Prosím o kontrolu

Zeppelin · Příspěvekod **Zeppelin** » 15 lis 2007 14:07

Zdravim, chci Vás požádat o kontrolu logu. Příjde mi divný to byxwxur.dll. Předem dík.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 13:57:51, on 15.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\bmwebcfg.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe
C:\Program Files\oaDial\oaDial.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Weather Watcher\ww.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\K-Meleon\k-meleon.exe
C:\Program Files\Total Commander\totalcmd\TOTALCMD.EXE
C:\WINDOWS\explorer.exe
c:\Program Files\HiJackThis_v2\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: (no name) - {1E794189-7575-4306-8F49-CCDD291A59CD} - C:\WINDOWS\system32\byxwxur.dll
O2 - BHO: GetRight IE Download Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Ashampoo FireWall] "C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" -TRAY
O4 - HKLM\..\Run: [OptimAccess Dial] C:\Program Files\oaDial\oaDial.exe /minimalize
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Rainlendar2] "C:\Program Files\Rainlendar2\Rainlendar2.exe"
O4 - HKCU\..\Run: [WeatherWatcher] C:\Program Files\Weather Watcher\ww.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Stáhnout Free Download Managerem - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Stáhnout vybrané Free Download Managerem - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Stáhnout vše Free Download Managerem - file://C:\Program Files\Free Download Manager\dlall.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: MP3 - {1537E842-0000-11D2-8059-111111111111} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &WinMp3Locator - {1537E842-0000-11D2-8059-111111111111} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Files - {1537E842-0001-11D2-8059-111111111111} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &FileLocator - {1537E842-0001-11D2-8059-111111111111} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{D492DED1-C32D-4457-9AF5-00F5B99A4FD7}: NameServer = 78.136.129.20 78.136.130.132
O20 - Winlogon Notify: byxwxur - C:\WINDOWS\SYSTEM32\byxwxur.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\system32\bmwebcfg.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

--
End of file - 6482 bytes

Reklama

Příspěvekod **fredik** » 15 lis 2007 14:13

Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Zeppelin · Příspěvekod **Zeppelin** » 15 lis 2007 14:55

Tak tady to je, po ukončení sem měl na ploše ikonu IE kterou sem tam předtim neměl. Ještě jsem zapoměl-už asi tři dny mi po spuštění počítače, když ještě nemám připojenej net tak mi vyskočí takový okno jako z IE kde píšou že teď sem offline a ať to skusim pozdějš ale já nic nedělám takže se asi nějakej šmejd chce prostřednictvým IE dostat k netu že jo? Jinak já mám IE dávno zakázaný ve Firewalu Ashampoo a nepoužívám ho.

ComboFix 07-11-08.3 - Halford 2007-11-15 14:36:34.1 - NTFSx86
Running from: C:\Documents and Settings\Halford\Plocha\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Halford\Data aplikací\inst.exe
C:\WINDOWS\system32\plugin1.dat
C:\WINDOWS\system32\SysPr.prx

.
((((((((((((((((((((((((( Files Created from 2007-10-15 to 2007-11-15 )))))))))))))))))))))))))))))))
.

2007-11-15 14:45 <DIR> d-------- C:\WINDOWS\MSGAPS
2007-11-15 14:32 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-15 08:24 811,008 -r-hs---- C:\WINDOWS\system32\mmwyjx.exe
2007-11-15 07:22 <DIR> d-------- C:\Documents and Settings\Halford\Data aplikací\ZipGenius
2007-11-15 07:20 <DIR> d-------- C:\Program Files\ZipGenius 6
2007-11-13 19:48 35,840 --a------ C:\WINDOWS\system32\mljkhgh.dll
2007-11-13 19:43 35,840 --a------ C:\WINDOWS\system32\byxwxur.dll
2007-11-13 14:13 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-11-13 14:05 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-11-13 14:05 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-11-13 14:00 <DIR> dr-h----- C:\MSOCache
2007-11-10 14:44 <DIR> d-------- C:\Program Files\ICQLite
2007-11-10 14:44 <DIR> d-------- C:\Documents and Settings\Halford\Data aplikací\ICQLite
2007-11-07 20:25 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2007-11-07 20:25 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní tiskárny
2007-11-07 20:25 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní síť
2007-11-07 20:25 <DIR> d-------- C:\Documents and Settings\Administrator\Oblíbené položky
2007-11-07 20:25 <DIR> d--h----- C:\Documents and Settings\Administrator\Šablony
2007-11-07 20:25 <DIR> dr------- C:\Documents and Settings\Administrator\Nabídka Start
2007-11-07 20:25 <DIR> d-------- C:\Documents and Settings\Administrator\Dokumenty
2007-11-07 20:25 <DIR> dr-h----- C:\Documents and Settings\Administrator\Data aplikací
2007-11-07 12:30 676,224 --a------ C:\WINDOWS\system32\OGACheckControl.dll
2007-11-06 18:54 <DIR> d-------- C:\Documents and Settings\Halford\Data aplikací\GetRightToGo
2007-11-06 09:58 0 --a------ C:\WINDOWS\Infob.dat
2007-11-06 09:58 0 --a------ C:\WINDOWS\Infoa.dat
2007-11-05 20:17 <DIR> d-------- C:\Program Files\Total Video Converter
2007-10-30 20:13 65,536 --a------ C:\WINDOWS\IFinst27.exe
2007-10-29 17:44 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\NCH Swift Sound
2007-10-28 10:21 <DIR> d-------- C:\Program Files\MakeitOne
2007-10-28 10:21 131,584 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2007-10-28 10:21 622 --a------ C:\WINDOWS\system32\SpoonUninstall-MakeitOne MP3 Album Maker.dat
2007-10-27 18:20 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2007-10-24 18:47 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-10-19 18:46 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Sonic
2007-10-19 18:43 <DIR> d-------- C:\Program Files\Common Files\Roxio Shared
2007-10-19 18:34 <DIR> d-------- C:\Program Files\MSBuild
2007-10-19 18:16 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-10-19 18:13 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-10-19 18:12 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-10-15 17:42 <DIR> d-------- C:\Program Files\Weather Watcher

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-15 12:57 --------- d-----w C:\Program Files\HiJackThis_v2
2007-11-15 07:25 --------- d---a-w C:\Documents and Settings\All Users\Data aplikací\TEMP
2007-11-15 07:03 --------- d-----w C:\Program Files\Mozilla Thunderbird
2007-11-14 17:25 --------- d-----w C:\Documents and Settings\Halford\Data aplikací\Free Download Manager
2007-11-13 10:31 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2007-11-08 10:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-29 16:59 --------- d-----w C:\Program Files\GetRight
2007-10-24 18:33 --------- d-----w C:\Program Files\Common Files\ReGet Shared
2007-10-14 13:40 --------- d-----w C:\Program Files\oaDial
2007-10-13 10:48 --------- d-----w C:\Program Files\DIFX
2007-10-05 07:49 --------- d-----w C:\Program Files\Ashampoo
2007-10-01 09:42 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2007-09-22 19:25 47,360 ----a-w C:\Documents and Settings\Halford\Data aplikací\pcouffin.sys
2007-09-21 17:37 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2007-03-24 19:30 74,000 ----a-w C:\Program Files\1462672.jpg
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1E794189-7575-4306-8F49-CCDD291A59CD}]
2007-11-13 19:43 35840 --a------ C:\WINDOWS\system32\byxwxur.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-03-22 16:13]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"Ashampoo FireWall"="C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" [2006-09-13 12:22]
"OptimAccess Dial"="C:\Program Files\oaDial\oaDial.exe" [2004-09-14 06:31]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49]
"Rainlendar2"="C:\Program Files\Rainlendar2\Rainlendar2.exe" [2007-01-01 14:31]
"WeatherWatcher"="C:\Program Files\Weather Watcher\ww.exe" [2007-02-25 16:40]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{1E794189-7575-4306-8F49-CCDD291A59CD}"= C:\WINDOWS\system32\byxwxur.dll [2007-11-13 19:43 35840]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxwxur]
byxwxur.dll 2007-11-13 19:43 35840 C:\WINDOWS\system32\byxwxur.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"C-Media Mixer"=Mixer.exe /startup
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" -minimize

R3 Axtmvflt;Axesstel USB Filter Service;C:\WINDOWS\system32\DRIVERS\Axtmvflt.sys
R3 Axtmvmdm;Axesstel USB Modem;C:\WINDOWS\system32\DRIVERS\Axtmvmdm.sys
R3 Axtmvprt;Axesstel Diagnostic Port;C:\WINDOWS\system32\Drivers\Axtmvprt.sys
S3 DrvFltIp;DrvFltIp;\??\C:\Documents and Settings\Halford\Local Settings\TEMP\DrvFltIp

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{fh45ret4-w5ry-y45r-7u65-th76rt34t656}]
C:\WINDOWS\system32\server.exe s
.
Contents of the 'Scheduled Tasks' folder
"2007-11-09 16:15:24 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-15 14:45:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-15 14:49:07
.
--- E O F ---

Příspěvekod **fredik** » 15 lis 2007 23:26

Otestuj tento soubor na VirusTotall a dej sem výsledek:
C:\WINDOWS\IFinst27.exe

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:

Kód: Vybrat vše

File::
C:\WINDOWS\system32\mmwyjx.exe
C:\WINDOWS\system32\mljkhgh.dll
C:\WINDOWS\system32\byxwxur.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1E794189-7575-4306-8F49-CCDD291A59CD}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{1E794189-7575-4306-8F49-CCDD291A59CD}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxwxur]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{fh45ret4-w5ry-y45r-7u65-th76rt34t656}]

Zvol možnost Uložit soubor jako, pojmenuj soubor CFScript.txt a zvol Uložit jako typ: Všechny soubory.
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť
Obrázek

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

V následujícím příspěvku sem vlož tyto logy/výsledky:
- výsledek z Virustotal
- log z Combofix po použití skriptu
- nový log z HJT

Zeppelin · Příspěvekod **Zeppelin** » 16 lis 2007 09:04

Takže:log z hijacku a totalvirusu přikládám, a to s tim combofixem sem udělal a ke konci to psalo něco že SAD nebo SED není... už nevim co, každopádně dva řádky a bylo to ve druhém okně tak sem zmáčk enter a nic tak sem to okno zavřel a po chvilce se mi restartoval komp a po najetí už tam na ploše nebyl ten soubor co sem vytvořil. Tak snad sem to všechno udělal dobře, ale log to nenechalo.

File IFinst27.exe received on 11.16.2007 08:30:11 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 2/32 (6.25%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
AhnLab-V3 2007.11.16.0 2007.11.16 -
AntiVir 7.6.0.34 2007.11.15 -
Authentium 4.93.8 2007.11.15 -
Avast 4.7.1074.0 2007.11.15 -
AVG 7.5.0.503 2007.11.15 -
BitDefender 7.2 2007.11.16 -
CAT-QuickHeal 9.00 2007.11.15 -
ClamAV 0.91.2 2007.11.16 -
DrWeb 4.44.0.09170 2007.11.16 -
eSafe 7.0.15.0 2007.11.14 suspicious Trojan/Worm
eTrust-Vet 31.2.5300 2007.11.16 -
Ewido 4.0 2007.11.15 -
FileAdvisor 1 2007.11.16 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.4.2.54 2007.11.16 -
F-Secure 6.70.13030.0 2007.11.16 -
Ikarus T3.1.1.12 2007.11.16 Trojan-Downloader.Win32.Banload.TN
Kaspersky 7.0.0.125 2007.11.16 -
McAfee 5164 2007.11.15 -
Microsoft 1.3007 2007.11.12 -
NOD32v2 2661 2007.11.15 -
Norman 5.80.02 2007.11.15 -
Panda 9.0.0.4 2007.11.15 -
Prevx1 V2 2007.11.16 -
Rising 20.18.33.00 2007.11.16 -
Sophos 4.23.0 2007.11.16 -
Sunbelt 2.2.907.0 2007.11.16 -
Symantec 10 2007.11.16 -
TheHacker 6.2.9.130 2007.11.15 -
VBA32 3.12.2.5 2007.11.16 -
VirusBuster 4.3.26:9 2007.11.15 -
Webwasher-Gateway 6.0.1 2007.11.16 -
Additional information
File size: 65536 bytes
MD5: 9c17bca3ef837bacded7e4299508e71d
SHA1: 253c7e956ad6cb66e0e47e5d9a6a19d78e9c96e0
packers: UPX
packers: UPX
packers: UPX

*********************************************************************************

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 09:04, on 2007-11-16
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\bmwebcfg.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe
C:\Program Files\oaDial\oaDial.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Weather Watcher\ww.exe
C:\Program Files\Total Commander\totalcmd\TOTALCMD.EXE
C:\Program Files\K-Meleon\k-meleon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
c:\Program Files\HiJackThis_v2\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: (no name) - {1E794189-7575-4306-8F49-CCDD291A59CD} - C:\WINDOWS\system32\byxwxur.dll
O2 - BHO: GetRight IE Download Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Ashampoo FireWall] "C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" -TRAY
O4 - HKLM\..\Run: [OptimAccess Dial] C:\Program Files\oaDial\oaDial.exe /minimalize
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Rainlendar2] "C:\Program Files\Rainlendar2\Rainlendar2.exe"
O4 - HKCU\..\Run: [WeatherWatcher] C:\Program Files\Weather Watcher\ww.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Stáhnout Free Download Managerem - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Stáhnout vybrané Free Download Managerem - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Stáhnout vše Free Download Managerem - file://C:\Program Files\Free Download Manager\dlall.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: MP3 - {1537E842-0000-11D2-8059-111111111111} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &WinMp3Locator - {1537E842-0000-11D2-8059-111111111111} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Files - {1537E842-0001-11D2-8059-111111111111} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &FileLocator - {1537E842-0001-11D2-8059-111111111111} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{D492DED1-C32D-4457-9AF5-00F5B99A4FD7}: NameServer = 78.136.129.20 78.136.130.132
O20 - Winlogon Notify: byxwxur - C:\WINDOWS\SYSTEM32\byxwxur.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Služba brány aplikačního rozhraní (ALG) - Unknown owner - cmd.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\system32\bmwebcfg.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

--
End of file - 6308 bytes

Příspěvekod **fredik** » 16 lis 2007 16:23

Vlož se ještě log z Combofix po použití skriptu, najdeš ho v souboru: C:\ComboFix*.txt (kde místo * bude ve tvém případně pravděpodobně číslo 2)

Pokud by jsi ho tam nenašel, tak spusť znovu jako po prvé Combofix (jen spustíš soubor Combofix.exe) a dej sem log co se ti zobrazí.

Zeppelin · Příspěvekod **Zeppelin** » 16 lis 2007 17:14

Tak to tam bylo (ta2), ale mám další problém-mám všechny čísla v kompu nějaký divný-např. objem přenesených dat mám např. 9,256,256bajtů (ty čárky jsem tam prve neměl) nebo datum při najetí myší na hodiny mám 2007-11-16 a před tim sem tam měl dormálně listopad, no a nakonec to nejdůležitější nefungujou aktualizace nodu-píše to že nemůže přepsat tu stávajicí verzi tou novou. Myslím si že to může být tím combofixe-píše to vždycky něco že "changed your clock" může to být ono (alespoň to s těmi čísly)?

ComboFix 07-11-08.3 - Halford 2007-11-15 14:36:34.1 - NTFSx86
Running from: C:\Documents and Settings\Halford\Plocha\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Halford\Data aplikací\inst.exe
C:\WINDOWS\system32\plugin1.dat
C:\WINDOWS\system32\SysPr.prx

.
((((((((((((((((((((((((( Files Created from 2007-10-15 to 2007-11-15 )))))))))))))))))))))))))))))))
.

2007-11-15 14:45 <DIR> d-------- C:\WINDOWS\MSGAPS
2007-11-15 14:32 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-15 08:24 811,008 -r-hs---- C:\WINDOWS\system32\mmwyjx.exe
2007-11-15 07:22 <DIR> d-------- C:\Documents and Settings\Halford\Data aplikací\ZipGenius
2007-11-15 07:20 <DIR> d-------- C:\Program Files\ZipGenius 6
2007-11-13 19:48 35,840 --a------ C:\WINDOWS\system32\mljkhgh.dll
2007-11-13 19:43 35,840 --a------ C:\WINDOWS\system32\byxwxur.dll
2007-11-13 14:13 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-11-13 14:05 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-11-13 14:05 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-11-13 14:00 <DIR> dr-h----- C:\MSOCache
2007-11-10 14:44 <DIR> d-------- C:\Program Files\ICQLite
2007-11-10 14:44 <DIR> d-------- C:\Documents and Settings\Halford\Data aplikací\ICQLite
2007-11-07 20:25 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2007-11-07 20:25 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní tiskárny
2007-11-07 20:25 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní síť
2007-11-07 20:25 <DIR> d-------- C:\Documents and Settings\Administrator\Oblíbené položky
2007-11-07 20:25 <DIR> d--h----- C:\Documents and Settings\Administrator\Šablony
2007-11-07 20:25 <DIR> dr------- C:\Documents and Settings\Administrator\Nabídka Start
2007-11-07 20:25 <DIR> d-------- C:\Documents and Settings\Administrator\Dokumenty
2007-11-07 20:25 <DIR> dr-h----- C:\Documents and Settings\Administrator\Data aplikací
2007-11-07 12:30 676,224 --a------ C:\WINDOWS\system32\OGACheckControl.dll
2007-11-06 18:54 <DIR> d-------- C:\Documents and Settings\Halford\Data aplikací\GetRightToGo
2007-11-06 09:58 0 --a------ C:\WINDOWS\Infob.dat
2007-11-06 09:58 0 --a------ C:\WINDOWS\Infoa.dat
2007-11-05 20:17 <DIR> d-------- C:\Program Files\Total Video Converter
2007-10-30 20:13 65,536 --a------ C:\WINDOWS\IFinst27.exe
2007-10-29 17:44 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\NCH Swift Sound
2007-10-28 10:21 <DIR> d-------- C:\Program Files\MakeitOne
2007-10-28 10:21 131,584 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2007-10-28 10:21 622 --a------ C:\WINDOWS\system32\SpoonUninstall-MakeitOne MP3 Album Maker.dat
2007-10-27 18:20 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2007-10-24 18:47 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-10-19 18:46 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Sonic
2007-10-19 18:43 <DIR> d-------- C:\Program Files\Common Files\Roxio Shared
2007-10-19 18:34 <DIR> d-------- C:\Program Files\MSBuild
2007-10-19 18:16 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-10-19 18:13 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-10-19 18:12 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-10-15 17:42 <DIR> d-------- C:\Program Files\Weather Watcher

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-15 12:57 --------- d-----w C:\Program Files\HiJackThis_v2
2007-11-15 07:25 --------- d---a-w C:\Documents and Settings\All Users\Data aplikací\TEMP
2007-11-15 07:03 --------- d-----w C:\Program Files\Mozilla Thunderbird
2007-11-14 17:25 --------- d-----w C:\Documents and Settings\Halford\Data aplikací\Free Download Manager
2007-11-13 10:31 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2007-11-08 10:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-29 16:59 --------- d-----w C:\Program Files\GetRight
2007-10-24 18:33 --------- d-----w C:\Program Files\Common Files\ReGet Shared
2007-10-14 13:40 --------- d-----w C:\Program Files\oaDial
2007-10-13 10:48 --------- d-----w C:\Program Files\DIFX
2007-10-05 07:49 --------- d-----w C:\Program Files\Ashampoo
2007-10-01 09:42 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2007-09-22 19:25 47,360 ----a-w C:\Documents and Settings\Halford\Data aplikací\pcouffin.sys
2007-09-21 17:37 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2007-03-24 19:30 74,000 ----a-w C:\Program Files\1462672.jpg
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1E794189-7575-4306-8F49-CCDD291A59CD}]
2007-11-13 19:43 35840 --a------ C:\WINDOWS\system32\byxwxur.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-03-22 16:13]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"Ashampoo FireWall"="C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" [2006-09-13 12:22]
"OptimAccess Dial"="C:\Program Files\oaDial\oaDial.exe" [2004-09-14 06:31]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49]
"Rainlendar2"="C:\Program Files\Rainlendar2\Rainlendar2.exe" [2007-01-01 14:31]
"WeatherWatcher"="C:\Program Files\Weather Watcher\ww.exe" [2007-02-25 16:40]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{1E794189-7575-4306-8F49-CCDD291A59CD}"= C:\WINDOWS\system32\byxwxur.dll [2007-11-13 19:43 35840]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxwxur]
byxwxur.dll 2007-11-13 19:43 35840 C:\WINDOWS\system32\byxwxur.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"C-Media Mixer"=Mixer.exe /startup
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" -minimize

R3 Axtmvflt;Axesstel USB Filter Service;C:\WINDOWS\system32\DRIVERS\Axtmvflt.sys
R3 Axtmvmdm;Axesstel USB Modem;C:\WINDOWS\system32\DRIVERS\Axtmvmdm.sys
R3 Axtmvprt;Axesstel Diagnostic Port;C:\WINDOWS\system32\Drivers\Axtmvprt.sys
S3 DrvFltIp;DrvFltIp;\??\C:\Documents and Settings\Halford\Local Settings\TEMP\DrvFltIp

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{fh45ret4-w5ry-y45r-7u65-th76rt34t656}]
C:\WINDOWS\system32\server.exe s
.
Contents of the 'Scheduled Tasks' folder
"2007-11-09 16:15:24 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-15 14:45:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-15 14:49:07
.
--- E O F ---

Příspěvekod **fredik** » 16 lis 2007 19:48

Jdi přes Start -> Spustit... a napiš do okna tento příkaz označený modře ComboFix /u (mezi comobofix a /u musí být mezera) a dej Ok.

Stáhni si a spusť T-cleaner

Stáhni si Avengera spusť ho pod účtem administrátora.
Zvol možnost - Input script manually a klikni na ikonku lupy vyskočí prázdné okno kam zkopíruj tento tučný text:
Files to delete:
%windir%\system32\mmwyjx.exe
%windir%\system32\mljkhgh.dlll
%windir%\system32\byxwxur.dllbox
%windir%\system32\byxwxur.dll
%windir%\IFinst27.exe

Registry values to delete:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks | {1E794189-7575-4306-8F49-CCDD291A59CD}

Registry keys to delete:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E794189-7575-4306-8F49-CCDD291A59CD}
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\byxwxur

Poté klikni na Done.
Pak klikni na ikonku semafory.
Vyskočí ti hláška kde odklikni Yes. PC se restartuje po restartu by ti měl "vyskočit" výpis z Avengeru tak ho sem zkopíruj.

Stáhni si znovu Combofix z odkazu a spusť. Po proběhnutí sem vlož jeho log.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Tu ikonu od IE na ploše obnovil/přidal zpět Combofix. Změnu zobrazení formátu čísel atd. ve Win. taky udělal Comb.

Poznámka:
Používáš starší verzi HijackThis, stáhni si aktuální verzi zde a tu starou před použitím vymaž.

Zeppelin · Příspěvekod **Zeppelin** » 16 lis 2007 20:27

Vše provedeno, tady to je. Jak to vidíte s těmi aktualizacemi Nodu?

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ksmgxcmr

*******************

Script file located at: \??\C:\WINDOWS\system32\mniqpscw.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\mmwyjx.exe not found!
Deletion of file C:\WINDOWS\system32\mmwyjx.exe failed!

Could not process line:
C:\WINDOWS\system32\mmwyjx.exe
Status: 0xc0000034

File C:\WINDOWS\system32\mljkhgh.dlll not found!
Deletion of file C:\WINDOWS\system32\mljkhgh.dlll failed!

Could not process line:
C:\WINDOWS\system32\mljkhgh.dlll
Status: 0xc0000034

File C:\WINDOWS\system32\byxwxur.dllbox not found!
Deletion of file C:\WINDOWS\system32\byxwxur.dllbox failed!

Could not process line:
C:\WINDOWS\system32\byxwxur.dllbox
Status: 0xc0000034

File C:\WINDOWS\system32\byxwxur.dll deleted successfully.
File C:\WINDOWS\IFinst27.exe deleted successfully.
Registry value HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks|{1E794189-7575-4306-8F49-CCDD291A59CD} deleted successfully.
Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E794189-7575-4306-8F49-CCDD291A59CD} deleted successfully.
Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\byxwxur deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

*****************************************************************************************

ComboFix 07-11-08.3 - Halford 2007-11-16 20:13:05.3 - NTFSx86
Running from: C:\Documents and Settings\Halford\Plocha\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-10-16 to 2007-11-16 )))))))))))))))))))))))))))))))
.

2007-11-16 20:11 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-16 18:33 <DIR> d-------- C:\Program Files\Audio Record Expert
2007-11-16 15:44 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-11-16 15:42 <DIR> d-------- C:\WINDOWS\ShellNew
2007-11-15 07:22 <DIR> d-------- C:\Documents and Settings\Halford\Data aplikací\ZipGenius
2007-11-15 07:20 <DIR> d-------- C:\Program Files\ZipGenius 6
2007-11-13 14:13 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-11-13 14:05 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-11-13 14:00 <DIR> dr-h----- C:\MSOCache
2007-11-10 14:44 <DIR> d-------- C:\Program Files\ICQLite
2007-11-10 14:44 <DIR> d-------- C:\Documents and Settings\Halford\Data aplikací\ICQLite
2007-11-07 20:25 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2007-11-07 20:25 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní tiskárny
2007-11-07 20:25 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní síť
2007-11-07 20:25 <DIR> d-------- C:\Documents and Settings\Administrator\Oblíbené položky
2007-11-07 20:25 <DIR> d--h----- C:\Documents and Settings\Administrator\Šablony
2007-11-07 20:25 <DIR> dr------- C:\Documents and Settings\Administrator\Nabídka Start
2007-11-07 20:25 <DIR> d-------- C:\Documents and Settings\Administrator\Dokumenty
2007-11-07 20:25 <DIR> dr-h----- C:\Documents and Settings\Administrator\Data aplikací
2007-11-07 12:30 676,224 --a------ C:\WINDOWS\system32\OGACheckControl.dll
2007-11-06 18:54 <DIR> d-------- C:\Documents and Settings\Halford\Data aplikací\GetRightToGo
2007-11-06 09:58 0 --a------ C:\WINDOWS\Infob.dat
2007-11-06 09:58 0 --a------ C:\WINDOWS\Infoa.dat
2007-11-05 20:17 <DIR> d-------- C:\Program Files\Total Video Converter
2007-10-29 17:44 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\NCH Swift Sound
2007-10-28 10:21 <DIR> d-------- C:\Program Files\MakeitOne
2007-10-28 10:21 131,584 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2007-10-28 10:21 622 --a------ C:\WINDOWS\system32\SpoonUninstall-MakeitOne MP3 Album Maker.dat
2007-10-27 18:20 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2007-10-24 18:47 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-10-19 18:46 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Sonic
2007-10-19 18:43 <DIR> d-------- C:\Program Files\Common Files\Roxio Shared
2007-10-19 18:34 <DIR> d-------- C:\Program Files\MSBuild
2007-10-19 18:16 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-10-19 18:13 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-10-19 18:12 14,048 --------- C:\WINDOWS\system32\spmsg2.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-16 18:49 --------- d-----w C:\Program Files\HiJackThis_v2
2007-11-16 16:23 --------- d-----w C:\Program Files\Mozilla Thunderbird
2007-11-16 09:25 --------- d-----w C:\Program Files\Weather Watcher
2007-11-15 07:25 --------- d---a-w C:\Documents and Settings\All Users\Data aplikací\TEMP
2007-11-14 17:25 --------- d-----w C:\Documents and Settings\Halford\Data aplikací\Free Download Manager
2007-11-13 10:31 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2007-11-08 10:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-29 16:59 --------- d-----w C:\Program Files\GetRight
2007-10-24 18:33 --------- d-----w C:\Program Files\Common Files\ReGet Shared
2007-10-14 13:40 --------- d-----w C:\Program Files\oaDial
2007-10-13 10:48 --------- d-----w C:\Program Files\DIFX
2007-10-05 07:49 --------- d-----w C:\Program Files\Ashampoo
2007-10-01 09:42 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2007-09-22 19:25 47,360 ----a-w C:\Documents and Settings\Halford\Data aplikací\pcouffin.sys
2007-09-21 17:37 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2007-03-24 19:30 74,000 ----a-w C:\Program Files\1462672.jpg
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-03-22 16:13]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"Ashampoo FireWall"="C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" [2006-09-13 12:22]
"OptimAccess Dial"="C:\Program Files\oaDial\oaDial.exe" [2004-09-14 06:31]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49]
"Rainlendar2"="C:\Program Files\Rainlendar2\Rainlendar2.exe" [2007-01-01 14:31]
"WeatherWatcher"="C:\Program Files\Weather Watcher\ww.exe" [2007-02-25 16:40]

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"C-Media Mixer"=Mixer.exe /startup
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" -minimize

R0 OADFILE;OADFILE;C:\WINDOWS\system32\drivers\OADFILE.SYS
R0 OADREG;OADREG;C:\WINDOWS\system32\drivers\OADREG.SYS
R1 tcpipBM;Bytemobile Kernel Network Provider;C:\WINDOWS\system32\drivers\tcpipBM.sys
R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe -k netsvcs
R3 Axtmvflt;Axesstel USB Filter Service;C:\WINDOWS\system32\DRIVERS\Axtmvflt.sys
R3 Axtmvmdm;Axesstel USB Modem;C:\WINDOWS\system32\DRIVERS\Axtmvmdm.sys
R3 Axtmvprt;Axesstel Diagnostic Port;C:\WINDOWS\system32\Drivers\Axtmvprt.sys
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
R3 S3Inc;S3Inc;C:\WINDOWS\system32\DRIVERS\s3mt3d.sys
S3 DrvFltIp;DrvFltIp;\??\C:\Documents and Settings\Halford\Local Settings\TEMP\DrvFltIp
S3 usb2vcom;USB Data Cable;C:\WINDOWS\system32\DRIVERS\usb2vcom.sys

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{fh45ret4-w5ry-y45r-7u65-th76rt34t656}]
C:\WINDOWS\system32\server.exe s
.
Contents of the 'Scheduled Tasks' folder
"2007-11-16 16:15:20 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-16 20:18:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-16 20:20:48
.
--- E O F ---

Zeppelin · Příspěvekod **Zeppelin** » 16 lis 2007 21:36

Tak ty aktualizace už jdou

Je tam ale ještě něco že jo? :-(

Příspěvekod **fredik** » 17 lis 2007 12:17

Vytvoř si nový CFScript a tentokrát vlož do něho toto:

Kód: Vybrat vše

Folder::
C:\Avenger

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{fh45ret4-w5ry-y45r-7u65-th76rt34t656}]

Vlož sem log z Combofix, který se ti objeví po jeho proběhnutí.
+
Dej sem nový log z nové verze HJT.

Zeppelin · Příspěvekod **Zeppelin** » 17 lis 2007 15:29

Tak tady to je, a co to vlastně mám v počítači?

ComboFix 07-11-08.3 - Halford 2007-11-17 15:03:22.4 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.36 [GMT 1:00]
Running from: C:\Documents and Settings\Halford\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\Halford\Plocha\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Avenger
C:\Avenger\backup.zip

.
((((((((((((((((((((((((( Files Created from 2007-10-17 to 2007-11-17 )))))))))))))))))))))))))))))))
.

2007-11-16 20:11 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-16 18:33 <DIR> d-------- C:\Program Files\Audio Record Expert
2007-11-16 15:44 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-11-16 15:42 <DIR> d-------- C:\WINDOWS\ShellNew
2007-11-15 07:22 <DIR> d-------- C:\Documents and Settings\Halford\Data aplikací\ZipGenius
2007-11-15 07:20 <DIR> d-------- C:\Program Files\ZipGenius 6
2007-11-13 14:13 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-11-13 14:05 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-11-13 14:00 <DIR> dr-h----- C:\MSOCache
2007-11-10 14:44 <DIR> d-------- C:\Program Files\ICQLite
2007-11-10 14:44 <DIR> d-------- C:\Documents and Settings\Halford\Data aplikací\ICQLite
2007-11-07 20:25 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2007-11-07 20:25 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní tiskárny
2007-11-07 20:25 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní síť
2007-11-07 20:25 <DIR> d-------- C:\Documents and Settings\Administrator\Oblíbené položky
2007-11-07 20:25 <DIR> d--h----- C:\Documents and Settings\Administrator\Šablony
2007-11-07 20:25 <DIR> dr------- C:\Documents and Settings\Administrator\Nabídka Start
2007-11-07 20:25 <DIR> d-------- C:\Documents and Settings\Administrator\Dokumenty
2007-11-07 20:25 <DIR> dr-h----- C:\Documents and Settings\Administrator\Data aplikací
2007-11-07 12:30 676,224 --a------ C:\WINDOWS\system32\OGACheckControl.dll
2007-11-06 18:54 <DIR> d-------- C:\Documents and Settings\Halford\Data aplikací\GetRightToGo
2007-11-06 09:58 0 --a------ C:\WINDOWS\Infob.dat
2007-11-06 09:58 0 --a------ C:\WINDOWS\Infoa.dat
2007-11-05 20:17 <DIR> d-------- C:\Program Files\Total Video Converter
2007-10-29 17:44 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\NCH Swift Sound
2007-10-28 10:21 <DIR> d-------- C:\Program Files\MakeitOne
2007-10-28 10:21 131,584 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2007-10-28 10:21 622 --a------ C:\WINDOWS\system32\SpoonUninstall-MakeitOne MP3 Album Maker.dat
2007-10-27 18:20 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2007-10-24 18:47 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-10-19 18:46 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Sonic
2007-10-19 18:43 <DIR> d-------- C:\Program Files\Common Files\Roxio Shared
2007-10-19 18:34 <DIR> d-------- C:\Program Files\MSBuild
2007-10-19 18:16 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-10-19 18:13 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-10-19 18:12 14,048 --------- C:\WINDOWS\system32\spmsg2.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-17 13:59 --------- d-----w C:\Documents and Settings\Halford\Data aplikací\Free Download Manager
2007-11-17 13:53 --------- d-----w C:\Program Files\Weather Watcher
2007-11-17 08:42 --------- d-----w C:\Program Files\Mozilla Thunderbird
2007-11-16 18:49 --------- d-----w C:\Program Files\HiJackThis_v2
2007-11-15 07:25 --------- d---a-w C:\Documents and Settings\All Users\Data aplikací\TEMP
2007-11-13 10:31 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2007-11-08 10:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-29 16:59 --------- d-----w C:\Program Files\GetRight
2007-10-24 18:33 --------- d-----w C:\Program Files\Common Files\ReGet Shared
2007-10-14 13:40 --------- d-----w C:\Program Files\oaDial
2007-10-13 10:48 --------- d-----w C:\Program Files\DIFX
2007-10-05 07:49 --------- d-----w C:\Program Files\Ashampoo
2007-10-01 09:42 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2007-09-22 19:25 47,360 ----a-w C:\Documents and Settings\Halford\Data aplikací\pcouffin.sys
2007-09-21 17:37 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2007-03-24 19:30 74,000 ----a-w C:\Program Files\1462672.jpg
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-03-22 16:13]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"Ashampoo FireWall"="C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" [2006-09-13 12:22]
"OptimAccess Dial"="C:\Program Files\oaDial\oaDial.exe" [2004-09-14 06:31]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49]
"Rainlendar2"="C:\Program Files\Rainlendar2\Rainlendar2.exe" [2007-01-01 14:31]
"WeatherWatcher"="C:\Program Files\Weather Watcher\ww.exe" [2007-02-25 16:40]

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"C-Media Mixer"=Mixer.exe /startup
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" -minimize

R0 OADFILE;OADFILE;C:\WINDOWS\system32\drivers\OADFILE.SYS
R0 OADREG;OADREG;C:\WINDOWS\system32\drivers\OADREG.SYS
R1 tcpipBM;Bytemobile Kernel Network Provider;C:\WINDOWS\system32\drivers\tcpipBM.sys
R3 Axtmvflt;Axesstel USB Filter Service;C:\WINDOWS\system32\DRIVERS\Axtmvflt.sys
R3 Axtmvmdm;Axesstel USB Modem;C:\WINDOWS\system32\DRIVERS\Axtmvmdm.sys
R3 Axtmvprt;Axesstel Diagnostic Port;C:\WINDOWS\system32\Drivers\Axtmvprt.sys
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
R3 S3Inc;S3Inc;C:\WINDOWS\system32\DRIVERS\s3mt3d.sys
S3 DrvFltIp;DrvFltIp;\??\C:\Documents and Settings\Halford\Local Settings\TEMP\DrvFltIp
S3 usb2vcom;USB Data Cable;C:\WINDOWS\system32\DRIVERS\usb2vcom.sys

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2007-11-16 16:15:20 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-17 15:08:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-17 15:10:33
C:\ComboFix2.txt ... 2007-11-16 20:20
.
--- E O F ---

*****************************************************************************************

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:19:00, on 17.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\bmwebcfg.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe
C:\Program Files\oaDial\oaDial.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Total Commander\totalcmd\TOTALCMD.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\K-Meleon\k-meleon.exe
C:\Documents and Settings\Halford\Plocha\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: GetRight IE Download Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Ashampoo FireWall] "C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" -TRAY
O4 - HKLM\..\Run: [OptimAccess Dial] C:\Program Files\oaDial\oaDial.exe /minimalize
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Rainlendar2] "C:\Program Files\Rainlendar2\Rainlendar2.exe"
O4 - HKCU\..\Run: [WeatherWatcher] C:\Program Files\Weather Watcher\ww.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Stáhnout Free Download Managerem - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Stáhnout vybrané Free Download Managerem - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Stáhnout vše Free Download Managerem - file://C:\Program Files\Free Download Manager\dlall.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: MP3 - {1537E842-0000-11D2-8059-111111111111} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &WinMp3Locator - {1537E842-0000-11D2-8059-111111111111} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Files - {1537E842-0001-11D2-8059-111111111111} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &FileLocator - {1537E842-0001-11D2-8059-111111111111} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{D492DED1-C32D-4457-9AF5-00F5B99A4FD7}: NameServer = 78.136.129.20 78.136.130.132
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\system32\bmwebcfg.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

--
End of file - 6019 bytes

Prosím o kontrolu

Prosím o kontrolu

Kdo je online