Prosím o kontrolu logu

[Erricco]

Ahoj,potreboval by som skontrolovať tento log,je to z PC v práci a už asi tyžden ide hrozne pomalo.Bol na nom Virtumonde a neviem či sa mi ho podarilo odstraniť.
Dakujem.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:40:10, on 10/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\StormWare\PohodaSK\Pohoda.exe
C:\Program Files\StormWare\PohodaSK\StwPh.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\dapbho.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: (no name) - {11ECC821-9ED4-4965-BC42-25DFE0FBFDB3} - (no file)
O2 - BHO: (no name) - {3F5E9987-FD12-408E-3612-018845CDF059} - C:\Program Files\Qcvqncxm\dxnjkvam.dll
O2 - BHO: (no name) - {534A3E28-2B67-5797-55C6-08628A7497AD} - C:\Program Files\Cpvdeduu\jevfzkvg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ctcxytcn] rundll32.exe "C:\Program Files\netsfchi\pmbonmfo.dll",Init
O4 - HKLM\..\Run: [mbsfexgh] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\mbsfexgh.dll"
O4 - HKLM\..\Run: [Microsoft Setup Initialization] Microsoft Setup Initialization
O4 - HKLM\..\Run: [System Updater Machine] system23.exe
O4 - HKLM\..\Run: [yjuhghup] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\yjuhghup.dll"
O4 - HKLM\..\RunServices: [Microsoft Setup Initialization] Microsoft Setup Initialization
O4 - HKLM\..\RunServices: [System Updater Machine] system23.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Microsoft Setup Initialization] Microsoft Setup Initialization
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: ,C:\WINDOWS\system32\rserver30\r3god.dll
O20 - Winlogon Notify: wintli32 - C:\WINDOWS\SYSTEM32\wintli32.dll
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

[Reklama]

[fredik]

Stáhni si SUPERAntiSpyware
Nainstaluj a spusť ho a klikni na tlačítko Check for Updates...
Po provedení Update klikni na tlačítko: Scan your computer
Zvol možnost: Perform Complete Scan a klikni na tlačítko Další >

Proběhne kontrola, po skončení vypíše vše co našel.
Ujisti se že všechny položko jsou zaškrtnuty a pak zvol tlačítko Další
Pak klikni na tlačítko Finish a měl by ses dostat na úvodní obrazovku.
Tam klikni na tlačítko: Preferences... a tam zvol záložku Statistics/Logs
Tam klikni na log s dnešním datem který tam bude a dej tlačítko: View Log...
Otevře se ti Okno s logem tak jeho obsah sem zkopíruj.

Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[Erricco]

Tak po urpútnom boji zasielam konečne obidva logy.


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/15/2007 at 04:20 PM

Application Version : 3.9.1008

Core Rules Database Version : 3324
Trace Rules Database Version: 1325

Scan type : Complete Scan
Total Scan Time : 01:17:54

Memory items scanned : 294
Memory threats detected : 5
Registry items scanned : 3340
Registry threats detected : 28
File items scanned : 24181
File threats detected : 161

Trojan.Mezzia/Resident
C:\WINDOWS\SYSTEM32\WINTLI32.DLL
C:\WINDOWS\SYSTEM32\WINTLI32.DLL

Trojan.Downloader-Gen/MobRules
C:\PROGRAM FILES\QCVQNCXM\DXNJKVAM.DLL
C:\PROGRAM FILES\QCVQNCXM\DXNJKVAM.DLL
C:\PROGRAM FILES\CPVDEDUU\JEVFZKVG.DLL
C:\PROGRAM FILES\CPVDEDUU\JEVFZKVG.DLL
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MBSFEXGH.DLL
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MBSFEXGH.DLL
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\YJUHGHUP.DLL
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\YJUHGHUP.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{534A3E28-2B67-5797-55C6-08628A7497AD}
HKCR\CLSID\{534A3E28-2B67-5797-55C6-08628A7497AD}
HKCR\CLSID\{534A3E28-2B67-5797-55C6-08628A7497AD}\InprocServer32
HKCR\CLSID\{534A3E28-2B67-5797-55C6-08628A7497AD}\InprocServer32#ThreadingModel
HKCR\CLSID\{534A3E28-2B67-5797-55C6-08628A7497AD}\InprocServer32#t

Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{3F5E9987-FD12-408E-3612-018845CDF059}
HKCR\CLSID\{3F5E9987-FD12-408E-3612-018845CDF059}
HKCR\CLSID\{3F5E9987-FD12-408E-3612-018845CDF059}\InprocServer32
HKCR\CLSID\{3F5E9987-FD12-408E-3612-018845CDF059}\InprocServer32#ThreadingModel
HKCR\CLSID\{3F5E9987-FD12-408E-3612-018845CDF059}\InprocServer32#t
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3F5E9987-FD12-408E-3612-018845CDF059}
HKCR\CLSID\{3F5E9987-FD12-408E-3612-018845CDF059}

Trojan.Downloader-Win/GHY
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\wintli32

Adware.Tracking Cookie
C:\Documents and Settings\mhl pp\Cookies\mhl pp@server.cpmstar[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@flixbanner.bearshare[2].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@ads.pointroll[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@smileycentral[2].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@ads.boardgamegeek[2].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@3d-sexgames[2].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@www.burstnet[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@ads.zdravie[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@ad.adtegrity[2].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@please[5].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@bs.serving-sys[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@zedo[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@fastclick[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@ad1.clickhype[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@67.15.239[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@ad.yieldmanager[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@cgi-bin[3].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@hmt.connexpromotions[2].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@a.websponsors[2].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@premiumtv.122.2o7[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@msnportal.112.2o7[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@adrenalinesk[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@cpvfeed[2].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@popularscreensavers[2].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@hitbox[2].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@showit[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@ads.markiza[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@ad.zanox[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@www.hentaisexsites[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@3d-adult-world[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@yoursexygames[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@please[4].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@adbrite[2].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@www.fishsexgames[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@spylog[2].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@image.masterstats[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@www.fishadultgames[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@hentaisexsites[2].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@pornbilly[2].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@advertising[2].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@please[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@fl01.ct2.comclick[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@ads.gamesbannernet[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@www.mysexgames[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@doubleclick[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@drivecleaner[2].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@ads.newgrounds[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@overture[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@ad[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@casalemedia[2].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@www.3d-sexgames[2].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@linksynergy[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@fishsexgames[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@www.bigsexgames[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@adx.centrum[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@ads.atlas-as[2].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@cz8.clickzs[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@statse.webtrendslive[2].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@sexyfuckgames[2].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@2.adbrite[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@2adultflashgames[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@as1.falkag[2].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@ehg-ifilm.hitbox[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@stat.onestat[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@ehg-fastweb.hitbox[2].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@toplist[2].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@cz4.clickzs[2].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@ad.creafi[2].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@ad.iconadserver[2].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@atdmt[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@statcounter[2].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@4.adbrite[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@clickaider[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@3.adbrite[2].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@serving-sys[2].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@adserving.cpxinteractive[2].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@tribalfusion[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@counter.hitslink[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@adultfriendfinder[2].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@metacafe.122.2o7[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@games[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@please[2].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@ads.addynamix[2].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@toplist[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@specificclick[2].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@fishadultgames[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@burstnet[2].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@cgi-bin[2].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@xiti[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@ads.atlas[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@ads.adbrite[2].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@ads.freeonlinegames[2].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@adtech[2].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@a[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@azjmp[1].txt

Trojan.Unknown Origin
HKLM\SOFTWARE\Microsoft\MSSMGR
HKLM\SOFTWARE\Microsoft\MSSMGR#Data
HKLM\SOFTWARE\Microsoft\MSSMGR#LSTV
HKLM\SOFTWARE\Microsoft\MSSMGR#Brnd
HKLM\SOFTWARE\Microsoft\MSSMGR#MSLIST
HKLM\SOFTWARE\Microsoft\MSSMGR#PID
HKLM\SOFTWARE\Microsoft\MSSMGR#Rid
HKLM\SOFTWARE\Microsoft\MSSMGR#BSTV
HKLM\SOFTWARE\Microsoft\MSSMGR#SSTV
HKLM\SOFTWARE\Microsoft\MSSMGR#SCLIST
HKLM\SOFTWARE\Microsoft\MSSMGR#SSLIST
HKLM\SOFTWARE\Microsoft\MSSMGR#BPTV
HKLM\SOFTWARE\Microsoft\MSSMGR#LID
HKLM\SOFTWARE\Microsoft\MSSMGR#PSTV
HKLM\SOFTWARE\Microsoft\MSSMGR#OCCUR
C:\WINDOWS\TEMP\WIN9A2F.TMP.EXE

Malware.Ultimate Defender
C:\Program Files\Ultimate Defender
C:\WINDOWS\SYSTEM32\WDQPOKTI\WDQPOKTI1.EXE
C:\WINDOWS\SYSTEM32\WDQPOKTI\WDQPOKTI2.EXE
C:\WINDOWS\SYSTEM32\WDQPOKTI\WDQPOKTI3.EXE

BearShare File Sharing Client
C:\PROGRAM FILES\BEARSHARE\BEARSHARE.EXE

Trojan.Downloader-Gen/HitItQuitIt
C:\WINDOWS\SYSTEM32\IIFFCYY.DLL
C:\WINDOWS\SYSTEM32\MLJKLKJ.DLL
C:\WINDOWS\SYSTEM32\YAYWXUS.DLL

Trojan.Downloader-FakeRX
C:\WINDOWS\SYSTEM32\OEMBIOS32.DLL

Trace.Known Threat Sources
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\HGB6YNYX\text[1].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\WG7LT1OL\text[4].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\HGB6YNYX\text[2].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\WG7LT1OL\text[2].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\WG7LT1OL\text[3].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\HGB6YNYX\text[3].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\2MKIVQJZ\text[2].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\WG7LT1OL\text[7].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\WG7LT1OL\text[6].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\HGB6YNYX\text[4].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\WG7LT1OL\text[5].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\SXAFGHY3\get_lic_new[1].htm
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\SPA1GXQP\get_lic_new[2].htm
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\WBXZUI7X\xcd23[1].exe
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\SPA1GXQP\text[1].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\SPA1GXQP\get_lic_new[1].htm
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\UR05KFCD\text[1].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\2MKIVQJZ\text[4].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\SXAFGHY3\text[1].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\SXAFGHY3\text[2].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\ATEBUJ4P\text[3].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\UR05KFCD\text[3].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\7E8NJ9O5\text[2].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\UR05KFCD\text[4].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\UR05KFCD\text[5].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\7E8NJ9O5\text[3].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\6HHUZ21C\text[2].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\SXAFGHY3\text[5].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\7E8NJ9O5\text[4].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\5BVZ9LGE\text[7].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\SXAFGHY3\text[3].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\5BVZ9LGE\antzom[1].exe
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\5BVZ9LGE\text[2].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\SXAFGHY3\text[6].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\5BVZ9LGE\text[1].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\6HHUZ21C\text[1].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\7E8NJ9O5\text[5].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\ATEBUJ4P\text[5].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\6HHUZ21C\text[6].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\WBXZUI7X\text[6].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\6HHUZ21C\text[4].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\7E8NJ9O5\text[6].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\SPA1GXQP\text[4].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\6HHUZ21C\text[3].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\WBXZUI7X\text[1].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\WBXZUI7X\text[4].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\5BVZ9LGE\text[5].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\5BVZ9LGE\text[8].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\7E8NJ9O5\text[9].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\5BVZ9LGE\text[6].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\5BVZ9LGE\text[3].dat






ComboFix 07-10-14.5 - mhl pp 2007-10-15 16:26:52.1 - NTFSx86
Syst‚m Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.17 [GMT 2:00]
¬asově limit spracovania skriptu "C:\ComboFix\osid.vbs" bol prekroźeně.
Spracovanie skriptu sa ukonźilo.
Running from: c:\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data.\mbsfexgh.dll
C:\Documents and Settings\All Users\Application Data.\yjuhghup.dll
C:\Program Files\SecCenter
C:\WINDOWS\system32\drivers\bg_bg.gif
C:\WINDOWS\system32\drivers\blank.gif
C:\WINDOWS\system32\drivers\box_1.gif
C:\WINDOWS\system32\drivers\box_2.gif
C:\WINDOWS\system32\drivers\box_3.gif
C:\WINDOWS\system32\drivers\button_buynow.gif
C:\WINDOWS\system32\drivers\button_freescan.gif
C:\WINDOWS\system32\drivers\cell_bg.gif
C:\WINDOWS\system32\drivers\cell_footer.gif
C:\WINDOWS\system32\drivers\cell_header_block.gif
C:\WINDOWS\system32\drivers\cell_header_remove.gif
C:\WINDOWS\system32\drivers\cell_header_scan.gif
C:\WINDOWS\system32\drivers\close_ico.gif
C:\WINDOWS\system32\drivers\detect.htm
C:\WINDOWS\system32\drivers\download_box.gif
C:\WINDOWS\system32\drivers\download_btn.jpg
C:\WINDOWS\system32\drivers\download_now_btn.gif
C:\WINDOWS\system32\drivers\footer_back.jpg
C:\WINDOWS\system32\drivers\header_1.gif
C:\WINDOWS\system32\drivers\header_2.gif
C:\WINDOWS\system32\drivers\header_3.gif
C:\WINDOWS\system32\drivers\header_4.gif
C:\WINDOWS\system32\drivers\header_red_bg.gif
C:\WINDOWS\system32\drivers\header_red_free_scan.gif
C:\WINDOWS\system32\drivers\header_red_free_scan_bg.gif
C:\WINDOWS\system32\drivers\header_red_protect_your_pc.gif
C:\WINDOWS\system32\drivers\icon_warning_big.gif
C:\WINDOWS\system32\drivers\infected.gif
C:\WINDOWS\system32\drivers\main_back.gif
C:\WINDOWS\system32\drivers\perfect_cleaner_box.jpg
C:\WINDOWS\system32\drivers\product_1_header.gif
C:\WINDOWS\system32\drivers\product_1_name_small.gif
C:\WINDOWS\system32\drivers\product_2_header.gif
C:\WINDOWS\system32\drivers\product_2_name_small.gif
C:\WINDOWS\system32\drivers\product_3_header.gif
C:\WINDOWS\system32\drivers\product_3_name_small.gif
C:\WINDOWS\system32\drivers\product_features.gif
C:\WINDOWS\system32\drivers\pt.htm
C:\WINDOWS\system32\drivers\rating.gif
C:\WINDOWS\system32\drivers\remove_spyware_header.gif
C:\WINDOWS\system32\drivers\s_detect.htm
C:\WINDOWS\system32\drivers\screenshot.jpg
C:\WINDOWS\system32\drivers\sep_hor.gif
C:\WINDOWS\system32\drivers\sep_vert.gif
C:\WINDOWS\system32\drivers\shadow.jpg
C:\WINDOWS\system32\drivers\shadow_bg.gif
C:\WINDOWS\system32\drivers\spacer.gif
C:\WINDOWS\system32\drivers\spy_away_box.jpg
C:\WINDOWS\system32\drivers\spyware_detected.gif
C:\WINDOWS\system32\drivers\star.gif
C:\WINDOWS\system32\drivers\star_gray.gif
C:\WINDOWS\system32\drivers\star_gray_small.gif
C:\WINDOWS\system32\drivers\star_small.gif
C:\WINDOWS\system32\drivers\style.css
C:\WINDOWS\system32\drivers\v.gif
C:\WINDOWS\system32\drivers\warning_ico.gif
C:\WINDOWS\system32\drivers\warning_icon.gif
C:\WINDOWS\system32\drivers\win_logo.gif
C:\WINDOWS\system32\drivers\x.gif
C:\WINDOWS\system32\drivers\yellow_warning_ico.gif
C:\WINDOWS\system32\fksprtai.ini
C:\WINDOWS\system32\gtv_sd.bin
C:\WINDOWS\system32\iatrpskf.dll
C:\WINDOWS\system32\ijrkvcvm.ini
C:\WINDOWS\system32\mvcvkrji.dll
C:\WINDOWS\system32\nusrmgr.exe

.
((((((((((((((((((((((((( Files Created from 2007-09-15 to 2007-10-15 )))))))))))))))))))))))))))))))
.

2007-10-15 16:23 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-15 14:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-10-15 14:31 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-10-15 14:31 <DIR> d-------- C:\Documents and Settings\mhl pp\Application Data\SUPERAntiSpyware.com
2007-10-15 14:30 1,522,814 --a------ C:\ComboFix.exe
2007-10-15 14:28 5,914,648 --a------ C:\SUPERAntiSpyware.exe
2007-10-15 11:37 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-15 11:36 812,344 --a------ C:\HJTInstall.exe
2007-10-08 08:58 <DIR> d-------- C:\Program Files\Lavasoft
2007-10-08 08:48 <DIR> d-------- C:\VundoFix Backups
2007-10-08 08:43 19,755,376 --a------ C:\aaw2007.exe
2007-10-07 15:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-06 18:59 <DIR> d-------- C:\Program Files\Radmin 3.0
2007-10-06 14:01 <DIR> d-------- C:\vdownloader
2007-10-06 10:08 <DIR> d-------- C:\Program Files\DAP
2007-10-04 12:48 <DIR> d-------- C:\Program Files\SpeedBit Video Accelerator
2007-10-04 12:48 <DIR> d-------- C:\Program Files\AskPBar
2007-10-04 12:38 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2007-10-04 12:35 <DIR> d-------- C:\Program Files\Google
2007-09-27 10:55 <DIR> d-------- C:\Program Files\Cpvdeduu
2007-09-27 10:54 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Locktime
2007-09-20 18:27 <DIR> d-------- C:\Program Files\Common Files\STORMWARE Shared
2007-09-20 18:10 <DIR> d-------- C:\Pohoda
2007-09-20 15:02 62,512,691 --a------ C:\Pohoda.zip

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-15 14:46 --------- d-----w C:\Documents and Settings\mhl pp\Application Data\Skype
2007-10-15 12:56 --------- d-----w C:\Documents and Settings\mhl pp\Application Data\uTorrent
2007-10-15 12:30 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-12 10:55 --------- d-----w C:\Documents and Settings\mhl pp\Application Data\OpenOffice.org2
2007-10-07 17:36 --------- d-----w C:\Documents and Settings\mhl pp\Application Data\Hamachi
2007-10-06 14:20 25,544 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2007-10-06 12:15 --------- d-----w C:\Program Files\Hamachi
2007-10-06 10:42 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-09-21 07:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-08 16:27 --------- d-----w C:\Program Files\uTorrent
2007-09-05 11:38 --------- d-----w C:\Documents and Settings\mhl pp\Application Data\Spyware Terminator
2007-09-05 11:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2007-09-04 09:44 --------- d-----w C:\Documents and Settings\mhl pp\Application Data\TuneUp Software
2007-08-30 15:08 --------- d-----w C:\Program Files\Qcvqncxm
2007-08-30 15:07 --------- d-----w C:\Program Files\netsfchi
2007-08-29 18:58 --------- d-----w C:\Program Files\Mozilla Thunderbird
2007-08-23 10:27 --------- d-----w C:\Documents and Settings\mhl pp\Application Data\Radmin
2007-08-16 12:26 --------- d-----w C:\Program Files\Skype
2007-08-16 12:26 --------- d-----w C:\Program Files\Common Files\Skype
2007-08-16 12:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2007-08-15 09:48 --------- d-----w C:\Program Files\Yahoo!
2007-08-03 09:06 96,978 ----a-w C:\VirtumundoBeGone.exe
2007-08-03 08:43 109,056 ----a-w C:\VundoFix.exe
2007-04-22 10:31 1,002,624 ----a-w C:\Program Files\HamachiSetup-1.0.2.1-cz.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11ECC821-9ED4-4965-BC42-25DFE0FBFDB3}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-07-30 12:32]
"Microsoft Setup Initialization"="Microsoft Setup Initialization" [2007-09-21 19:59 C:\WINDOWS\system32\Microsoft Setup Initialization]
"System Updater Machine"="system23.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-08-06 12:43]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2007-09-17 13:28]
"Microsoft Setup Initialization"="Microsoft Setup Initialization" [2007-09-21 19:59 C:\WINDOWS\system32\Microsoft Setup Initialization]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Microsoft Setup Initialization"=Microsoft Setup Initialization
"System Updater Machine"=system23.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=,C:\WINDOWS\system32\rserver30\r3god.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Ponuka Štart^Programy^Pri spustení^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Ponuka Štart\Programy\Pri spustení\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Ponuka Štart^Programy^Pri spustení^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Ponuka Štart\Programy\Pri spustení\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^mhl pp^Ponuka Štart^Programy^Pri spustení^OpenOffice.org 2.0.lnk]
path=C:\Documents and Settings\mhl pp\Ponuka Štart\Programy\Pri spustení\OpenOffice.org 2.0.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
"C:\Program Files\DAP\DAP.EXE" /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hide IP Platinum]
c:\Program Files\Hide IP Platinum\hideippla.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SC2]
C:\Program Files\SecCenter\scprot4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
"C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Syslog]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
"c:\Program Files\uTorrent\uTorrent.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"RDSessMgr"=3 (0x3)
"RasAuto"=3 (0x3)
"AudioSrv"=2 (0x2)
"wscsvc"=2 (0x2)
"sp_rssrv"=2 (0x2)
"sp_clamsrv"=3 (0x3)
"nlsvc"=2 (0x2)
"VideoAcceleratorEngine"=2 (0x2)
"gusvc"=3 (0x3)

R1 nltdi;nltdi;\??\C:\WINDOWS\system32\drivers\nltdi.sys
R3 PSched;QoS Packet Scheduler;C:\WINDOWS\system32\DRIVERS\psched.sys
S3 mirrorv3;mirrorv3;C:\WINDOWS\system32\DRIVERS\rminiv3.sys


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F2042EE3-DE0E-AF96-C700-F4600B05E70F}]
C:\WINDOWS\scvhost.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-10-12 15:15:02 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-15 16:52:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-15 16:53:55 - machine was rebooted
.
--- E O F ---

[fredik]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:

Kód: Vybrat vše

File::
C:\WINDOWS\scvhost.exe

Folder::
C:\Program Files\Qcvqncxm
C:\Program Files\Cpvdeduu

DirLook::
C:\Program Files\netsfchi

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11ECC821-9ED4-4965-BC42-25DFE0FBFDB3}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Setup Initialization"=-
"System Updater Machine"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Setup Initialization"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Microsoft Setup Initialization"=-
"System Updater Machine"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F2042EE3-DE0E-AF96-C700-F4600B05E70F}]

Zvol možnost Uložit soubor jako, pojmenuj soubor CFScript.txt a zvol Uložit jako typ: Všechny soubory.
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

Dej sem taky nový log z HJT.

[Erricco]

Tak tu je ten želaný log.

ComboFix 07-10-14.5 - mhl pp 2007-10-18 15:54:19.2 - NTFSx86
Syst‚m Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.11 [GMT 2:00]
¬asově limit spracovania skriptu "C:\ComboFix\osid.vbs" bol prekroźeně.
Spracovanie skriptu sa ukonźilo.
Running from: C:\WINDOWS\e386\Antivir\ComboFix.exe
Command switches used :: C:\Documents and Settings\mhl pp\Pracovn plocha\CFScript.txt
* Created a new restore point

FILE::
C:\WINDOWS\scvhost.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Cpvdeduu
C:\Program Files\Qcvqncxm

.
((((((((((((((((((((((((( Files Created from 2007-09-18 to 2007-10-18 )))))))))))))))))))))))))))))))
.

2007-10-16 10:00 737,280 --a------ C:\WINDOWS\iun6002.exe
2007-10-16 09:59 <DIR> d-------- C:\Program Files\FireTune
2007-10-16 09:58 982,577 --a------ C:\firetune.exe
2007-10-15 16:23 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-15 14:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-10-15 14:31 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-10-15 14:31 <DIR> d-------- C:\Documents and Settings\mhl pp\Application Data\SUPERAntiSpyware.com
2007-10-15 11:37 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-08 08:58 <DIR> d-------- C:\Program Files\Lavasoft
2007-10-07 15:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-06 18:59 <DIR> d-------- C:\Program Files\Radmin 3.0
2007-10-06 14:01 <DIR> d-------- C:\vdownloader
2007-10-06 10:08 <DIR> d-------- C:\Program Files\DAP
2007-10-04 12:48 <DIR> d-------- C:\Program Files\SpeedBit Video Accelerator
2007-10-04 12:48 <DIR> d-------- C:\Program Files\AskPBar
2007-10-04 12:38 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2007-10-04 12:35 <DIR> d-------- C:\Program Files\Google
2007-09-27 10:54 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Locktime
2007-09-20 18:27 <DIR> d-------- C:\Program Files\Common Files\STORMWARE Shared
2007-09-20 18:10 <DIR> d-------- C:\Pohoda
2007-09-20 15:02 62,512,691 --a------ C:\Pohoda.zip

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-18 13:52 --------- d-----w C:\Documents and Settings\mhl pp\Application Data\Skype
2007-10-18 11:10 --------- d-----w C:\Documents and Settings\mhl pp\Application Data\uTorrent
2007-10-17 18:47 --------- d-----w C:\Documents and Settings\mhl pp\Application Data\OpenOffice.org2
2007-10-16 12:47 --------- d-----w C:\Documents and Settings\mhl pp\Application Data\Hamachi
2007-10-15 12:30 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-06 14:20 25,544 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2007-10-06 12:15 --------- d-----w C:\Program Files\Hamachi
2007-10-06 10:42 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-09-21 07:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-08 16:27 --------- d-----w C:\Program Files\uTorrent
2007-09-05 11:38 --------- d-----w C:\Documents and Settings\mhl pp\Application Data\Spyware Terminator
2007-09-05 11:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2007-09-04 09:44 --------- d-----w C:\Documents and Settings\mhl pp\Application Data\TuneUp Software
2007-08-30 15:07 --------- d-----w C:\Program Files\netsfchi
2007-08-29 18:58 --------- d-----w C:\Program Files\Mozilla Thunderbird
2007-08-23 10:27 --------- d-----w C:\Documents and Settings\mhl pp\Application Data\Radmin
2007-08-03 09:20 221,316 ----a-w C:\WINDOWS\system32\cbxut.dll
2007-07-30 10:32 298,104 ----a-w C:\WINDOWS\system32\imon.dll
2007-07-30 10:00 31,254 ----a-w C:\WINDOWS\system32\xxyxyvs.dll.vir
2007-04-22 10:31 1,002,624 ----a-w C:\Program Files\HamachiSetup-1.0.2.1-cz.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Program Files\netsfchi ----

2007-08-30 17:07 57344 --a------ C:\Program Files\netsfchi\pmbonmfo.dll


((((((((((((((((((((((((((((( snapshot@2007-10-15_16.52.42.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-10-08 06:46:17 19,755,376 ----a-w C:\WINDOWS\e386\Antivir\aaw2007.exe
+ 2007-10-15 09:36:13 812,344 ----a-w C:\WINDOWS\e386\Antivir\HJTInstall.exe
+ 2007-10-15 12:29:39 5,914,648 ----a-w C:\WINDOWS\e386\Antivir\SUPERAntiSpyware.exe
+ 2005-12-08 11:25:44 118,144 ----a-r C:\WINDOWS\e386\Antivir\SUPERAntiSpyware\BootSafe.exe
+ 2006-09-19 13:55:38 360,448 ----a-r C:\WINDOWS\e386\Antivir\SUPERAntiSpyware\deupx.dll
+ 2004-05-07 13:31:40 348,160 ----a-w C:\WINDOWS\e386\Antivir\SUPERAntiSpyware\msvcr71.dll
+ 2004-06-03 07:24:38 69,632 ----a-w C:\WINDOWS\e386\Antivir\SUPERAntiSpyware\Plugins\sab_incr.dll
+ 2004-05-07 13:31:40 40,960 ----a-w C:\WINDOWS\e386\Antivir\SUPERAntiSpyware\Plugins\sab_mapi.dll
+ 2004-05-07 13:31:40 61,440 ----a-w C:\WINDOWS\e386\Antivir\SUPERAntiSpyware\Plugins\sab_wab.dll
+ 2007-02-27 10:39:26 61,440 ----a-w C:\WINDOWS\e386\Antivir\SUPERAntiSpyware\SASCTXMN.DLL
+ 2006-10-10 11:53:48 5,632 ----a-w C:\WINDOWS\e386\Antivir\SUPERAntiSpyware\sasdifsv.sys
+ 2006-02-16 15:51:08 4,096 ----a-r C:\WINDOWS\e386\Antivir\SUPERAntiSpyware\SASENUM.SYS
+ 2007-02-27 10:39:26 32,256 ----a-w C:\WINDOWS\e386\Antivir\SUPERAntiSpyware\SASKUTIL.SYS
+ 2006-12-20 11:55:48 77,824 ----a-w C:\WINDOWS\e386\Antivir\SUPERAntiSpyware\SASSEH.DLL
+ 2007-04-19 11:41:36 294,912 ----a-w C:\WINDOWS\e386\Antivir\SUPERAntiSpyware\SASWINLO.dll
+ 2007-06-21 12:07:10 146,672 ----a-w C:\WINDOWS\e386\Antivir\SUPERAntiSpyware\SSUpdate.exe
+ 2007-06-21 12:06:28 1,318,912 ----a-w C:\WINDOWS\e386\Antivir\SUPERAntiSpyware\SUPERAntiSpyware.exe
+ 2007-08-03 09:06:53 96,978 ----a-w C:\WINDOWS\e386\Antivir\VirtumundoBeGone.exe
+ 2007-08-03 08:43:22 109,056 ----a-w C:\WINDOWS\e386\Antivir\VundoFix.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-07-30 12:32]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-08-06 12:43]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2007-09-17 13:28]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-10-04 12:37]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=,C:\WINDOWS\system32\rserver30\r3god.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Ponuka Štart^Programy^Pri spustení^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Ponuka Štart\Programy\Pri spustení\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Ponuka Štart^Programy^Pri spustení^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Ponuka Štart\Programy\Pri spustení\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^mhl pp^Ponuka Štart^Programy^Pri spustení^OpenOffice.org 2.0.lnk]
path=C:\Documents and Settings\mhl pp\Ponuka Štart\Programy\Pri spustení\OpenOffice.org 2.0.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
"C:\Program Files\DAP\DAP.EXE" /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hide IP Platinum]
c:\Program Files\Hide IP Platinum\hideippla.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SC2]
C:\Program Files\SecCenter\scprot4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
"C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Syslog]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
"c:\Program Files\uTorrent\uTorrent.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"RDSessMgr"=3 (0x3)
"RasAuto"=3 (0x3)
"AudioSrv"=2 (0x2)
"wscsvc"=2 (0x2)
"sp_rssrv"=2 (0x2)
"sp_clamsrv"=3 (0x3)
"nlsvc"=2 (0x2)
"VideoAcceleratorEngine"=2 (0x2)
"gusvc"=3 (0x3)

R1 nltdi;nltdi;\??\C:\WINDOWS\system32\drivers\nltdi.sys
S3 mirrorv3;mirrorv3;C:\WINDOWS\system32\DRIVERS\rminiv3.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-10-12 15:15:02 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-18 16:01:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-18 16:02:35
.
--- E O F ---

[fredik]

Vytvoř si nový CFScript a vlož tam do něho tady toto:

Kód: Vybrat vše

File::
C:\WINDOWS\system32\cbxut.dll
C:\WINDOWS\system32\xxyxyvs.dll.vir

Folder::
C:\Program Files\netsfchi

a vlož sem log z Combofixu, který se ti pak zobrazí.
+
nový log z HJT.

[Erricco]

vkládal oba logy.


ComboFix 07-10-14.5 - mhl pp 2007-10-20 11:16:46.3 - NTFSx86
Syst‚m Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.11 [GMT 2:00]
Running from: C:\WINDOWS\e386\Antivir\ComboFix.exe
Command switches used :: C:\Documents and Settings\mhl pp\Pracovn plocha\CFScript.txt
* Created a new restore point

FILE::
C:\WINDOWS\system32\cbxut.dll
C:\WINDOWS\system32\xxyxyvs.dll.vir
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\netsfchi
C:\Program Files\netsfchi\pmbonmfo.dll
C:\WINDOWS\system32\cbxut.dll
C:\WINDOWS\system32\xxyxyvs.dll.vir

.
((((((((((((((((((((((((( Files Created from 2007-09-20 to 2007-10-20 )))))))))))))))))))))))))))))))
.

2007-10-16 10:00 737,280 --a------ C:\WINDOWS\iun6002.exe
2007-10-16 09:59 <DIR> d-------- C:\Program Files\FireTune
2007-10-15 16:23 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-15 14:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-10-15 14:31 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-10-15 14:31 <DIR> d-------- C:\Documents and Settings\mhl pp\Application Data\SUPERAntiSpyware.com
2007-10-15 11:37 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-08 08:58 <DIR> d-------- C:\Program Files\Lavasoft
2007-10-07 15:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-06 18:59 <DIR> d-------- C:\Program Files\Radmin 3.0
2007-10-06 14:01 <DIR> d-------- C:\vdownloader
2007-10-06 10:08 <DIR> d-------- C:\Program Files\DAP
2007-10-04 12:48 <DIR> d-------- C:\Program Files\SpeedBit Video Accelerator
2007-10-04 12:48 <DIR> d-------- C:\Program Files\AskPBar
2007-10-04 12:38 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2007-10-04 12:35 <DIR> d-------- C:\Program Files\Google
2007-09-27 10:54 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Locktime
2007-09-20 18:27 <DIR> d-------- C:\Program Files\Common Files\STORMWARE Shared
2007-09-20 18:10 <DIR> d-------- C:\Pohoda
2007-09-20 15:02 62,512,691 --a------ C:\Pohoda.zip

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-20 09:17 --------- d-----w C:\Documents and Settings\mhl pp\Application Data\Skype
2007-10-20 07:17 --------- d-----w C:\Documents and Settings\mhl pp\Application Data\uTorrent
2007-10-19 18:55 --------- d-----w C:\Documents and Settings\mhl pp\Application Data\OpenOffice.org2
2007-10-16 12:47 --------- d-----w C:\Documents and Settings\mhl pp\Application Data\Hamachi
2007-10-15 12:30 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-06 14:20 25,544 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2007-10-06 12:15 --------- d-----w C:\Program Files\Hamachi
2007-10-06 10:42 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-09-21 07:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-08 16:27 --------- d-----w C:\Program Files\uTorrent
2007-09-05 11:38 --------- d-----w C:\Documents and Settings\mhl pp\Application Data\Spyware Terminator
2007-09-05 11:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2007-09-04 09:44 --------- d-----w C:\Documents and Settings\mhl pp\Application Data\TuneUp Software
2007-08-29 18:58 --------- d-----w C:\Program Files\Mozilla Thunderbird
2007-08-23 10:27 --------- d-----w C:\Documents and Settings\mhl pp\Application Data\Radmin
2007-07-30 10:32 298,104 ----a-w C:\WINDOWS\system32\imon.dll
2007-04-22 10:31 1,002,624 ----a-w C:\Program Files\HamachiSetup-1.0.2.1-cz.exe
.

((((((((((((((((((((((((((((( snapshot@2007-10-15_16.52.42.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-10-08 06:46:17 19,755,376 ----a-w C:\WINDOWS\e386\Antivir\aaw2007.exe
+ 2007-10-15 09:36:13 812,344 ----a-w C:\WINDOWS\e386\Antivir\HJTInstall.exe
+ 2007-10-15 12:29:39 5,914,648 ----a-w C:\WINDOWS\e386\Antivir\SUPERAntiSpyware.exe
+ 2005-12-08 11:25:44 118,144 ----a-r C:\WINDOWS\e386\Antivir\SUPERAntiSpyware\BootSafe.exe
+ 2006-09-19 13:55:38 360,448 ----a-r C:\WINDOWS\e386\Antivir\SUPERAntiSpyware\deupx.dll
+ 2004-05-07 13:31:40 348,160 ----a-w C:\WINDOWS\e386\Antivir\SUPERAntiSpyware\msvcr71.dll
+ 2004-06-03 07:24:38 69,632 ----a-w C:\WINDOWS\e386\Antivir\SUPERAntiSpyware\Plugins\sab_incr.dll
+ 2004-05-07 13:31:40 40,960 ----a-w C:\WINDOWS\e386\Antivir\SUPERAntiSpyware\Plugins\sab_mapi.dll
+ 2004-05-07 13:31:40 61,440 ----a-w C:\WINDOWS\e386\Antivir\SUPERAntiSpyware\Plugins\sab_wab.dll
+ 2007-02-27 10:39:26 61,440 ----a-w C:\WINDOWS\e386\Antivir\SUPERAntiSpyware\SASCTXMN.DLL
+ 2006-10-10 11:53:48 5,632 ----a-w C:\WINDOWS\e386\Antivir\SUPERAntiSpyware\sasdifsv.sys
+ 2006-02-16 15:51:08 4,096 ----a-r C:\WINDOWS\e386\Antivir\SUPERAntiSpyware\SASENUM.SYS
+ 2007-02-27 10:39:26 32,256 ----a-w C:\WINDOWS\e386\Antivir\SUPERAntiSpyware\SASKUTIL.SYS
+ 2006-12-20 11:55:48 77,824 ----a-w C:\WINDOWS\e386\Antivir\SUPERAntiSpyware\SASSEH.DLL
+ 2007-04-19 11:41:36 294,912 ----a-w C:\WINDOWS\e386\Antivir\SUPERAntiSpyware\SASWINLO.dll
+ 2007-06-21 12:07:10 146,672 ----a-w C:\WINDOWS\e386\Antivir\SUPERAntiSpyware\SSUpdate.exe
+ 2007-06-21 12:06:28 1,318,912 ----a-w C:\WINDOWS\e386\Antivir\SUPERAntiSpyware\SUPERAntiSpyware.exe
+ 2007-08-03 09:06:53 96,978 ----a-w C:\WINDOWS\e386\Antivir\VirtumundoBeGone.exe
+ 2007-08-03 08:43:22 109,056 ----a-w C:\WINDOWS\e386\Antivir\VundoFix.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-07-30 12:32]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-08-06 12:43]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2007-09-17 13:28]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-10-04 12:37]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=,C:\WINDOWS\system32\rserver30\r3god.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Ponuka Štart^Programy^Pri spustení^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Ponuka Štart\Programy\Pri spustení\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Ponuka Štart^Programy^Pri spustení^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Ponuka Štart\Programy\Pri spustení\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^mhl pp^Ponuka Štart^Programy^Pri spustení^OpenOffice.org 2.0.lnk]
path=C:\Documents and Settings\mhl pp\Ponuka Štart\Programy\Pri spustení\OpenOffice.org 2.0.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
"C:\Program Files\DAP\DAP.EXE" /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hide IP Platinum]
c:\Program Files\Hide IP Platinum\hideippla.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SC2]
C:\Program Files\SecCenter\scprot4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
"C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Syslog]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
"c:\Program Files\uTorrent\uTorrent.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"RDSessMgr"=3 (0x3)
"RasAuto"=3 (0x3)
"AudioSrv"=2 (0x2)
"wscsvc"=2 (0x2)
"sp_rssrv"=2 (0x2)
"sp_clamsrv"=3 (0x3)
"nlsvc"=2 (0x2)
"VideoAcceleratorEngine"=2 (0x2)
"gusvc"=3 (0x3)

R1 nltdi;nltdi;\??\C:\WINDOWS\system32\drivers\nltdi.sys
R3 PSched;QoS Packet Scheduler;C:\WINDOWS\system32\DRIVERS\psched.sys
S3 mirrorv3;mirrorv3;C:\WINDOWS\system32\DRIVERS\rminiv3.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-10-19 15:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-20 11:27:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-20 11:33:36 - machine was rebooted
.
--- E O F ---









Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:37:50, on 10/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\StormWare\PohodaSK\Pohoda.exe
C:\Program Files\StormWare\PohodaSK\StwPh.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\dapbho.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: ,C:\WINDOWS\system32\rserver30\r3god.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

--
End of file - 3838 bytes

[fredik]

Používáš DAP - Download Accelerator Plus, doporučil bych ti ho odinstalovat a případně sáhnou po nějakém jiném produktu podobného zaměření.
Taky jestli nutně najak nepotřebuješ tak odinstalovat přes Přidat nebo odebrat programy:
Ask Toolbar

Pokud odinstaluješ Ask toolbar tak ještě fixni v HJT tyto položky pokud tam budou:

Spusť znovu HijackThis a zaškrtni v něm okénka před řádky:
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
po zaškrtnutí klikni na tlačítko Fix Checked

Vytvoř si nový CFScript a vlož tam do něho tady toto:

Kód: Vybrat vše

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SC2]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Syslog]

log už sem nemusíš dávat.

Nevím jak to tam máš ale případně by bylo dobré si tam doinstalovat firewall, vybrat si můžeš zde

Pokud už nemáš další problémy tak si stáhni a spusť T-cleaner, vymaže záložní adresáře a pozůstatky vytvořené použitými programy.

[Erricco]

O.K. vdaka Fredik.
Cením si tvoju pomoc,držím palce a dúfam že sa tu ešte stretneme (aj ked zrovna pri riešení takýchto problémov asi nie)