Spyware alert a Windows security alert

[gord007]

Zdravím... měl jsem stejný problém. Vyřešilo to taky SmitFraudFix, ale ještě zde přikládám svůj log z hijackthis jestli tam ještě něco není... Díky moc

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:08:25, on 7. 10. 2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\oodag.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
D:\Stažený\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ad2.billboard.cz/please/redir.bb/1627/1/1/1/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: XBTP05231 - {031F120A-BBAF-45d8-B306-375F2A6B9398} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Program Files\PC Translator\WebIE.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: Alcohol Soft - Alcohol 120% Toolbar - {1CE4EE89-2D5C-4361-AF3B-D902AB545381} - C:\Program Files\Alcohol Soft\Alcohol 120% Toolbar\a120_tb.dll (file missing)
O3 - Toolbar: (no name) - {515AB855-A175-436a-BC5C-0E4F50A023A5} - (no file)
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Program Files\PC Translator\WebIE.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\System32\msconfig.exe /auto
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [Windows Configuration GUI] systemconfig32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\RunServices: [Windows Configuration GUI] systemconfig32.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunServices: [Windows Configuration GUI] systemconfig32.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunServices: [Windows Configuration GUI] systemconfig32.exe (User 'Default user')
O4 - Global Startup: DSLMON .lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZNfox000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout Free Download Managerem - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Stáhnout vybrané Free Download Managerem - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Stáhnout vše Free Download Managerem - file://C:\Program Files\Free Download Manager\dlall.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Program Files\PC Translator\WebIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Program Files\PC Translator\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Program Files\PC Translator\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Program Files\PC Translator\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Program Files\PC Translator\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Program Files\PC Translator\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Program Files\PC Translator\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Program Files\PC Translator\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Program Files\PC Translator\WebIE.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O20 - Winlogon Notify: IPConfTSP - C:\WINDOWS\system32\ijsutil.dll (file missing)
O21 - SSODL: msvb - {7CD63DFE-E965-4EF7-9621-E310199205A0} - C:\WINDOWS\msvb.dll
O21 - SSODL: sysdx - {8816AD0C-36DF-40F1-BC2C-7C859BA96D4C} - C:\WINDOWS\sysdx.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe
O23 - Service: Win32 Login Service (Win32 Login) - Unknown owner - C:\WINDOWS\win32logon.exe (file missing)

--
End of file - 8151 bytes

//příspěvky rozděleny. Příště si založ prosím tě vlastní téma
fredik

[Reklama]

[fredik]

Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[gord007]

ComboFix 07-10-07.2 - J 2007-10-07 16:35:11.1 - NTFSx86
Syst‚m Microsoft Windows XP Professional 5.1.2600.1.1250.1.1029.18.119 [GMT 2:00]
Running from: C:\Documents and Settings\J \Plocha\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\dat.txt
C:\WINDOWS\msvb.dll
C:\WINDOWS\sysdx.dll

.
((((((((((((((((((((((((( Files Created from 2007-09-07 to 2007-10-07 )))))))))))))))))))))))))))))))
.

2007-10-07 16:33 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-07 14:58 2,358 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-07 14:57 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-10-07 14:57 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-10-07 14:57 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-10-07 14:57 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-10-07 14:57 25,088 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-10-06 20:53 51,200 --a------ C:\WINDOWS\wsremover.exe
2007-10-06 20:28 <DIR> d-------- C:\Program Files\Hard Truck 2
2007-09-30 21:22 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-30 20:41 <DIR> d-------- C:\Program Files\Eltima Software
2007-09-07 16:29 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2007-09-07 16:29 34,560 --a--c--- C:\WINDOWS\system32\dllcache\hidclass.sys
2007-09-07 16:29 23,680 --a--c--- C:\WINDOWS\system32\dllcache\hidparse.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-07 16:33 --------- d-------- C:\Program Files\PeerGuardian2
2007-10-07 14:55 1969 --a--c--- C:\WINDOWS\system32\drivers\fwdrv.err
2007-09-30 21:22 --------- d-------- C:\Program Files\Zoner
2007-09-17 21:31 --------- d-------- C:\Program Files\Mozilla Thunderbird
2007-09-16 20:27 --------- d-------- C:\Program Files\VV3
2007-09-07 16:26 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-05 10:17 --------- d-------- C:\Program Files\Ubisoft
2007-09-04 20:09 --------- d-------- C:\Program Files\Microsoft ActiveSync
2007-09-04 20:09 --------- d-------- C:\Program Files\EurotelSMS
2007-09-04 20:08 --------- d-------- C:\Program Files\SANDYdemo
2007-09-04 20:08 --------- d-------- C:\Program Files\Psi
2007-09-04 20:08 --------- d-------- C:\Program Files\Hexacto Games
2007-09-04 20:08 --------- d-------- C:\Program Files\Banner Maker Pro 6
2007-09-04 20:07 --------- d-------- C:\Program Files\Penezni denik
2007-09-04 20:01 --------- d-------- C:\Program Files\BlueVoda Website Builder
2007-09-04 20:00 --------- d-------- C:\Program Files\HNR Game
2007-09-04 20:00 --------- d-------- C:\Program Files\Astraware
2007-09-04 19:59 --------- d-------- C:\Program Files\Web Gallery Wizard PRO
2007-09-04 19:58 --------- d-------- C:\Program Files\JAlbum
2007-09-04 19:50 --------- d-------- C:\Program Files\OpenTTD
2007-09-04 19:48 --------- d-------- C:\Program Files\PHP Home Edition 2
2007-09-04 19:45 --------- d-------- C:\Program Files\KONAMI
2007-08-30 10:39 --------- d-------- C:\Program Files\SMS Zdarma
2007-08-29 09:43 --------- d-------- C:\Program Files\Valve
2007-08-21 12:25 --------- d-------- C:\Program Files\PC Translator
2007-08-18 20:20 --------- d-------- C:\Program Files\Trymedia
2007-08-18 20:19 --------- d-------- C:\Program Files\Gold Miner
2007-08-16 20:36 --------- d-------- C:\Program Files\Common Files\Logitech
2007-08-16 14:53 --------- d-------- C:\Program Files\infium
2007-08-12 10:32 --------- d-------- C:\Program Files\EA SPORTS
2007-08-11 20:27 --------- d-------- C:\Program Files\Ubi Soft
2007-08-11 10:57 516096 --a------ C:\WINDOWS\UN32.EXE
2007-08-11 10:50 --------- d-------- C:\Program Files\Microton 2006
2007-08-10 21:23 294912 --a------ C:\WINDOWS\TrnWord.dll
1999-06-25 10:55 149504 --a--c--- C:\Program Files\UNWISE.EXE
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-06-01 17:22]
"nwiz"="nwiz.exe" [2006-10-22 13:22 C:\WINDOWS\system32\nwiz.exe]
"Tweak UI"="TWEAKUI.CPL" [2003-03-25 05:49 C:\WINDOWS\system32\tweakui.cpl]
"MSConfig"="C:\WINDOWS\System32\msconfig.exe" [2005-04-02 17:11]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-09-14 22:09]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-30 21:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-20 19:05]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runservices]
"Windows Configuration GUI"=systemconfig32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Windows Configuration GUI"=systemconfig32.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"ICQ Lite"=C:\Program Files\ICQLite\ICQLite.exe -trayboot

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runservices]
"Windows Configuration GUI"=systemconfig32.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Windows Configuration GUI"=systemconfig32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"RunStartupScriptSync"=0 (0x0)
"SynchronousMachineGroupPolicy"=0 (0x0)
"SynchronousUserGroupPolicy"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"=1 (0x1)
"NoStrCmpLogical"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"=0 (0x0)
"NoSMBalloonTip"=1 (0x1)
"NoRecentDocsHistory"=1 (0x1)
"MemCheckBoxInRunDlg"=0 (0x0)
"NoAutoTrayNotify"=0 (0x0)
"NoResolveTrack"=0 (0x0)
"NoResolveSearch"=1 (0x1)
"NoWelcomeScreen"=1 (0x1)
"NoRecentDocsNetHood"=1 (0x1)
"NoDesktopCleanupWizard"=1 (0x1)
"NoSharedDocuments"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Gamma Loader.exe.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Gamma Loader.exe.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Já^Nabídka Start^Programy^Po spuštění^Snow for Windows.lnk]
path=C:\Documents and Settings\Já\Nabídka Start\Programy\Po spuštění\Snow for Windows.lnk
backup=C:\WINDOWS\pss\Snow for Windows.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Já^Nabídka Start^Programy^Po spuštění^WinMySQLadmin.lnk]
path=C:\Documents and Settings\Já\Nabídka Start\Programy\Po spuštění\WinMysqlAdmin.lnk
backup=C:\WINDOWS\pss\WinMysqlAdmin.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Já^Nabídka Start^Programy^Po spuštění^Zástupce - ServiceMan.lnk]
path=C:\Documents and Settings\Já\Nabídka Start\Programy\Po spuštění\Zástupce - ServiceMan.lnk
backup=C:\WINDOWS\pss\Zástupce - ServiceMan.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApacheMonitor.exe]
C:\Program Files\PHP Home Edition 2\Apache2\bin\ApacheMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
"C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreativeMixer]
C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE /T

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
"C:\Program Files\D-Tools\daemon.exe" -lang 1029

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Disc Detector]
C:\Program Files\Creative\ShareDLL\CtNotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gimmysmileys]
c:\\gimmysmileys.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
"C:\Program Files\ICQLite\ICQLite.exe" -minimize

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\keyboard]
c:\\keyboard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mousepad]
c:\\mousepad.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msconfig38]
mssvcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NewsUpd]
C:\Program Files\Creative\News\NewsUpd.EXE /q

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]
"C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEXPRESS]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
C:\WINDOWS\System32\oodtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcBoost]
"C:\Program Files\PcBoost\PcBoost.exe" /start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PeerGuardian]
C:\Program Files\PeerGuardian2\pg2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerStrip]
c:\program files\powerstrip\pstrip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QIP2005]
C:\Program Files\qip\qip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\secures23]
mssecure.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\supervisor.exe]
C:\WINDOWS\supervisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VVNEWS]
C:\Program Files\VV3\main.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WEBTRAN]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampToQIP]
"C:\Program Files\qip\WinampToQIPSA.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinDLL (bee.dll)]
rundll32.exe C:\WINDOWS\System32\bee.dll,start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Configuration GUI]
systemconfig32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winsystems25]
winsystems.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Apache"=2 (0x2)
"StarWindService"=2 (0x2)
"LightScribeService"=2 (0x2)
"IDriverT"=3 (0x3)
"FreezeScreenSaver"=2 (0x2)
"PHPGeekUtil"=2 (0x2)
"MySql"=2 (0x2)
"Apache2"=2 (0x2)
"Creative Service for CDROM Access"=2 (0x2)

R1 fwdrv;Firewall Driver;C:\WINDOWS\System32\drivers\fwdrv.sys
R1 khips;Kerio HIPS Driver;C:\WINDOWS\System32\drivers\khips.sys
R2 PStrip;PStrip;C:\WINDOWS\System32\drivers\pstrip.sys
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\System32\DRIVERS\psched.sys
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\System32\drivers\WmBEnum.sys
R3 WmFilter;Logitech Gaming HID Filter Driver;C:\WINDOWS\System32\drivers\WmFilter.sys
R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\System32\drivers\WmXlCore.sys
S2 Win32 Login;Win32 Login Service;"C:\WINDOWS\win32logon.exe"
S3 ASPI;Advanced SCSI Programming Interface Driver;\??\C:\WINDOWS\System32\DRIVERS\ASPI32.sys
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS
S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\System32\drivers\WmVirHid.sys
S4 FreezeScreenSaver;FreezeScreenSaver;C:\WINDOWS\System32\FreezeScreenSaver.exe
S4 PHPGeekUtil;PHPGeekUtil;"c:\apache\APACHE.EXE" --ntservice

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Schedule

.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-07 16:44:04
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-07 16:47:48 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-07 16:47
.
--- E O F ---

[fredik]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:

Kód: Vybrat vše

Driver::
Win32 Login
FreezeScreenSaver

File::
C:\WINDOWS\wsremover.exe
C:\WINDOWS\System32\FreezeScreenSaver.exe
C:\WINDOWS\win32logon.exe

Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runservices]
"Windows Configuration GUI"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Windows Configuration GUI"=-
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runservices]
"Windows Configuration GUI"=-
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Windows Configuration GUI"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gimmysmileys]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\keyboard]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mousepad]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msconfig38]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\secures23]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinDLL (bee.dll)]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Configuration GUI]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winsystems25]

Zvol možnost Uložit soubor jako, pojmenuj soubor CFScript.txt a zvol Uložit jako typ: Všechny soubory.
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

* * * * * * * * * * * * * * * * * * * * * * * * *

Otestuj tento tento soubor na VirusTotall a vlož sem výsledek:
C:\WINDOWS\UN32.EXE

* * * * * * * * * * * * * * * * * * * * * * * * *

Stáhni si SUPERAntiSpyware
Nainstaluj a spusť ho a klikni na tlačítko Check for Updates...
Po provedení Update klikni na tlačítko: Scan your computer
Zvol možnost: Perform Complete Scan a klikni na tlačítko Další >

Proběhne kontrola, po skončení vypíše vše co našel.
Ujisti se že všechny položko jsou zaškrtnuty a pak zvol tlačítko Další
Pak klikni na tlačítko Finish a měl by ses dostat na úvodní obrazovku.
Tam klikni na tlačítko: Preferences... a tam zvol záložku Statistics/Logs
Tam klikni na log s dnešním datem který tam bude a dej tlačítko: View Log...
Otevře se ti Okno s logem tak jeho obsah sem zkopíruj.

Dej sem pak i nový log z HijackThis.

[gord007]

Takže výpis z ComboFix:

ComboFix 07-10-07.2 - J 2007-10-07 20:33:18.2 - NTFSx86
Syst‚m Microsoft Windows XP Professional 5.1.2600.1.1250.1.1029.18.151 [GMT 2:00]
Running from: C:\Documents and Settings\J \Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\J \Plocha\CFScript.txt
* Created a new restore point

FILE::
C:\WINDOWS\System32\FreezeScreenSaver.exe
C:\WINDOWS\win32logon.exe
C:\WINDOWS\wsremover.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\System32\FreezeScreenSaver.exe
C:\WINDOWS\wsremover.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_FREEZESCREENSAVER
-------\LEGACY_WIN32_LOGIN
-------\FreezeScreenSaver
-------\Win32 Login


((((((((((((((((((((((((( Files Created from 2007-09-07 to 2007-10-07 )))))))))))))))))))))))))))))))
.

2007-10-07 20:05 416,256 --a------ C:\WINDOWS\system32\fu1.exe
2007-10-07 19:46 416,256 -r-hs---- C:\WINDOWS\system\msnrav.exe
2007-10-07 16:33 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-07 14:58 2,358 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-07 14:57 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-10-07 14:57 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-10-07 14:57 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-10-07 14:57 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-10-07 14:57 25,088 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-10-06 20:28 <DIR> d-------- C:\Program Files\Hard Truck 2
2007-09-30 21:22 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-30 20:41 <DIR> d-------- C:\Program Files\Eltima Software
2007-09-07 16:29 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2007-09-07 16:29 34,560 --a--c--- C:\WINDOWS\system32\dllcache\hidclass.sys
2007-09-07 16:29 23,680 --a--c--- C:\WINDOWS\system32\dllcache\hidparse.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-07 20:32 --------- d-------- C:\Program Files\PeerGuardian2
2007-10-07 14:55 1969 --a--c--- C:\WINDOWS\system32\drivers\fwdrv.err
2007-09-30 21:22 --------- d-------- C:\Program Files\Zoner
2007-09-17 21:31 --------- d-------- C:\Program Files\Mozilla Thunderbird
2007-09-16 20:27 --------- d-------- C:\Program Files\VV3
2007-09-07 16:26 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-05 10:17 --------- d-------- C:\Program Files\Ubisoft
2007-09-04 20:09 --------- d-------- C:\Program Files\Microsoft ActiveSync
2007-09-04 20:09 --------- d-------- C:\Program Files\EurotelSMS
2007-09-04 20:08 --------- d-------- C:\Program Files\SANDYdemo
2007-09-04 20:08 --------- d-------- C:\Program Files\Psi
2007-09-04 20:08 --------- d-------- C:\Program Files\Hexacto Games
2007-09-04 20:08 --------- d-------- C:\Program Files\Banner Maker Pro 6
2007-09-04 20:07 --------- d-------- C:\Program Files\Penezni denik
2007-09-04 20:01 --------- d-------- C:\Program Files\BlueVoda Website Builder
2007-09-04 20:00 --------- d-------- C:\Program Files\HNR Game
2007-09-04 20:00 --------- d-------- C:\Program Files\Astraware
2007-09-04 19:59 --------- d-------- C:\Program Files\Web Gallery Wizard PRO
2007-09-04 19:58 --------- d-------- C:\Program Files\JAlbum
2007-09-04 19:50 --------- d-------- C:\Program Files\OpenTTD
2007-09-04 19:48 --------- d-------- C:\Program Files\PHP Home Edition 2
2007-09-04 19:45 --------- d-------- C:\Program Files\KONAMI
2007-08-30 10:39 --------- d-------- C:\Program Files\SMS Zdarma
2007-08-29 09:43 --------- d-------- C:\Program Files\Valve
2007-08-21 12:25 --------- d-------- C:\Program Files\PC Translator
2007-08-18 20:20 --------- d-------- C:\Program Files\Trymedia
2007-08-18 20:19 --------- d-------- C:\Program Files\Gold Miner
2007-08-16 20:36 --------- d-------- C:\Program Files\Common Files\Logitech
2007-08-16 14:53 --------- d-------- C:\Program Files\infium
2007-08-12 10:32 --------- d-------- C:\Program Files\EA SPORTS
2007-08-11 20:27 --------- d-------- C:\Program Files\Ubi Soft
2007-08-11 10:50 --------- d-------- C:\Program Files\Microton 2006
1999-06-25 10:55 149504 --a--c--- C:\Program Files\UNWISE.EXE
.

((((((((((((((((((((((((((((( snapshot@2007-10-07_16.46.03.52 )))))))))))))))))))))))))))))))))))))))))
.
-c--a-w 16,384 2007-10-07 18:30:25 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
-c--a-w 32,768 2007-10-07 18:30:25 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
----a-w 32,768 2007-10-07 18:30:25 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
-c--a-w 16,384 2006-10-20 16:49:10 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
-c--a-w 32,768 2006-10-20 16:49:10 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
-c--a-w 49,152 2006-10-20 16:49:10 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-06-01 17:22]
"nwiz"="nwiz.exe" [2006-10-22 13:22 C:\WINDOWS\system32\nwiz.exe]
"Tweak UI"="TWEAKUI.CPL" [2003-03-25 05:49 C:\WINDOWS\system32\tweakui.cpl]
"MSConfig"="C:\WINDOWS\System32\msconfig.exe" [2005-04-02 17:11]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-09-14 22:09]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-30 21:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-20 19:05]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"ICQ Lite"=C:\Program Files\ICQLite\ICQLite.exe -trayboot

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"RunStartupScriptSync"=0 (0x0)
"SynchronousMachineGroupPolicy"=0 (0x0)
"SynchronousUserGroupPolicy"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"=1 (0x1)
"NoStrCmpLogical"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"=0 (0x0)
"NoSMBalloonTip"=1 (0x1)
"NoRecentDocsHistory"=1 (0x1)
"MemCheckBoxInRunDlg"=0 (0x0)
"NoAutoTrayNotify"=0 (0x0)
"NoResolveTrack"=0 (0x0)
"NoResolveSearch"=1 (0x1)
"NoWelcomeScreen"=1 (0x1)
"NoRecentDocsNetHood"=1 (0x1)
"NoDesktopCleanupWizard"=1 (0x1)
"NoSharedDocuments"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Gamma Loader.exe.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Gamma Loader.exe.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Já^Nabídka Start^Programy^Po spuštění^Snow for Windows.lnk]
path=C:\Documents and Settings\Já\Nabídka Start\Programy\Po spuštění\Snow for Windows.lnk
backup=C:\WINDOWS\pss\Snow for Windows.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Já^Nabídka Start^Programy^Po spuštění^WinMySQLadmin.lnk]
path=C:\Documents and Settings\Já\Nabídka Start\Programy\Po spuštění\WinMysqlAdmin.lnk
backup=C:\WINDOWS\pss\WinMysqlAdmin.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Já^Nabídka Start^Programy^Po spuštění^Zástupce - ServiceMan.lnk]
path=C:\Documents and Settings\Já\Nabídka Start\Programy\Po spuštění\Zástupce - ServiceMan.lnk
backup=C:\WINDOWS\pss\Zástupce - ServiceMan.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApacheMonitor.exe]
C:\Program Files\PHP Home Edition 2\Apache2\bin\ApacheMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
"C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreativeMixer]
C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE /T

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
"C:\Program Files\D-Tools\daemon.exe" -lang 1029

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Disc Detector]
C:\Program Files\Creative\ShareDLL\CtNotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
"C:\Program Files\ICQLite\ICQLite.exe" -minimize

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NewsUpd]
C:\Program Files\Creative\News\NewsUpd.EXE /q

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]
"C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEXPRESS]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
C:\WINDOWS\System32\oodtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcBoost]
"C:\Program Files\PcBoost\PcBoost.exe" /start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PeerGuardian]
C:\Program Files\PeerGuardian2\pg2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerStrip]
c:\program files\powerstrip\pstrip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QIP2005]
C:\Program Files\qip\qip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\supervisor.exe]
C:\WINDOWS\supervisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VVNEWS]
C:\Program Files\VV3\main.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WEBTRAN]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampToQIP]
"C:\Program Files\qip\WinampToQIPSA.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Apache"=2 (0x2)
"StarWindService"=2 (0x2)
"LightScribeService"=2 (0x2)
"IDriverT"=3 (0x3)
"FreezeScreenSaver"=2 (0x2)
"PHPGeekUtil"=2 (0x2)
"MySql"=2 (0x2)
"Apache2"=2 (0x2)
"Creative Service for CDROM Access"=2 (0x2)

R1 fwdrv;Firewall Driver;C:\WINDOWS\System32\drivers\fwdrv.sys
R1 khips;Kerio HIPS Driver;C:\WINDOWS\System32\drivers\khips.sys
R2 MSN RAV;MSN RAV;"C:\WINDOWS\system\msnrav.exe"
R2 PStrip;PStrip;C:\WINDOWS\System32\drivers\pstrip.sys
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\System32\DRIVERS\psched.sys
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\System32\drivers\WmBEnum.sys
R3 WmFilter;Logitech Gaming HID Filter Driver;C:\WINDOWS\System32\drivers\WmFilter.sys
R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\System32\drivers\WmXlCore.sys
S3 ASPI;Advanced SCSI Programming Interface Driver;\??\C:\WINDOWS\System32\DRIVERS\ASPI32.sys
S3 GPU-Z;GPU-Z;\??\C:\DOCUME~1\J1EA4~1\LOCALS~1\Temp\GPU-Z.sys
S3 pgfilter;pgfilter;\??\C:\Program Files\PeerGuardian2\pgfilter.sys
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS
S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\System32\drivers\WmVirHid.sys
S4 PHPGeekUtil;PHPGeekUtil;"c:\apache\APACHE.EXE" --ntservice

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Schedule

.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-07 20:43:46
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-07 20:47:57 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-07 20:47
C:\ComboFix2.txt ... 2007-10-07 16:47
.
--- E O F ---


Výsledek souboru C:\WINDOWS\UN32.EXE na VirusTotall:
0/32 (0%)

Poslední dva logy vložím až zítra odpoledne(spíš večer)...Teď už to nestihne dokončit..

[fredik]

Ok otestuj ještě a dej sem pak zároveň s tím zbytkem výsledek tohoto souboru, který otestuj opět na Virustotal:
C:\WINDOWS\system32\fu1.exe

[gord007]

Tak ten soubor fu1.exe nezkontroluju, protože ho AVG Anti-Spyware při testu SUPERAntiSpywaru identifikoval jako Backdoor.SdBot.alz a dal ho do karantény.... Dále identifikoval (vysoké riziko) a přesunul do karantény tyto soubory:
C:\WINDOWS\system\msnrav.exe
C:\WINDOWS\System32\wbem\scrcons32.exe
C:\WINDOWS\System32\scrcons32.exe
C:\WINDOWS\System32\cxuiuw.exe
C:\WINDOWS\System32\fu1.exe

Takže log z SUPERAntiSpyware:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/08/2007 at 06:46 PM

Application Version : 3.9.1008

Core Rules Database Version : 3259
Trace Rules Database Version: 1270

Scan type : Complete Scan
Total Scan Time : 01:53:34

Memory items scanned : 294
Memory threats detected : 0
Registry items scanned : 5986
Registry threats detected : 2
File items scanned : 76278
File threats detected : 7

Adware.Tracking Cookie
C:\Documents and Settings\Já\Cookies\já@rambler[2].txt
C:\Documents and Settings\Já\Cookies\já@please[1].txt
C:\Documents and Settings\Já\Cookies\já@ad.oslavany-cz[2].txt
C:\Documents and Settings\Já\Cookies\já@www.windowsmedia[1].txt
C:\Documents and Settings\Já\Cookies\já@atwola[2].txt
C:\Documents and Settings\Já\Cookies\já@please[2].txt
C:\Documents and Settings\Já\Cookies\já@toplist[1].txt

Browser Hijacker.Internet Explorer Settings Hijack
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Search\SearchAssistant Explorer\Main#Default_Search_URL [ http://searchbar.findthewebsiteyouneed.com ]
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Search\SearchAssistant Explorer\Main#Default_Search_URL [ http://searchbar.findthewebsiteyouneed.com ]

Nový log z HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:56:27, on 8. 10. 2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\oodag.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\ESET\nod32kui.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\totalcmd\totalcmd.exe
D:\Stažený\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ad2.billboard.cz/please/redir.bb/1627/1/1/1/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: XBTP05231 - {031F120A-BBAF-45d8-B306-375F2A6B9398} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Program Files\PC Translator\WebIE.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: Alcohol Soft - Alcohol 120% Toolbar - {1CE4EE89-2D5C-4361-AF3B-D902AB545381} - C:\Program Files\Alcohol Soft\Alcohol 120% Toolbar\a120_tb.dll (file missing)
O3 - Toolbar: (no name) - {515AB855-A175-436a-BC5C-0E4F50A023A5} - (no file)
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Program Files\PC Translator\WebIE.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\System32\msconfig.exe /auto
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot (User 'Default user')
O4 - Global Startup: DSLMON .lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZNfox000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout Free Download Managerem - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Stáhnout vybrané Free Download Managerem - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Stáhnout vše Free Download Managerem - file://C:\Program Files\Free Download Manager\dlall.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Program Files\PC Translator\WebIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Program Files\PC Translator\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Program Files\PC Translator\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Program Files\PC Translator\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Program Files\PC Translator\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Program Files\PC Translator\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Program Files\PC Translator\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Program Files\PC Translator\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Program Files\PC Translator\WebIE.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{62A56BFA-A811-4217-9CE2-67B90BC72BBC}: NameServer = 194.228.41.65 194.228.41.113
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: MSN RAV - Unknown owner - C:\WINDOWS\system\msnrav.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe

--
End of file - 7974 bytes


Díky moc za tvoji pomoc..

[fredik]

Vytvoř si nový CFScripta vlož tam do něho tady toto:

Kód: Vybrat vše

Driver::
MSN RAV

a vlož sem log z Combofixu, který se ti pak zobrazí.

Stáhni si a pročisti Pc tímto: CCleaner (Čistič a Registry)

Pak si stáhni Mwav, proveď update a vlož sem log ze spodního okna Virus Log Information. Nic v logu nehledej jak je uvedeno v návodu.

[gord007]

Takže log z Combofixu:

ComboFix 07-10-07.2 - J 2007-10-08 20:42:01.3 - NTFSx86
Syst‚m Microsoft Windows XP Professional 5.1.2600.1.1250.1.1029.18.140 [GMT 2:00]
Running from: C:\Documents and Settings\J \Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\J \Plocha\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-09-08 to 2007-10-08 )))))))))))))))))))))))))))))))
.

2007-10-07 20:51 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-10-07 16:33 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-07 14:58 2,358 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-07 14:57 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-10-07 14:57 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-10-07 14:57 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-10-07 14:57 25,088 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-10-06 20:28 <DIR> d-------- C:\Program Files\Hard Truck 2
2007-09-30 21:22 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-30 20:41 <DIR> d-------- C:\Program Files\Eltima Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-08 20:40 --------- d-------- C:\Program Files\PeerGuardian2
2007-10-07 14:55 1969 --a--c--- C:\WINDOWS\system32\drivers\fwdrv.err
2007-09-30 21:22 --------- d-------- C:\Program Files\Zoner
2007-09-17 21:31 --------- d-------- C:\Program Files\Mozilla Thunderbird
2007-09-16 20:27 --------- d-------- C:\Program Files\VV3
2007-09-07 16:26 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-05 10:17 --------- d-------- C:\Program Files\Ubisoft
2007-09-04 20:09 --------- d-------- C:\Program Files\Microsoft ActiveSync
2007-09-04 20:09 --------- d-------- C:\Program Files\EurotelSMS
2007-09-04 20:08 --------- d-------- C:\Program Files\SANDYdemo
2007-09-04 20:08 --------- d-------- C:\Program Files\Psi
2007-09-04 20:08 --------- d-------- C:\Program Files\Hexacto Games
2007-09-04 20:08 --------- d-------- C:\Program Files\Banner Maker Pro 6
2007-09-04 20:07 --------- d-------- C:\Program Files\Penezni denik
2007-09-04 20:01 --------- d-------- C:\Program Files\BlueVoda Website Builder
2007-09-04 20:00 --------- d-------- C:\Program Files\HNR Game
2007-09-04 20:00 --------- d-------- C:\Program Files\Astraware
2007-09-04 19:59 --------- d-------- C:\Program Files\Web Gallery Wizard PRO
2007-09-04 19:58 --------- d-------- C:\Program Files\JAlbum
2007-09-04 19:50 --------- d-------- C:\Program Files\OpenTTD
2007-09-04 19:48 --------- d-------- C:\Program Files\PHP Home Edition 2
2007-09-04 19:45 --------- d-------- C:\Program Files\KONAMI
2007-08-30 10:39 --------- d-------- C:\Program Files\SMS Zdarma
2007-08-29 09:43 --------- d-------- C:\Program Files\Valve
2007-08-21 12:25 --------- d-------- C:\Program Files\PC Translator
2007-08-18 20:20 --------- d-------- C:\Program Files\Trymedia
2007-08-18 20:19 --------- d-------- C:\Program Files\Gold Miner
2007-08-16 20:36 --------- d-------- C:\Program Files\Common Files\Logitech
2007-08-16 14:53 --------- d-------- C:\Program Files\infium
2007-08-12 10:32 --------- d-------- C:\Program Files\EA SPORTS
2007-08-11 20:27 --------- d-------- C:\Program Files\Ubi Soft
2007-08-11 10:57 516096 --a------ C:\WINDOWS\UN32.EXE
2007-08-11 10:50 --------- d-------- C:\Program Files\Microton 2006
2007-08-10 21:23 294912 --a------ C:\WINDOWS\TrnWord.dll
1999-06-25 10:55 149504 --a--c--- C:\Program Files\UNWISE.EXE
.

((((((((((((((((((((((((((((( snapshot@2007-10-07_16.46.03.52 )))))))))))))))))))))))))))))))))))))))))
.
----a-r 29,696 2007-10-07 18:51:42 C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe
----a-r 18,944 2007-10-07 18:51:42 C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
----a-r 65,024 2007-10-07 18:51:42 C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
----a-w 262,144 2007-10-08 18:41:32 C:\WINDOWS\system32\config\systemprofile\NtUser.dat
-c--a-w 16,384 2007-10-08 14:45:24 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
-c--a-w 32,768 2007-10-08 14:45:24 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
----a-w 32,768 2007-10-08 14:45:24 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
----a-w 262,144 2007-10-07 14:34:52 C:\WINDOWS\system32\config\systemprofile\NtUser.dat
-c--a-w 16,384 2006-10-20 16:49:10 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
-c--a-w 32,768 2006-10-20 16:49:10 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
-c--a-w 49,152 2006-10-20 16:49:10 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-06-01 17:22]
"nwiz"="nwiz.exe" [2006-10-22 13:22 C:\WINDOWS\system32\nwiz.exe]
"Tweak UI"="TWEAKUI.CPL" [2003-03-25 05:49 C:\WINDOWS\system32\tweakui.cpl]
"MSConfig"="C:\WINDOWS\System32\msconfig.exe" [2005-04-02 17:11]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-09-14 22:09]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-30 21:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-20 19:05]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"ICQ Lite"=C:\Program Files\ICQLite\ICQLite.exe -trayboot

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"RunStartupScriptSync"=0 (0x0)
"SynchronousMachineGroupPolicy"=0 (0x0)
"SynchronousUserGroupPolicy"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"=1 (0x1)
"NoStrCmpLogical"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"=0 (0x0)
"NoSMBalloonTip"=1 (0x1)
"NoRecentDocsHistory"=1 (0x1)
"MemCheckBoxInRunDlg"=0 (0x0)
"NoAutoTrayNotify"=0 (0x0)
"NoResolveTrack"=0 (0x0)
"NoResolveSearch"=1 (0x1)
"NoWelcomeScreen"=1 (0x1)
"NoRecentDocsNetHood"=1 (0x1)
"NoDesktopCleanupWizard"=1 (0x1)
"NoSharedDocuments"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"WMI Standard Event Consumer - Scripting"= C:\WINDOWS\System32\wbem\scrcons32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Gamma Loader.exe.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Gamma Loader.exe.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Já^Nabídka Start^Programy^Po spuštění^Snow for Windows.lnk]
path=C:\Documents and Settings\Já\Nabídka Start\Programy\Po spuštění\Snow for Windows.lnk
backup=C:\WINDOWS\pss\Snow for Windows.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Já^Nabídka Start^Programy^Po spuštění^WinMySQLadmin.lnk]
path=C:\Documents and Settings\Já\Nabídka Start\Programy\Po spuštění\WinMysqlAdmin.lnk
backup=C:\WINDOWS\pss\WinMysqlAdmin.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Já^Nabídka Start^Programy^Po spuštění^Zástupce - ServiceMan.lnk]
path=C:\Documents and Settings\Já\Nabídka Start\Programy\Po spuštění\Zástupce - ServiceMan.lnk
backup=C:\WINDOWS\pss\Zástupce - ServiceMan.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApacheMonitor.exe]
C:\Program Files\PHP Home Edition 2\Apache2\bin\ApacheMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
"C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreativeMixer]
C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE /T

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
"C:\Program Files\D-Tools\daemon.exe" -lang 1029

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Disc Detector]
C:\Program Files\Creative\ShareDLL\CtNotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
"C:\Program Files\ICQLite\ICQLite.exe" -minimize

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NewsUpd]
C:\Program Files\Creative\News\NewsUpd.EXE /q

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]
"C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEXPRESS]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
C:\WINDOWS\System32\oodtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcBoost]
"C:\Program Files\PcBoost\PcBoost.exe" /start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PeerGuardian]
C:\Program Files\PeerGuardian2\pg2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerStrip]
c:\program files\powerstrip\pstrip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QIP2005]
C:\Program Files\qip\qip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\supervisor.exe]
C:\WINDOWS\supervisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VVNEWS]
C:\Program Files\VV3\main.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WEBTRAN]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampToQIP]
"C:\Program Files\qip\WinampToQIPSA.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Apache"=2 (0x2)
"StarWindService"=2 (0x2)
"LightScribeService"=2 (0x2)
"IDriverT"=3 (0x3)
"FreezeScreenSaver"=2 (0x2)
"PHPGeekUtil"=2 (0x2)
"MySql"=2 (0x2)
"Apache2"=2 (0x2)
"Creative Service for CDROM Access"=2 (0x2)

R1 fwdrv;Firewall Driver;C:\WINDOWS\System32\drivers\fwdrv.sys
R1 khips;Kerio HIPS Driver;C:\WINDOWS\System32\drivers\khips.sys
R2 PStrip;PStrip;C:\WINDOWS\System32\drivers\pstrip.sys
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\System32\DRIVERS\psched.sys
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\System32\drivers\WmBEnum.sys
R3 WmFilter;Logitech Gaming HID Filter Driver;C:\WINDOWS\System32\drivers\WmFilter.sys
R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\System32\drivers\WmXlCore.sys
S3 ASPI;Advanced SCSI Programming Interface Driver;\??\C:\WINDOWS\System32\DRIVERS\ASPI32.sys
S3 GPU-Z;GPU-Z;\??\C:\DOCUME~1\J1EA4~1\LOCALS~1\Temp\GPU-Z.sys
S3 pgfilter;pgfilter;\??\C:\Program Files\PeerGuardian2\pgfilter.sys
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS
S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\System32\drivers\WmVirHid.sys
S4 PHPGeekUtil;PHPGeekUtil;"c:\apache\APACHE.EXE" --ntservice

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Schedule

.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-08 20:51:23
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-08 20:55:00 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-08 20:54
C:\ComboFix2.txt ... 2007-10-07 20:47
C:\ComboFix3.txt ... 2007-10-07 16:47
.
--- E O F ---

Log z Mwav zítra...

[gord007]

Takže log z toho Mwavu:

Soubor C:\WINDOWS\system\NOTEPAD.exe je infikovaný virem Backdoor.Win32.SdBot.bzj !! Provedené akce: Nic nebylo provedeno.
Objekt "gain.gator Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "look2me Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "gain.gator Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "powerstrip Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "NULLBYTE Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "powerstrip Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "trojan-downloader.bat.ftp.ab Trojan-Downloader" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "trojan-downloader.bat.ftp.ab Trojan-Downloader" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "powerstrip Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "smitfraud Browser Hijacker" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "powerstrip Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "powerstrip Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "savenow Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Záznam "HKCR\Callisto.Dokument" odkazuje na neplatný objekt "{FA176570-AB7E-11CF-B92E-00608CC1C249}". Provedené akce: Nic nebylo provedeno.
Záznam "HKCR\MSPaper.Document" odkazuje na neplatný objekt "{F086132E-222E-410A-BED7-343FF4D963A7}". Provedené akce: Nic nebylo provedeno.
Soubor C:\WINDOWS\System32\salvage.exe je infikovaný virem NULL.Corrupted !! Provedené akce: Nic nebylo provedeno.
Soubor C:\WINDOWS\System32\spread.exe je infikovaný virem NULL.Corrupted !! Provedené akce: Nic nebylo provedeno.
Soubor C:\WINDOWS\System32\systemconfig32.exe je infikovaný virem NULL.Corrupted !! Provedené akce: Nic nebylo provedeno.

[fredik]

Spusť Poznámkový blok (Notepad): Start -> Spustit.. otevře se ti okno a do něj napiš notepad a dej Ok.
Otevře se ti poznámkový blok a do něj zkopíruj tento tučně označený text:

If Exist note.txt del /q note.txt
Dir /S/A-D "%drive%\notepad.exe" >>note.txt
Notepad note.txt
Del /q note.txt

Zvol v menu záložku Soubor -> Uložit jako... a natav/vyplň tyto údaje
Název souboru: findn.bat
Uložit jako typ: Všechny soubory
Ulož soubor na disk a spusť ho. Po chvíli hledání se zobrazí nové okno s výsledky, zkopíruj sem prosím celý jeho obsah.

[gord007]

Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je D439-F585.

Věpis adres ýe C:\Program Files\PSPAD

08. 01. 2005 14:29 7˙712 Notepad.Exe
1 soubor…, 7˙712 bajt…

Věpis adres ýe C:\Program Files\PSPad editor

08. 01. 2005 14:29 7˙712 Notepad.exe
1 soubor…, 7˙712 bajt…

Věpis adres ýe C:\WINDOWS

25. 10. 2001 15:00 66˙560 notepad.exe
1 soubor…, 66˙560 bajt…

Věpis adres ýe C:\WINDOWS\system

09. 10. 2007 16:27 38˙649 NOTEPAD.exe
1 soubor…, 38˙649 bajt…

Věpis adres ýe C:\WINDOWS\system32

25. 10. 2001 15:00 66˙560 notepad.exe
1 soubor…, 66˙560 bajt…

Věpis adres ýe C:\WINDOWS\system32\dllcache

25. 10. 2001 15:00 66˙560 notepad.exe
1 soubor…, 66˙560 bajt…

Poźet soubor… v seznamu:
6 soubor…, 253˙753 bajt…
Adres ý…: 0, Volněch bajt…: 2˙890˙346˙496