prosim o kontrolu logu mwav Vyřešeno

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

Odpovědět
lc_lubko
nováček
Příspěvky: 23
Registrován: květen 09
Pohlaví: Muž
Stav:
Offline

prosim o kontrolu logu mwav

Příspěvekod lc_lubko » 26 kvě 2009 07:32

HJT neide spustit, vkuse vyskakuje okienko Malware doctor neviem ho zatvorit, Ctrl+Alt+Del vyhodi hlasku "spravca tohto systemu zakazal spravcu uloh" ale msconfig v prik riadku funguje, pozeram ze awast sa automaticky nespusta, ale presiel som nim pc este pred startom win a nechal zmazat napadnute subory, ako vidim zostalo vela svinstva...
tu je log z mwav: ako to zmazat rucne?

File C:\WINDOWS\system32\adsndss.dll infected by "Backdoor.Generic.127179 (DB)" Virus! Action Taken: No Action Taken.
Object "Spyware.SpyBossPro Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Spyware.SpyBossPro Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Spyware.NetScreenWatch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Spyware.SmartPCKeylog Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Spyware.SmartPCKeylog Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Spyware.SmartPCKeylog Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Spyware.SmartPCKeylog Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "SmitFraud Browser Hijacker" found in File System! Action Taken: No Action Taken.
Object "WareOut Adware" found in File System! Action Taken: No Action Taken.
Object "WareOut Adware" found in File System! Action Taken: No Action Taken.
Object "CyberSitter Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Spyware.SpyBossPro Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Spyware.KeyProwler Corrupted Adware/Spyware" found in File System! Action Taken: No Action Taken.
Entry "HKCR\divxsm" refers to invalid object "{A0717E52-8AC8-4dd9-8682-0B76775125E6}". Action Taken: No Action Taken.
Entry "HKCR\FlashProp.FlashProp.1" refers to invalid object "{1171A62F-05D2-11D1-83FC-00A0C9089C5A}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "pc translator". Action Taken: No Action Taken.
File C:\WINDOWS\system32\adsndss.dll infected by "Backdoor.Generic.127179 (DB)" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\system32\digiwet.dll infected by "Backdoor.Zdoogu.H (DB)" Virus! Action Taken: No Action Taken.
File C:\!\Alcohol 120% 1.9.5.3105 + Betamaster patch (LATEST)\betamasterpatch.rar infected by "Trojan.Generic.1318678 (DB)" Virus! Action Taken: No Action Taken.
File C:\!\Alcohol 120% 1.9.5.3105 + Betamaster patch (LATEST)\patch_3105.exe infected by "Trojan.Generic.1318678 (DB)" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Data aplikací\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Packages\Nokia_PC_Suite\Setup\Nokia_PC_Suite.msi infected by "THREAT_TYPE_ARCHBOMB (DB)" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Data aplikací\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Packages\Nokia_PC_Suite\Setup\Nokia_PC_Suite.msi infected by "THREAT_TYPE_ARCHBOMB (DB)" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Data aplikací\Installations\{A8C3710A-0BCA-4F10-9EC3-A302A1F1FA82}\Nokia_PC_Suite_rel_7_0_8_2_slk.exe infected by "THREAT_TYPE_ARCHBOMB (DB)" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0YB69221\f119[1].exe infected by "Trojan.Crypt.DF (DB)" Virus! Action Taken: No Action Taken.
File C:\Program Files\Alcohol Soft\Alcohol 120\patch_3105.exe infected by "Trojan.Generic.1318678 (DB)" Virus! Action Taken: No Action Taken.
File C:\Program Files\HP\Memories Disc\skins\HewlettPackard_0002\skingen\MEMDISC\PROVIDED\RETAILPF\SETUP.EXE infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\system32\adsndss.dll infected by "Backdoor.Generic.127179 (DB)" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\system32\digiwet.dll infected by "Backdoor.Zdoogu.H (DB)" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\Temp\9CCE04CD.exe infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken.
File D:\LUBO\!LUBO!\F\skola\pasc\SINS.EXE infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken.
File D:\Skola\pasc\SINS.EXE infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken.
File D:\Skola\PSE\pasc\SINS.EXE infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken.
File D:\AUTORUN.INF infected by "Fujack" Virus! Action Taken: No Action Taken.
Nahoru
Reklama
Top
Uživatelský avatar
fredik
člen Security týmu
Master Level 7
Master Level 7
Příspěvky: 4680
Registrován: červenec 06
Pohlaví: Muž
Stav:
Offline

Re: prosim o kontrolu logu mwav

Příspěvekod fredik » 26 kvě 2009 08:00

Vítej na fóru

Stáhni si a spusť DDS (by sUBs) a ulož si ho na plochu.
- spusť ho, objeví se ti okno a tak do něho neklikej a počkej až program proběhne
- po ukončení své činnosti program vytvoří 2 logy a vyhodí ti informativní okno. To zavři přes OK
- vlož sem pak celý obsah logu z DDS (DDS.txt)
It may take a while to get a response, because the "HJT Team" are very busy. Please, be patient, these people are volunteers. They will help you out, as soon as possible.
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Nahoru
lc_lubko
nováček
Příspěvky: 23
Registrován: květen 09
Pohlaví: Muž
Stav:
Offline

Re: prosim o kontrolu logu mwav

Příspěvekod lc_lubko » 26 kvě 2009 08:39

po novom preskenovani awastom a odstraneni par virov sa uz malware doctor nespusta, task manager stale neide spustit...


DDS (Ver_09-05-14.01) - NTFSx86
Run by Lubo at 9:07:12,01 on ut 26. 05. 2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_13
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.1919.1554 [GMT 2:00]

AV: avast! antivirus 4.8.1335 [VPS 090517-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
svchost.exe "C:\WINDOWS\system32\ansin.exe"
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Lubo\Plocha\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.icq.com/search/afe_result ... ank&tb_id=%toolbar_id&tb_ver=2.3&lng=1085&ch_id=afe
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: H - No File
BHO: Podpora odkazu pro Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Malware Doctor] c:\documents and settings\localservice\data aplikací\916653139.exe
mRun: [HControl] c:\windows\atk0100\HControl.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [DXDllRegExe] dxdllreg.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Malware Doctor] c:\documents and settings\localservice\data aplikací\916653139.exe
mRunOnce: [NSSInstallation] c:\windows\system32\adobe\shockwave 11\nssstub.exe /RunOnce
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uPolicies-system: DisableTaskMgr = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6\ICQ.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windows ... 4630203265
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://icq.oberon-media.com/Gameshell/G ... meHost.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/sh ... wflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digiwet.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\lubo\dataap~1\mozilla\firefox\profiles\qxqowmtu.default\
FF - plugin: c:\program files\google\google earth plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.XMLHttpRequest.channel", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.SOAPEncoding.schemaCollection", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.XMLHttpRequest.channel", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("security.checkloaduri", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("bidi.characterset", 1);
c:\program files\mozilla firefox\defaults\pref\channel-prefs.js - pref("app.update.channel", "release");
c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");

============= SERVICES / DRIVERS ===============

R1 54104dc6;54104dc6;c:\windows\system32\drivers\54104dc6.sys [2009-5-17 117214]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-6-29 114768]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\program files\cyberlink\powerdvd\000.fcl [2006-11-2 13560]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-6-29 20560]
R3 ASNDIS5;ASNDIS5 Protocol Driver;c:\windows\system32\ASNDIS5.sys [2008-6-28 16269]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2004-8-3 69120]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-6-29 138680]
S2 gupdate1c9375466ddfe98;Google Update Service (gupdate1c9375466ddfe98);c:\program files\google\update\GoogleUpdate.exe [2008-10-26 133104]
S2 WZCSVCnapagent;Automatická konfigurace bezdrátových zařízení WZCSVCnapagent;c:\windows\system32\ansin.exe srv --> c:\windows\system32\ansin.exe srv [?]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-6-29 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-6-29 352920]

=============== Created Last 30 ================

2009-05-26 07:44 390,144 a------- c:\windows\system32\CF29646.exe
2009-05-26 07:44 <DIR> --ds---- C:\ComboFix
2009-05-26 07:38 161,792 a------- c:\windows\SWREG.exe
2009-05-26 07:38 154,624 a------- c:\windows\PEV.exe
2009-05-26 07:38 98,816 a------- c:\windows\sed.exe
2009-05-26 07:37 390,144 a------- c:\windows\system32\CF28539.exe
2009-05-26 03:37 0 a------- C:\23990098.$$$
2009-05-26 01:48 22 a------- c:\windows\REGBK00.ZIP
2009-05-26 01:41 <DIR> a-d----- c:\windows\system32\runouce.exe
2009-05-26 01:38 54 a------- c:\windows\Lic.xxx
2009-05-26 01:37 626,688 a------- c:\windows\system32\msvcr80.dll
2009-05-26 01:37 548,864 a------- c:\windows\system32\msvcp80.dll
2009-05-26 01:37 28,672 a------- c:\windows\system32\eEmpty.exe
2009-05-26 01:37 522 a------- c:\windows\system32\Microsoft.VC80.CRT.manifest
2009-05-26 01:37 147,968 a------- c:\windows\REGEDIT.COM
2009-05-26 01:37 147,968 a------- c:\windows\R.COM
2009-05-26 01:37 137,216 a------- c:\windows\system32\TASKMGR.COM
2009-05-26 01:37 137,216 a------- c:\windows\system32\T.COM
2009-05-26 01:37 <DIR> --d----- c:\program files\common files\MicroWorld
2009-05-26 01:37 <DIR> --d----- c:\docume~1\alluse~1\dataap~1\MicroWorld
2009-05-26 00:47 <DIR> --d----- c:\program files\CCleaner
2009-05-26 00:23 <DIR> --d----- c:\program files\Trend Micro
2009-05-25 17:57 708 a------- c:\windows\system32\sft.res
2009-05-25 17:00 95,936 a------- c:\windows\system32\drivers\e1908bef.sys
2009-05-21 10:02 <DIR> --d----- c:\program files\Combined Community Codec Pack
2009-05-17 16:25 100 a--s---- c:\windows\system32\808300969.dat
2009-05-17 16:25 117,214 a------- c:\windows\system32\drivers\54104dc6.sys
2009-05-17 16:25 50,176 ---shr-- c:\windows\system32\ansin.exe
2009-05-17 16:25 20,480 a------- c:\windows\system32\digiwet.dll
2009-05-14 11:59 1,066 a------- c:\windows\ARCHPR.INI
2009-05-14 11:59 <DIR> --d----- c:\program files\ElcomSoft
2009-05-05 19:44 <DIR> --d----- C:\TP
2009-05-03 23:20 <DIR> --d----- c:\program files\common files\PCSuite
2009-05-03 23:20 <DIR> --d----- c:\program files\common files\Nokia
2009-05-03 23:19 <DIR> --d----- c:\program files\PC Connectivity Solution
2009-05-03 23:19 7,808 a------- c:\windows\system32\drivers\usbser_lowerfltj.sys
2009-05-03 23:19 7,808 a------- c:\windows\system32\drivers\usbser_lowerflt.sys
2009-05-03 23:19 22,016 a------- c:\windows\system32\drivers\ccdcmbo.sys
2009-05-03 23:19 1,112,288 a------- c:\windows\system32\wdfcoinstaller01007.dll
2009-05-03 23:19 659,968 a------- c:\windows\system32\nmwcdcocls.dll
2009-05-03 23:19 17,664 a------- c:\windows\system32\drivers\ccdcmb.sys
2009-05-03 11:59 <DIR> --d----- c:\documents and settings\lubo\workspace
2009-05-02 17:57 8,192 a--sh--- c:\windows\Thumbs.db

==================== Find3M ====================

2009-05-21 09:17 737,280 ac------ c:\windows\iun6002.exe
2009-04-20 12:58 26,112 a----r-- c:\windows\LgUninst.exe
2009-03-31 17:27 436,108 a------- c:\windows\system32\perfh005.dat
2009-03-31 17:27 82,198 a------- c:\windows\system32\perfc005.dat
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll

============= FINISH: 9:07:21,67 ===============
Naposledy upravil(a) lc_lubko dne 26 kvě 2009 09:14, celkem upraveno 1 x.
Nahoru
lc_lubko
nováček
Příspěvky: 23
Registrován: květen 09
Pohlaví: Muž
Stav:
Offline

Re: prosim o kontrolu logu mwav

Příspěvekod lc_lubko » 26 kvě 2009 08:40

a dakujem za mile privitanie :)
Nahoru
Uživatelský avatar
fredik
člen Security týmu
Master Level 7
Master Level 7
Příspěvky: 4680
Registrován: červenec 06
Pohlaví: Muž
Stav:
Offline

Re: prosim o kontrolu logu mwav

Příspěvekod fredik » 26 kvě 2009 11:37

Sice už jsi CF použil, ale stáhni si ho znovu a pokračuj podle následujícíh kroků.

Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna, vypni rezidentní ochranu u antiviru/antispyware a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Pokud budeš vyzván k nainstalování Konzole pro zotavení tak zvol Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
- Pak si rezidentní ochranu zapni zpět
It may take a while to get a response, because the "HJT Team" are very busy. Please, be patient, these people are volunteers. They will help you out, as soon as possible.
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Nahoru
lc_lubko
nováček
Příspěvky: 23
Registrován: květen 09
Pohlaví: Muž
Stav:
Offline

Re: prosim o kontrolu logu mwav

Příspěvekod lc_lubko » 26 kvě 2009 22:37

musel som odinstalovat avast nedokazal som ho bloknut, po rcombofixe a restarte kompu uz ide taskmngr :)

ComboFix 09-05-25.05 - Lubo . 05. 2009 21:55.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.1919.1574 [GMT 2:00]
Running from: c:\documents and settings\Lubo\Plocha\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\regedit.com
c:\windows\system32\ansin.exe
c:\windows\system32\digiwet.dll
c:\windows\system32\drivers\e1908bef.sys
c:\windows\system32\Ijl11.dll
c:\windows\system32\sft.res
c:\windows\system32\skinboxer43.dll
c:\windows\system32\taskmgr.com

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_avast!antivirus
-------\Legacy_wzcsvcnapagent
-------\Service_e1908bef
-------\Service_WZCSVCnapagent


((((((((((((((((((((((((( Files Created from 2009-04-26 to 2009-05-26 )))))))))))))))))))))))))))))))
.

2009-05-26 08:41 . 2009-05-26 08:41 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-05-26 08:41 . 2009-05-26 08:41 -------- d-----w c:\program files\Norton Security Scan
2009-05-25 23:48 . 2009-05-25 23:48 22 ----a-w c:\windows\REGBK00.ZIP
2009-05-25 23:41 . 2009-05-25 23:41 -------- d---a-w c:\windows\system32\runouce.exe
2009-05-25 23:37 . 2009-05-25 23:37 626688 ----a-w c:\windows\system32\msvcr80.dll
2009-05-25 23:37 . 2009-05-25 23:37 548864 ----a-w c:\windows\system32\msvcp80.dll
2009-05-25 23:37 . 2009-05-25 23:37 28672 ----a-w c:\windows\system32\eEmpty.exe
2009-05-25 23:37 . 2008-04-14 03:22 137216 ----a-w c:\windows\system32\T.COM
2009-05-25 23:37 . 2008-04-14 03:22 147968 ----a-w c:\windows\R.COM
2009-05-25 23:37 . 2009-05-25 23:37 -------- d-----w c:\program files\Common Files\MicroWorld
2009-05-25 22:47 . 2009-05-25 22:47 -------- d-----w c:\program files\CCleaner
2009-05-25 22:23 . 2009-05-25 22:23 -------- d-----w c:\program files\Trend Micro
2009-05-21 08:02 . 2009-05-21 08:02 -------- d-----w c:\program files\Combined Community Codec Pack
2009-05-18 18:48 . 2009-05-18 18:48 -------- d-----w c:\documents and settings\LocalService\Plocha
2009-05-17 14:25 . 2009-05-26 05:40 100 --s-a-w c:\windows\system32\808300969.dat
2009-05-17 14:25 . 2009-05-22 16:33 117214 ----a-w c:\windows\system32\drivers\54104dc6.sys
2009-05-16 23:23 . 2009-05-16 23:23 -------- d-----w c:\program files\QuickTime
2009-05-14 09:59 . 2009-05-17 10:32 -------- d-----w c:\program files\ElcomSoft
2009-05-05 17:44 . 2009-05-05 17:44 -------- d-----w C:\TP
2009-05-03 21:20 . 2009-05-03 21:20 -------- d-----w c:\program files\Common Files\PCSuite
2009-05-03 21:20 . 2009-05-03 21:20 -------- d-----w c:\program files\Common Files\Nokia
2009-05-03 21:19 . 2009-05-03 21:19 -------- d-----w c:\program files\PC Connectivity Solution
2009-05-03 21:19 . 2009-02-09 05:37 7808 ----a-w c:\windows\system32\drivers\usbser_lowerfltj.sys
2009-05-03 21:19 . 2009-02-09 05:37 7808 ----a-w c:\windows\system32\drivers\usbser_lowerflt.sys
2009-05-03 21:19 . 2009-02-09 05:37 22016 ----a-w c:\windows\system32\drivers\ccdcmbo.sys
2009-05-03 21:19 . 2009-02-09 05:37 659968 ----a-w c:\windows\system32\nmwcdcocls.dll
2009-05-03 21:19 . 2009-02-09 05:37 17664 ----a-w c:\windows\system32\drivers\ccdcmb.sys
2009-05-03 21:19 . 2009-02-09 05:32 1112288 ----a-w c:\windows\system32\wdfcoinstaller01007.dll
2009-05-03 09:59 . 2009-05-03 09:59 -------- d-----w c:\documents and settings\Lubo\workspace

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-25 14:59 . 2008-08-27 16:29 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-22 16:05 . 2008-10-08 20:47 -------- d-----w c:\program files\Lavasoft
2009-05-21 08:01 . 2008-06-28 06:31 -------- d-----w c:\program files\Codec Pack - All In 1
2009-05-21 07:17 . 2008-06-28 06:31 737280 -c--a-w c:\windows\iun6002.exe
2009-05-18 07:11 . 2008-12-14 19:16 -------- d-----w c:\program files\Opera
2009-05-03 21:20 . 2008-11-06 20:55 -------- d-----w c:\program files\Nokia
2009-05-02 15:57 . 2008-10-24 01:00 -------- d-----w c:\program files\Windows Media Connect 2
2009-05-02 15:57 . 2009-04-20 11:22 -------- d-----w c:\program files\Translator
2009-05-02 15:57 . 2009-01-07 17:39 -------- d-----w c:\program files\Text2PDF v1.5
2009-05-02 15:57 . 2008-06-30 21:22 -------- d-----w c:\program files\ICQToolbar
2009-05-02 15:57 . 2008-06-28 06:32 -------- d-----w c:\program files\IntrakDC
2009-04-29 07:55 . 2008-06-30 21:19 -------- d-----w c:\program files\ICQ6
2009-04-26 22:02 . 2008-12-09 20:37 -------- d-----w c:\program files\QIP Infium
2009-04-20 10:58 . 2009-04-20 10:58 26112 ----a-r c:\windows\LgUninst.exe
2009-04-20 10:57 . 2009-04-20 10:57 -------- d-----w c:\program files\Lingea
2009-04-13 19:49 . 2008-07-11 17:23 -------- d-----w c:\program files\DC++
2009-04-04 08:03 . 2008-10-26 10:19 -------- d-----w c:\program files\Google
2009-03-31 15:27 . 2008-06-28 21:26 -------- d-----w c:\program files\Java
2009-03-31 15:27 . 2001-10-25 14:00 82198 ----a-w c:\windows\system32\perfc005.dat
2009-03-31 15:27 . 2001-10-25 14:00 436108 ----a-w c:\windows\system32\perfh005.dat
2009-03-09 03:19 . 2008-12-01 22:38 410984 ----a-w c:\windows\system32\deploytk.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-02-23 106496]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-31 344064]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-05-11 708697]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Lubo^Nabídka Start^Programy^Po spuštění^DesktopVideoPlayer.LNK]
path=c:\documents and settings\Lubo\Nabídka Start\Programy\Po spuštění\DesktopVideoPlayer.LNK
backup=c:\windows\pss\DesktopVideoPlayer.LNKStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"aawservice"=2 (0x2)
"SharedAccess"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"aswUpdSv"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\IntrakDC\\IntrakDC.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Documents and Settings\\Lubo\\Plocha\\bulanci.exe"=
"c:\\Program Files\\QIP Infium\\infium.exe"=
"c:\\Documents and Settings\\Lubo\\Plocha\\eclipse\\eclipse.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Skola\\Siete\\Siete\\siete\\server pista\\Project1.exe"=
"c:\\Program Files\\Opera\\opera.exe"=

R1 54104dc6;54104dc6;c:\windows\system32\drivers\54104dc6.sys [17.5.2009 16:25 117214]
R3 ASNDIS5;ASNDIS5 Protocol Driver;c:\windows\system32\ASNDIS5.sys [28.6.2008 8:08 16269]
S2 gupdate1c9375466ddfe98;Google Update Service (gupdate1c9375466ddfe98);c:\program files\Google\Update\GoogleUpdate.exe [26.10.2008 12:19 133104]
.
Contents of the 'Scheduled Tasks' folder

2009-05-26 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-10-26 10:51]

2009-05-26 c:\windows\Tasks\Norton Security Scan for Lubo.job
- c:\program files\Norton Security Scan\Nss.exe [2009-03-13 03:53]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-DXDllRegExe - dxdllreg.exe
SafeBoot-procexp90.sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.icq.com/search/afe_result ... ank&tb_id=%toolbar_id&tb_ver=2.3&lng=1085&ch_id=afe
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Lubo\Data aplikací\Mozilla\Firefox\Profiles\qxqowmtu.default\
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-26 21:59
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(564)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1212)
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_slk.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\ati2evxx.exe
c:\windows\ATK0100\ATKOSD.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-05-26 22:04 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-26 20:04

Pre-Run: 4 135 133 184
Post-Run: 4 240 089 088

206
Nahoru
lc_lubko
nováček
Příspěvky: 23
Registrován: květen 09
Pohlaví: Muž
Stav:
Offline

Re: prosim o kontrolu logu mwav

Příspěvekod lc_lubko » 27 kvě 2009 09:21

je to uz ok alebo este nieco treba spravit?
Nahoru
lc_lubko
nováček
Příspěvky: 23
Registrován: květen 09
Pohlaví: Muž
Stav:
Offline

Re: prosim o kontrolu logu mwav

Příspěvekod lc_lubko » 27 kvě 2009 14:51

este pripajam log z HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:43:53, on 27. 5. 2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.icq.com/search/afe_result ... ank&tb_id=%toolbar_id&tb_ver=2.3&lng=1085&ch_id=afe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 4630203265
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Služba inteligentního přenosu na pozadí (BITS) (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Google Update Service (gupdate1c9375466ddfe98) (gupdate1c9375466ddfe98) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Automatické aktualizace (wuauserv) - Unknown owner - C:\WINDOWS\
Nahoru
Uživatelský avatar
fredik
člen Security týmu
Master Level 7
Master Level 7
Příspěvky: 4680
Registrován: červenec 06
Pohlaví: Muž
Stav:
Offline

Re: prosim o kontrolu logu mwav

Příspěvekod fredik » 27 kvě 2009 22:09

Ten Avast jsi nemusel odinstalovat, mohlo jsi dát vědět a dalo se s tím něco udělat.

Proč jsi nepovolil instalaci recovery konzole při spuštění ComboFixu?

Některé služby sis vypnul sám úmyslně přes msconfig jako od Ad-aware, Avasta, ...?

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Před samotným spuštěním CF, by bylo dobré se ještě fyzicky odpojit od internetu (stačí i vypnout modem):

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

Driver::
54104dc6

Collect::
c:\windows\system32\drivers\54104dc6.sys

File::
c:\windows\system32\808300969.dat

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna a vypni opět po dobu běhu ComboFixu rezidentní ochranu.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť
Obrázek
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu, pak si zapni internet zpět.

Na disku C se ti vytvoří adresář/složka pojmenovaná Qoobox a v ní bude další adresář Quarantine a v ní najdeš archiv v podobném tvaru [4]-Submit_2009-05-27_13.34.24.zip kde čísla znamenají aktuální datum a čas vytvoření souboru. Pošli mi ho jako přílohu přes SZ. Dík.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Jdi přes Start -> Spustit... a napiš/zkopíruj do okna tento příkaz označený modře
cmd /c Find /i /n "Adobe " "%systemdrive%\Qoobox\Add-Remove Programs.txt">>Alog.txt&Alog.txt&del Alog.txt
a dej Ok.
Vlož sem pak obsah souboru, který se ti zobrazí.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Vlož sem pak oba logy + info k otázkám nahoře.
It may take a while to get a response, because the "HJT Team" are very busy. Please, be patient, these people are volunteers. They will help you out, as soon as possible.
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Nahoru
lc_lubko
nováček
Příspěvky: 23
Registrován: květen 09
Pohlaví: Muž
Stav:
Offline

Re: prosim o kontrolu logu mwav

Příspěvekod lc_lubko » 27 kvě 2009 23:09

1 bol to trial profi verzia tak ci tak ju trebalo vymenit za home...

2 neviem preco som nepovolil to recovery ani som nevedel ze som to nepovolil... :)

3 ano niektore som vypol sam v msconfig chcel som zastavit rez ochranu lebo lebo mi stale vypisovalo ze je zapnuta tak som povypinal vsetko co som si mylel ze by s tym mohlo mat nieco spolocne...

tu je log z CF...

ComboFix 09-05-25.05 - Lubo . 05. 2009 22:47.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.1919.1490 [GMT 2:00]
Running from: c:\documents and settings\Lubo\Plocha\ComboFix.exe
Command switches used :: c:\documents and settings\Lubo\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090526-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
c:\windows\system32\808300969.dat

file zipped: c:\windows\system32\drivers\54104dc6.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\808300969.dat
c:\windows\system32\drivers\54104dc6.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_54104DC6
-------\Service_54104dc6


((((((((((((((((((((((((( Files Created from 2009-04-27 to 2009-05-27 )))))))))))))))))))))))))))))))
.

2009-05-27 14:12 . 2009-02-05 20:06 23152 ----a-w c:\windows\system32\drivers\aswRdr.sys
2009-05-27 14:12 . 2009-02-05 20:06 51376 ----a-w c:\windows\system32\drivers\aswTdi.sys
2009-05-27 14:12 . 2009-02-05 20:05 26944 ----a-w c:\windows\system32\drivers\aavmker4.sys
2009-05-27 14:12 . 2009-02-05 20:04 97480 ----a-w c:\windows\system32\AvastSS.scr
2009-05-27 14:12 . 2009-02-05 20:08 93296 ----a-w c:\windows\system32\drivers\aswmon.sys
2009-05-27 14:12 . 2009-02-05 20:08 94032 ----a-w c:\windows\system32\drivers\aswmon2.sys
2009-05-27 14:12 . 2009-02-05 20:07 114768 ----a-w c:\windows\system32\drivers\aswSP.sys
2009-05-27 14:12 . 2009-02-05 20:07 20560 ----a-w c:\windows\system32\drivers\aswFsBlk.sys
2009-05-27 14:11 . 2009-02-05 20:11 1256296 ----a-w c:\windows\system32\aswBoot.exe
2009-05-25 23:48 . 2009-05-25 23:48 22 ----a-w c:\windows\REGBK00.ZIP
2009-05-25 23:41 . 2009-05-25 23:41 -------- d---a-w c:\windows\system32\runouce.exe
2009-05-25 23:37 . 2009-05-25 23:37 626688 ----a-w c:\windows\system32\msvcr80.dll
2009-05-25 23:37 . 2009-05-25 23:37 548864 ----a-w c:\windows\system32\msvcp80.dll
2009-05-25 23:37 . 2009-05-25 23:37 28672 ----a-w c:\windows\system32\eEmpty.exe
2009-05-25 23:37 . 2008-04-14 03:22 137216 ----a-w c:\windows\system32\T.COM
2009-05-25 23:37 . 2008-04-14 03:22 147968 ----a-w c:\windows\R.COM
2009-05-25 23:37 . 2009-05-25 23:37 -------- d-----w c:\program files\Common Files\MicroWorld
2009-05-25 22:47 . 2009-05-25 22:47 -------- d-----w c:\program files\CCleaner
2009-05-25 22:23 . 2009-05-25 22:23 -------- d-----w c:\program files\Trend Micro
2009-05-21 08:02 . 2009-05-21 08:02 -------- d-----w c:\program files\Combined Community Codec Pack
2009-05-18 18:48 . 2009-05-18 18:48 -------- d-----w c:\documents and settings\LocalService\Plocha
2009-05-16 23:23 . 2009-05-16 23:23 -------- d-----w c:\program files\QuickTime
2009-05-14 09:59 . 2009-05-17 10:32 -------- d-----w c:\program files\ElcomSoft
2009-05-05 17:44 . 2009-05-05 17:44 -------- d-----w C:\TP
2009-05-03 21:20 . 2009-05-03 21:20 -------- d-----w c:\program files\Common Files\PCSuite
2009-05-03 21:20 . 2009-05-03 21:20 -------- d-----w c:\program files\Common Files\Nokia
2009-05-03 21:19 . 2009-05-03 21:19 -------- d-----w c:\program files\PC Connectivity Solution
2009-05-03 21:19 . 2009-02-09 05:37 7808 ----a-w c:\windows\system32\drivers\usbser_lowerfltj.sys
2009-05-03 21:19 . 2009-02-09 05:37 7808 ----a-w c:\windows\system32\drivers\usbser_lowerflt.sys
2009-05-03 21:19 . 2009-02-09 05:37 22016 ----a-w c:\windows\system32\drivers\ccdcmbo.sys
2009-05-03 21:19 . 2009-02-09 05:37 659968 ----a-w c:\windows\system32\nmwcdcocls.dll
2009-05-03 21:19 . 2009-02-09 05:37 17664 ----a-w c:\windows\system32\drivers\ccdcmb.sys
2009-05-03 21:19 . 2009-02-09 05:32 1112288 ----a-w c:\windows\system32\wdfcoinstaller01007.dll
2009-05-03 09:59 . 2009-05-03 09:59 -------- d-----w c:\documents and settings\Lubo\workspace

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-25 14:59 . 2008-08-27 16:29 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-22 16:05 . 2008-10-08 20:47 -------- d-----w c:\program files\Lavasoft
2009-05-21 08:01 . 2008-06-28 06:31 -------- d-----w c:\program files\Codec Pack - All In 1
2009-05-21 07:17 . 2008-06-28 06:31 737280 -c--a-w c:\windows\iun6002.exe
2009-05-18 07:11 . 2008-12-14 19:16 -------- d-----w c:\program files\Opera
2009-05-03 21:20 . 2008-11-06 20:55 -------- d-----w c:\program files\Nokia
2009-05-02 15:57 . 2008-10-24 01:00 -------- d-----w c:\program files\Windows Media Connect 2
2009-05-02 15:57 . 2009-04-20 11:22 -------- d-----w c:\program files\Translator
2009-05-02 15:57 . 2009-01-07 17:39 -------- d-----w c:\program files\Text2PDF v1.5
2009-05-02 15:57 . 2008-06-30 21:22 -------- d-----w c:\program files\ICQToolbar
2009-05-02 15:57 . 2008-06-28 06:32 -------- d-----w c:\program files\IntrakDC
2009-04-29 07:55 . 2008-06-30 21:19 -------- d-----w c:\program files\ICQ6
2009-04-26 22:02 . 2008-12-09 20:37 -------- d-----w c:\program files\QIP Infium
2009-04-20 10:58 . 2009-04-20 10:58 26112 ----a-r c:\windows\LgUninst.exe
2009-04-20 10:57 . 2009-04-20 10:57 -------- d-----w c:\program files\Lingea
2009-04-13 19:49 . 2008-07-11 17:23 -------- d-----w c:\program files\DC++
2009-04-04 08:03 . 2008-10-26 10:19 -------- d-----w c:\program files\Google
2009-03-31 15:27 . 2008-06-28 21:26 -------- d-----w c:\program files\Java
2009-03-31 15:27 . 2001-10-25 14:00 82198 ----a-w c:\windows\system32\perfc005.dat
2009-03-31 15:27 . 2001-10-25 14:00 436108 ----a-w c:\windows\system32\perfh005.dat
2009-03-09 03:19 . 2008-12-01 22:38 410984 ----a-w c:\windows\system32\deploytk.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-05-26_20.01.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-27 14:16 . 2009-05-27 14:16 16384 c:\windows\Temp\Perflib_Perfdata_6b4.dat
+ 2009-05-27 20:51 . 2009-05-27 20:51 16384 c:\windows\Temp\Perflib_Perfdata_528.dat
+ 2009-05-27 20:51 . 2009-05-27 20:51 16384 c:\windows\Temp\Perflib_Perfdata_334.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-02-23 106496]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-31 344064]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-05-11 708697]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Lubo^Nabídka Start^Programy^Po spuštění^DesktopVideoPlayer.LNK]
path=c:\documents and settings\Lubo\Nabídka Start\Programy\Po spuštění\DesktopVideoPlayer.LNK
backup=c:\windows\pss\DesktopVideoPlayer.LNKStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"aawservice"=2 (0x2)
"SharedAccess"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"aswUpdSv"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\IntrakDC\\IntrakDC.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Documents and Settings\\Lubo\\Plocha\\bulanci.exe"=
"c:\\Program Files\\QIP Infium\\infium.exe"=
"c:\\Documents and Settings\\Lubo\\Plocha\\eclipse\\eclipse.exe"=
"d:\\Skola\\Siete\\Siete\\siete\\server pista\\Project1.exe"=
"c:\\Program Files\\Opera\\opera.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [27.5.2009 16:12 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [27.5.2009 16:12 20560]
R3 ASNDIS5;ASNDIS5 Protocol Driver;c:\windows\system32\ASNDIS5.sys [28.6.2008 8:08 16269]
S2 gupdate1c9375466ddfe98;Google Update Service (gupdate1c9375466ddfe98);c:\program files\Google\Update\GoogleUpdate.exe [26.10.2008 12:19 133104]
.
Contents of the 'Scheduled Tasks' folder

2009-05-27 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-10-26 10:51]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.icq.com/search/afe_result ... ank&tb_id=%toolbar_id&tb_ver=2.3&lng=1085&ch_id=afe
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Lubo\Data aplikací\Mozilla\Firefox\Profiles\qxqowmtu.default\
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-27 22:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(568)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2440)
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_slk.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
c:\windows\ATK0100\ATKOSD.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Completion time: 2009-05-27 22:58 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-27 20:58
ComboFix2.txt 2009-05-26 20:04

Pre-Run: 3 999 916 032
Post-Run: 4 041 662 464

210
Nahoru
lc_lubko
nováček
Příspěvky: 23
Registrován: květen 09
Pohlaví: Muž
Stav:
Offline

Re: prosim o kontrolu logu mwav

Příspěvekod lc_lubko » 27 kvě 2009 23:18

---------- C:\QOOBOX\ADD-REMOVE PROGRAMS.TXT
[7]Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
[8]Adobe Flash Player 10 ActiveX
[9]Adobe Flash Player 10 Plugin
[10]Adobe Photoshop 7.0
[11]Adobe Photoshop 7.0 CE
[12]Adobe Reader 8 - Czech
[13]Adobe Reader 8.1.2 Security Update 1 (KB403742)
[14]Adobe Shockwave Player 11
Nahoru
Uživatelský avatar
fredik
člen Security týmu
Master Level 7
Master Level 7
Příspěvky: 4680
Registrován: červenec 06
Pohlaví: Muž
Stav:
Offline

Re: prosim o kontrolu logu mwav

Příspěvekod fredik » 28 kvě 2009 11:50

Ještě sem dej log z HJT.
It may take a while to get a response, because the "HJT Team" are very busy. Please, be patient, these people are volunteers. They will help you out, as soon as possible.
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Nahoru
Odpovědět

Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: DotNetDotCom.org [Bot] a 78 hostů