - HKLM\System\CS1\Services\Tcpip\..\{565DB8BE-E5A5-433D-8B7C-33B4F0E37A99}: NameServer = 85.255.115.38,85.255.112.9
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.38 85.255.112.9
O17 - HKLM\System\CS2\Services\Tcpip\..\{565DB8BE-E5A5-433D-8B7C-33B4F0E37A99}: NameServer = 85.255.115.38,85.255.112.9
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.38 85.255.112.9
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 7239 bytes
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
použij fixwareout (přiznám,že sem omylem zaměnil smitfraudfix za fixwareout-nic,jenom to samozřejmě nezabralo)
http://www.viry.cz/forum/viewtopic.php?t=18759
tak postupuj podle návodu v odkazu.pošli log a novej hijackthis a info jak se komp chová po akci
http://www.viry.cz/forum/viewtopic.php?t=18759
tak postupuj podle návodu v odkazu.pošli log a novej hijackthis a info jak se komp chová po akci
po fixwareout me nesel internet ale mame tu bourku tak jsem si myslel ze me ze jim vypadl vysilac ale mrknul jsem se na IP adresu a nebyli zadany DNS adresy tak jsem je musel dopsat no ale jinak si myslim ze od zacatku co se to snazim opravit se to zlepsilo protoze net behal pomalu a tedka to beha skoro jako pred tim a dokonce ani nevyskakujou okna s hlasenim o viru coz pred tim bylo normalni prikladam tedy logy
Fixwareout
Username "spake" - 01.03.2008 22:10:32 [Fixwareout edited 9/01/2007]
~~~~~ Prerun check
System was rebooted successfully.
~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....
~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"SoundMAXPnP"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMax4PNP.exe"
"SoundMAX"="\"C:\\Program Files\\Analog Devices\\SoundMAX\\smax4.exe\" /tray"
"C-Media Echo Control"="C:\\Program Files\\PCI Audio Applications\\Bin\\EchoCtrl.exe"
"C-Media Mixer"="Mixer.exe /startup"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"DAEMON Tools-1033"="\"C:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033"
"IntelliPoint"="\"C:\\Program Files\\Microsoft IntelliPoint\\point32.exe\""
"type32"="\"C:\\Program Files\\Microsoft IntelliType Pro\\type32.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_04\\bin\\jusched.exe\""
"WinampAgent"="C:\\Program Files\\programy\\Winamp\\winampa.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"UVS10 Preload"="C:\\Program Files\\Ulead Systems\\Ulead VideoStudio 10\\uvPL.exe"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~
hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:15:25, on 1.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\PCI Audio Applications\Bin\EchoCtrl.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\programy\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Programy\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [C-Media Echo Control] C:\Program Files\PCI Audio Applications\Bin\EchoCtrl.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\programy\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\programy\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout pomocí Download &Express - C:\Program Files\Download Express\Add_Url.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 6724 bytes
Fixwareout
Username "spake" - 01.03.2008 22:10:32 [Fixwareout edited 9/01/2007]
~~~~~ Prerun check
System was rebooted successfully.
~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....
~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"SoundMAXPnP"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMax4PNP.exe"
"SoundMAX"="\"C:\\Program Files\\Analog Devices\\SoundMAX\\smax4.exe\" /tray"
"C-Media Echo Control"="C:\\Program Files\\PCI Audio Applications\\Bin\\EchoCtrl.exe"
"C-Media Mixer"="Mixer.exe /startup"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"DAEMON Tools-1033"="\"C:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033"
"IntelliPoint"="\"C:\\Program Files\\Microsoft IntelliPoint\\point32.exe\""
"type32"="\"C:\\Program Files\\Microsoft IntelliType Pro\\type32.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_04\\bin\\jusched.exe\""
"WinampAgent"="C:\\Program Files\\programy\\Winamp\\winampa.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"UVS10 Preload"="C:\\Program Files\\Ulead Systems\\Ulead VideoStudio 10\\uvPL.exe"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~
hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:15:25, on 1.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\PCI Audio Applications\Bin\EchoCtrl.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\programy\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Programy\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [C-Media Echo Control] C:\Program Files\PCI Audio Applications\Bin\EchoCtrl.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\programy\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\programy\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout pomocí Download &Express - C:\Program Files\Download Express\Add_Url.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 6724 bytes
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
fajn.jak postupovat při ztrátě "spojení" je i v tom návodu.ale důležité je,že to je ok.
doporučuju instalaci firewallu a antispyware
vyber si tady,doporučuju ZoneAlarm nebo Comodo
návod na ZA http://www.kn.vutbr.cz/docs/conf/zonealarm/
na comodo http://www.nforce.cz/modules.php?name=N ... cle&sid=18
ANTISPYWARE
Spyware Terminator nebo Spybot S&D
návod na ST http://www.viry.cz/forum/viewtopic.php?t=44730
návod na Spybot http://www.jaknato.com/index.php?clanek ... tne-slouzi
doporučuju instalaci firewallu a antispyware
vyber si tady,doporučuju ZoneAlarm nebo Comodo
návod na ZA http://www.kn.vutbr.cz/docs/conf/zonealarm/
na comodo http://www.nforce.cz/modules.php?name=N ... cle&sid=18
ANTISPYWARE
Spyware Terminator nebo Spybot S&D
návod na ST http://www.viry.cz/forum/viewtopic.php?t=44730
návod na Spybot http://www.jaknato.com/index.php?clanek ... tne-slouzi
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 72 hostů