Prosim o kontrolu logu z HJT Vyřešeno

[jaro3]

Stahni jsi Avanger
do něj podle navodu:
http://www.viry.cz/forum/viewtopic.php?t=19832%20.
zadej prikaz z kodu:

Kód: Vybrat vše

Files to delete:
c:\windows\system32\drivers\ssquqkqw.sys
Drivers to delete:
ssquqkqw


Pak nový log z CF.

[Reklama]

[Kobuk]

Log z Avengeru:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file "c:\windows\system32\drivers\ssquqkqw.sys" not found!
Deletion of file "c:\windows\system32\drivers\ssquqkqw.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\ssquqkqw" not found!
Deletion of driver "ssquqkqw" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.


Log z ComboFix:

ComboFix 08-11-09.04 - User 2008-11-10 21:18:07.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.668 [GMT 1:00]
Spuštěný z: c:\documents and settings\User\Plocha\ComboFix.exe
.

((((((((((((((((((((((((( Soubory vytvořené od 2008-10-10 do 2008-11-10 )))))))))))))))))))))))))))))))
.

2008-11-10 20:09 . 2008-11-10 20:48 <DIR> d-------- c:\program files\Alwil Software
2008-11-10 18:10 . 2008-11-10 18:10 578,560 --a--c--- c:\windows\system32\dllcache\user32.dll
2008-11-10 18:09 . 2008-11-10 18:09 <DIR> d-------- c:\windows\ERUNT
2008-11-09 17:53 . 2008-11-09 17:53 <DIR> d-------- c:\program files\Trend Micro
2008-11-09 15:43 . 2008-11-09 16:00 85 --a-s---- c:\windows\system32\1345145592.dat
2008-11-09 15:43 . 2008-11-09 15:43 29 --a------ c:\windows\system32\eeepooor.tmp
2008-11-02 18:38 . 2008-11-02 18:38 <DIR> d-------- c:\windows\nview
2008-11-02 18:38 . 2008-11-10 21:20 200,819 --a------ c:\windows\system32\nvapps.xml
2008-11-02 18:38 . 2008-10-07 13:33 18,477 --a------ c:\windows\system32\nvdisp.nvu
2008-10-27 15:52 . 2008-10-15 17:38 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-16 17:25 . 2008-08-14 14:26 2,191,360 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-16 17:25 . 2008-08-14 14:26 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-16 17:25 . 2008-08-14 14:26 2,068,224 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-16 17:25 . 2008-08-14 14:26 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-16 17:25 . 2008-09-15 16:27 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-10-16 17:25 . 2008-09-08 11:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-10 20:20 --------- d-----w c:\program files\SpeedFan
2008-11-10 20:09 --------- d-----w c:\program files\Mozilla Thunderbird
2008-11-10 18:56 --------- d-----w c:\program files\GetRight
2008-11-08 09:58 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-02 16:08 --------- d-----w c:\documents and settings\User\Data aplikací\Comodo
2008-11-02 16:08 --------- d-----w c:\documents and settings\All Users\Data aplikací\Comodo
2008-11-01 16:50 --------- d-----w c:\program files\mIRC
2008-10-07 12:33 6,133,856 ----a-w c:\windows\system32\drivers\nv4_mini.sys
2002-08-27 16:57 65,974 ----a-w c:\program files\viewsonicinstruct_xp.pdf
2008-05-17 09:10 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008051720080518\index.dat
2008-05-17 09:10 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-11-10_19.01.11.42 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-19 14:43:08 1,163,960 ----a-w c:\windows\system32\aswBoot.exe
+ 2008-07-19 15:43:08 1,163,960 ----a-w c:\windows\system32\aswBoot.exe
- 2008-07-19 14:30:53 94,392 ----a-w c:\windows\system32\AVASTSS.scr
+ 2008-07-19 15:30:53 94,392 ----a-w c:\windows\system32\AvastSS.scr
- 2008-07-19 14:32:15 26,944 ----a-w c:\windows\system32\drivers\aavmker4.sys
+ 2008-07-19 15:32:15 26,944 ----a-w c:\windows\system32\drivers\aavmker4.sys
- 2008-07-19 14:37:42 20,560 ----a-w c:\windows\system32\drivers\aswFsBlk.sys
+ 2008-07-19 15:37:42 20,560 ----a-w c:\windows\system32\drivers\aswFsBlk.sys
- 2008-01-17 15:34:01 93,264 ----a-w c:\windows\system32\drivers\aswmon.sys
+ 2008-01-17 17:34:01 93,264 ----a-w c:\windows\system32\drivers\aswmon.sys
- 2008-07-19 14:37:21 94,416 ----a-w c:\windows\system32\drivers\aswmon2.sys
+ 2008-07-19 15:37:21 94,416 ----a-w c:\windows\system32\drivers\aswmon2.sys
- 2008-07-19 14:33:42 23,152 ----a-w c:\windows\system32\drivers\aswRdr.sys
+ 2008-07-19 15:33:42 23,152 ----a-w c:\windows\system32\drivers\aswRdr.sys
- 2008-07-19 14:35:18 78,416 ----a-w c:\windows\system32\drivers\aswSP.sys
+ 2008-07-19 15:35:18 78,416 ----a-w c:\windows\system32\drivers\aswSP.sys
+ 2008-07-19 15:32:36 42,912 ----a-w c:\windows\system32\drivers\aswTdi.sys
- 2008-11-10 17:59:30 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_594.dat
+ 2008-11-10 20:20:26 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_594.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2007-01-05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImage\TrueImageMonitor.exe" [2005-10-25 988565]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2005-10-25 118784]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-10 282624]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2007-05-11 2512392]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-18 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-18 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 c:\windows\SOUNDMAN.EXE]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
SpeedFan.lnk - c:\program files\SpeedFan\speedfan.exe [2006-02-08 2510336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2008-04-13 69120]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f2dc584-6531-11dc-a2f0-0017312e752a}]
\Shell\AutoRun\command - h:\wd_windows_tools\setup.exe
.
.
------- Doplňkový sken -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.spiegel.de/
O8 -: Download with GetRight - c:\program files\GetRight\GRdownload.htm
O8 -: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-10 21:20:53
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\windows\ATKKBService.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\oodag.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2008-11-10 21:23:18 - počítač byl restartován
ComboFix-quarantined-files.txt 2008-11-10 20:22:26
ComboFix2.txt 2008-11-10 19:59:50
ComboFix3.txt 2008-11-10 18:02:23

Před spuštěním: Volných bajtů: 61 290 749 952
Po spuštění: Volných bajtů: 61,283,434,496

142

[jaro3]

O.K.tak ještě nový log z HJT.

[Kobuk]

Tady je:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:34:35, on 10.11.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ATKKBService.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.spiegel.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 3052411593
O20 - AppInit_DLLs:
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

--
End of file - 5471 bytes

[jaro3]

Fix v HJT:

Kód: Vybrat vše

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O20 - AppInit_DLLs:


ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

Aktualizuj javu:
Java SE Runtime Environment 6u10

Vyber OS ( předpokládám Windows), zatržítko agree-continue
Vyber:
Windows Offline Installation
jre-6u10-windows-i586-p.exe
Ostatní javy odeber v přidat/odebrat programy.
Je to vše.

[Kobuk]

Provedeno. Zatím to vypadá dobře, tak mockrát díky za čas.
Tomu říkám pomoc!