prosim o kontrolu logu

[kubiscz]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:21:26, on 20.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ICQ6\ICQ.exe
C:\DOCUME~1\TOM~1\LOCALS~1\Temp\winlogon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\totalcmd\TOTALCMD.EXE
c:\Downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\deviceemulator.exe,
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {F6E20ADE-8CE8-492c-BCBA-ABF3EF2DE4E8} - C:\WINDOWS\system32\\msrdo20x23.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [Firewall auto setup] C:\DOCUME~1\TOM~1\LOCALS~1\Temp\winlogon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll
O20 - Winlogon Notify: alcopt - C:\WINDOWS\SYSTEM32\alcopt.dll
O20 - Winlogon Notify: msdtc32 - msdtc32.dll (file missing)
O20 - Winlogon Notify: winfuq32 - winfuq32.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 5776 bytes

[Reklama]

[fredik]

Stáhni si SDFix
- Spusť ho a rozbalí se ti na disk kde je nainstalovaný Windows (typicky to je C:\SDfix)
- Pak restartuj PC do nouzového režimu (zvol možnost: Stav nouze, ne Stav nouze s práci v síti)
- Otevři adresář kde je vybalený SDFix a spusť soubor RunThis.bat tím spustíš program.
* Pak stiskni klávesu Y a pak Enter pro zahájení čistícího procesu.
* Pro dokončení kontroly budeš vyzván ke stisknoutí libovolné klávesy a počítač se restartuje.
* Při nabíhání operačního systému se program spustí znovu a dokončí čistící proces. Až se objeví Finish, budeš muset po vyzvání stisknout libovolnou klávesu, tim se ukončí program a zobrazí se ti ikony na ploše
- Když se skončí načítání ikon na ploše, otevře se ti na obrazovce log z SDFix a zároveň ho uloží do adresáře kde je rozbalený SDFix jako soubor Report.txt
Pak sem zkopíruj jeho obsah.

Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[kubiscz]

SDFix: Version 1.144

Run by Administrator on źt 21.02.2008 at 14:16

Microsoft Windows XP [Verze 5.1.2600]
Running From: C:\SDFix

Checking Services:

Name:
SysLibrary

Path:
\??\C:\WINDOWS\system32\DefLib.sys

SysLibrary - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default Desktop Wallpaper
Resetting SecurityProviders Value
Resetting AppInit_DLLs value


Rebooting...


Checking Files:

Trojan Files Found:

C:\WINDOWS\SYSTEM32\ALONQD~1.BMP - Deleted
C:\WINDOWS\SYSTEM32\RMHKFI~1.BMP - Deleted
C:\24.TMP - Deleted
C:\25.TMP - Deleted
C:\Program Files\ISM\ISMUninstall.exe - Deleted
C:\Program Files\ISM\ISMData\images\Thumbs.db - Deleted
C:\WINDOWS\Casino.ico - Deleted
C:\WINDOWS\Free Online Dating.ico - Deleted
C:\WINDOWS\inf\ultra.inf - Deleted
C:\WINDOWS\Spyware Remover.ico - Deleted
C:\WINDOWS\system32\wowfx.dll - Deleted



Folder C:\Program Files\Helper - Removed
Folder C:\Program Files\Ultimate Defender - Removed
Folder C:\WINDOWS\PerfInfo - Removed


Removing Temp Files...

ADS Check:

[kubiscz]

ComboFix 08-02-21 - Tomáš 2008-02-21 14:29:08.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.267 [GMT 1:00]
Running from: C:\Documents and Settings\Tomáš\Plocha\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Tomáš\Data aplikací\ultra
C:\Documents and Settings\Tomáš\Data aplikací\ultra\uninstall.bat
C:\Program Files\ISM
C:\WINDOWS\ppqvmpqr
C:\WINDOWS\ppqvmpqr\1.png
C:\WINDOWS\ppqvmpqr\2.png
C:\WINDOWS\ppqvmpqr\3.png
C:\WINDOWS\ppqvmpqr\4.png
C:\WINDOWS\ppqvmpqr\5.png
C:\WINDOWS\ppqvmpqr\6.png
C:\WINDOWS\ppqvmpqr\bottom-rc.gif
C:\WINDOWS\ppqvmpqr\content.png
C:\WINDOWS\ppqvmpqr\download.gif
C:\WINDOWS\ppqvmpqr\frame-bottom-left.gif
C:\WINDOWS\ppqvmpqr\frame-h1bg.gif
C:\WINDOWS\ppqvmpqr\head.png
C:\WINDOWS\ppqvmpqr\indexuc.html
C:\WINDOWS\ppqvmpqr\indexud.html
C:\WINDOWS\ppqvmpqr\main.css
C:\WINDOWS\ppqvmpqr\net.png
C:\WINDOWS\ppqvmpqr\pc-mag.gif
C:\WINDOWS\ppqvmpqr\pc.gif
C:\WINDOWS\ppqvmpqr\poloska1.png
C:\WINDOWS\ppqvmpqr\poloska2.png
C:\WINDOWS\ppqvmpqr\poloska3.png
C:\WINDOWS\ppqvmpqr\promouc1.html
C:\WINDOWS\ppqvmpqr\promouc2.html
C:\WINDOWS\ppqvmpqr\promouc3.html
C:\WINDOWS\ppqvmpqr\promouc4.html
C:\WINDOWS\ppqvmpqr\promouc5.html
C:\WINDOWS\ppqvmpqr\promoud1.html
C:\WINDOWS\ppqvmpqr\promoud2.html
C:\WINDOWS\ppqvmpqr\promoud3.html
C:\WINDOWS\ppqvmpqr\promoud4.html
C:\WINDOWS\ppqvmpqr\promoud5.html
C:\WINDOWS\ppqvmpqr\reg.png
C:\WINDOWS\ppqvmpqr\repair.png
C:\WINDOWS\ppqvmpqr\scr-1.png
C:\WINDOWS\ppqvmpqr\scr-2.png
C:\WINDOWS\ppqvmpqr\styles.css
C:\WINDOWS\ppqvmpqr\top-rc.gif
C:\WINDOWS\ppqvmpqr\vline.gif
C:\WINDOWS\system32\hrpdcf.bin
C:\WINDOWS\system32\kl80.bin
C:\WINDOWS\system32\msfeedswc.dll
C:\WINDOWS\system32\njprckha
C:\WINDOWS\system32\njprckha\bg1.gif
C:\WINDOWS\system32\njprckha\bgtop.gif
C:\WINDOWS\system32\njprckha\bottom1.gif
C:\WINDOWS\system32\njprckha\essentials.gif
C:\WINDOWS\system32\njprckha\icon1.ico
C:\WINDOWS\system32\njprckha\install1.gif
C:\WINDOWS\system32\njprckha\left1.gif
C:\WINDOWS\system32\njprckha\li.gif
C:\WINDOWS\system32\njprckha\logo.gif
C:\WINDOWS\system32\njprckha\main.htm
C:\WINDOWS\system32\njprckha\mainframe.htm
C:\WINDOWS\system32\njprckha\reinstall1.gif
C:\WINDOWS\system32\njprckha\right1.gif
C:\WINDOWS\system32\njprckha\s1.htm
C:\WINDOWS\system32\njprckha\s2.htm
C:\WINDOWS\system32\njprckha\s3.htm
C:\WINDOWS\system32\njprckha\SMTop1.gif
C:\WINDOWS\system32\njprckha\SMTop2.gif
C:\WINDOWS\system32\njprckha\SMTop3.gif
C:\WINDOWS\system32\njprckha\SMTop4.gif
C:\WINDOWS\system32\njprckha\soft1_off.gif
C:\WINDOWS\system32\njprckha\soft1_off_ext.gif
C:\WINDOWS\system32\njprckha\soft1_on.gif
C:\WINDOWS\system32\njprckha\soft1_on_ext.gif
C:\WINDOWS\system32\njprckha\soft2_off.gif
C:\WINDOWS\system32\njprckha\soft2_off_ext.gif
C:\WINDOWS\system32\njprckha\soft2_on.gif
C:\WINDOWS\system32\njprckha\soft2_on_ext.gif
C:\WINDOWS\system32\njprckha\soft3_off.gif
C:\WINDOWS\system32\njprckha\soft3_off_ext.gif
C:\WINDOWS\system32\njprckha\soft3_on.gif
C:\WINDOWS\system32\njprckha\soft3_on_ext.gif
C:\WINDOWS\system32\njprckha\softbottom_off.gif
C:\WINDOWS\system32\njprckha\softbottom_on.gif
C:\WINDOWS\system32\njprckha\softleft_off.gif
C:\WINDOWS\system32\njprckha\softleft_on.gif
C:\WINDOWS\system32\njprckha\top1.gif
C:\WINDOWS\system32\njprckha\top2.gif
C:\WINDOWS\system32\njprckha\turnoff1.gif
C:\WINDOWS\system32\njprckha\turnon1.gif

.
((((((((((((((((((((((((( Files Created from 2008-01-21 to 2008-02-21 )))))))))))))))))))))))))))))))
.

2008-02-21 14:24 . 2008-02-21 14:24 106,184 --a------ C:\WINDOWS\system32\root.pfx
2008-02-21 14:24 . 2008-02-21 14:24 81 --a------ C:\WINDOWS\system32\spc.pfx
2008-02-21 14:24 . 2008-02-21 14:24 81 --a------ C:\WINDOWS\system32\my.pfx
2008-02-21 14:14 . 2008-02-21 14:14 <DIR> d-------- C:\WINDOWS\ERUNT
2008-02-21 14:09 . 2008-02-21 14:23 <DIR> d-------- C:\SDFix
2008-02-20 20:17 . 2008-02-21 14:08 7 --a------ C:\WINDOWS\system32\ngxt.bin
2008-02-20 19:56 . 2008-02-20 19:56 0 --a------ C:\WINDOWS\oodcnt.INI
2008-02-20 19:19 . 2008-02-20 19:19 306,432 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-02-20 19:19 . 2007-12-20 10:41 29,440 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-02-20 19:18 . 2008-02-20 19:22 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-02-20 19:11 . 2008-02-20 19:13 <DIR> d-------- C:\Temp\TuneUp Utilities 2008
2008-02-20 19:11 . 2008-02-20 19:11 <DIR> d-------- C:\Temp\OO Software
2008-02-20 17:11 . 2008-02-20 17:11 <DIR> d-------- C:\WINDOWS\system32\install_temp_318
2008-02-20 17:11 . 2008-02-20 17:11 22,441 --a------ C:\WINDOWS\system32\alcopt.dll
2008-02-20 17:11 . 2008-02-20 17:11 8,416 --a------ C:\WINDOWS\system32\alcop.sys
2008-02-19 19:28 . 2008-02-21 14:28 <DIR> d-------- C:\Downloads
2008-02-17 14:50 . 2008-02-17 14:50 <DIR> d-------- C:\Program Files\Atari
2008-02-17 13:38 . 2008-02-17 13:38 1,005,403 --a------ C:\vista wmp11.rar
2008-02-16 19:05 . 2007-06-01 13:51 <DIR> d--h----- C:\Documents and Settings\Administrator\ćablony
2008-02-16 19:05 . 2008-02-21 14:15 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2008-02-16 19:05 . 2007-06-01 15:44 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolnˇ tisk rny
2008-02-16 19:05 . 2007-06-01 15:44 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolnˇ sˇś
2008-02-16 19:05 . 2008-02-16 19:08 <DIR> d-------- C:\Documents and Settings\Administrator\Oblˇben‚ polo§ky
2008-02-16 19:05 . 2007-06-01 15:44 <DIR> dr------- C:\Documents and Settings\Administrator\Nabˇdka Start
2008-02-16 19:05 . 2007-06-01 15:44 <DIR> d-------- C:\Documents and Settings\Administrator\Dokumenty
2008-02-16 19:05 . 2007-06-01 15:44 <DIR> dr-h----- C:\Documents and Settings\Administrator\Data aplikacˇ
2008-02-13 12:53 . 2008-02-20 17:11 <DIR> d-------- C:\Program Files\ICQ6
2008-01-26 12:00 . 2008-02-21 14:26 57,081 --a------ C:\WINDOWS\system32\msdxexch.dll
2008-01-25 15:12 . 2008-02-20 18:41 <DIR> d-------- C:\Program Files\Skype
2008-01-25 15:12 . 2008-01-25 15:12 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-01-22 14:06 . 2008-01-22 14:06 70,838 --a------ C:\WINDOWS\system32\msrdo20x23.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-20 19:25 --------- d-----w C:\Program Files\Call of Duty
2008-02-20 18:17 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-20 16:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-20 16:00 --------- d-----w C:\Program Files\Valve
2008-02-16 18:09 --------- d-----w C:\Program Files\SPW-D
2008-02-16 18:08 --------- d-----w C:\Program Files\Cheat Engine
2008-01-17 13:44 --------- d-----w C:\Program Files\BitComet
2008-01-17 13:28 --------- d-----w C:\Program Files\AntiVirusPro
2008-01-17 13:12 --------- d-----w C:\Program Files\Lavasoft
2008-01-16 16:48 --------- d-----w C:\Program Files\Download Express
2008-01-14 13:34 --------- d-----w C:\Program Files\ESET
2008-01-11 20:30 --------- d-----w C:\Program Files\Common Files\SWF Studio
2008-01-11 17:58 --------- d-----w C:\Program Files\Ski Jumping
2008-01-05 08:53 --------- d-----w C:\Program Files\EA GAMES
2008-01-04 16:10 --------- d-----w C:\Program Files\RivaTuner v2.0 RC 16.1
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F6E20ADE-8CE8-492c-BCBA-ABF3EF2DE4E8}]
2008-01-22 14:06 70838 --a------ C:\WINDOWS\system32\\msrdo20x23.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-18 13:00 15360]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2007-12-19 15:48 172280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 14:55 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-08-20 14:51 118784]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-03-30 03:48 5898240]
"nwiz"="nwiz.exe" [2005-03-30 03:48 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-03-30 03:48 86016]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-17 14:17 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-18 13:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-17 14:17 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\alcopt]
alcopt.dll 2008-02-20 17:11 22441 C:\WINDOWS\system32\alcopt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winfuq32]
winfuq32.dll

R1 alcop;alcop server;C:\WINDOWS\system32\alcop.sys [2008-02-20 17:11]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-18 13:00]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-02-20 19:19]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2008-02-20 18:21:02 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-21 14:31:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\alcopt.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-02-21 14:33:50 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-21 13:33:47

[fredik]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:

Kód: Vybrat vše

Driver::
alcop

Collect::
C:\WINDOWS\system32\alcopt.dll
C:\WINDOWS\system32\alcop.sys
C:\WINDOWS\system32\msrdo20x23.dll

Suspect::
C:\WINDOWS\system32\msdxexch.dll

File::
C:\WINDOWS\system32\root.pfx
C:\WINDOWS\system32\spc.pfx
C:\WINDOWS\system32\my.pfx
C:\WINDOWS\system32\ngxt.bin

Folder::
C:\SDFix
C:\WINDOWS\system32\install_temp_318
C:\Program Files\AntiVirusPro

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F6E20ADE-8CE8-492c-BCBA-ABF3EF2DE4E8}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\alcopt]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winfuq32]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

Na ploše se ti vytvoří soubor Submit(Datum+Čas).zip, vlož ho jako přílohu ke svému dalšímu příspěvku.

********************************************************************************************************************
Vlož sem pak log z ComboFix po použití skriptu a nový log z HJT.

Btw. ten log z SDFix byl celý? Zkus ho sem vložit buď celý znovu nebo zbytek co je pod ADS Check:

[kubiscz]

ComboFix 08-02-21 - Tomáš 2008-02-23 16:29:11.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.257 [GMT 1:00]
Running from: C:\Documents and Settings\Tomáš\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\Tomáš\Plocha\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\my.pfx
C:\WINDOWS\system32\ngxt.bin
C:\WINDOWS\system32\root.pfx
C:\WINDOWS\system32\spc.pfx
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\AntiVirusPro
C:\SDFix
C:\SDFix\apps\assosfix.reg
C:\SDFix\apps\cliptext.exe
C:\SDFix\apps\download.exe
C:\SDFix\apps\dummy.exe
C:\SDFix\apps\dummy.sys
C:\SDFix\apps\Enable_Command_Prompt.reg
C:\SDFix\apps\ERDNT.E_E
C:\SDFix\apps\ERDNTDOS.LOC
C:\SDFix\apps\ERDNTWIN.LOC
C:\SDFix\apps\ERUNT.EXE
C:\SDFix\apps\ERUNT.LOC
C:\SDFix\apps\fix.reg
C:\SDFix\apps\FixBH.reg
C:\SDFix\apps\FixComponents.reg
C:\SDFix\apps\FIXCU.reg
C:\SDFix\apps\FIXLM.reg
C:\SDFix\apps\FixPath.exe
C:\SDFix\apps\FixRedir.reg
C:\SDFix\apps\FixSchedule.reg
C:\SDFix\apps\FixWebCheck.reg
C:\SDFix\apps\fixXP.reg
C:\SDFix\apps\FixXPsp2.reg
C:\SDFix\apps\grep.exe
C:\SDFix\apps\HPFix.reg
C:\SDFix\apps\HPFix2.reg
C:\SDFix\apps\HPFix3.reg
C:\SDFix\apps\HPFix4.reg
C:\SDFix\apps\HPFix5.reg
C:\SDFix\apps\HPFix6.reg
C:\SDFix\apps\HPFix7.reg
C:\SDFix\apps\isadmin.exe
C:\SDFix\apps\leg2.txt
C:\SDFix\apps\legacy.txt
C:\SDFix\apps\legacybk.txt
C:\SDFix\apps\locate.com
C:\SDFix\apps\LS.exe
C:\SDFix\apps\MD5File.exe
C:\SDFix\apps\MyGcpvFix.reg
C:\SDFix\apps\MyGkFix2.reg
C:\SDFix\apps\Process.exe
C:\SDFix\apps\procs.exe
C:\SDFix\apps\psservice.exe
C:\SDFix\apps\RegDACL.exe
C:\SDFix\apps\regedit.exe
C:\SDFix\apps\Rem.txt
C:\SDFix\apps\Rem2.txt
C:\SDFix\apps\Replace\W2K.exe
C:\SDFix\apps\Replace\w2k\beep.sys
C:\SDFix\apps\Replace\w2k\null.sys
C:\SDFix\apps\Replace\XP.exe
C:\SDFix\apps\Replace\xp\beep.sys
C:\SDFix\apps\Replace\xp\null.sys
C:\SDFix\apps\Reset_AppInit_DLLs.reg
C:\SDFix\apps\RestartIt!.exe
C:\SDFix\apps\Restore_SecurityCenter.reg
C:\SDFix\apps\Restore_SharedAccess.reg
C:\SDFix\apps\sc.exe
C:\SDFix\apps\sed.exe
C:\SDFix\apps\SF.exe
C:\SDFix\apps\shutdown.exe
C:\SDFix\apps\srv2.txt
C:\SDFix\apps\srv2bk.txt
C:\SDFix\apps\svc.txt
C:\SDFix\apps\svcbk.txt
C:\SDFix\apps\swreg.exe
C:\SDFix\apps\swsc.exe
C:\SDFix\apps\unzip.exe
C:\SDFix\apps\vfind.exe
C:\SDFix\apps\WINMSG.EXE
C:\SDFix\apps\winsec.reg
C:\SDFix\apps\zip.exe
C:\SDFix\backups\attrib.exe
C:\SDFix\backups\backupreg.zip
C:\SDFix\backups\backups.zip
C:\SDFix\backups\find.exe
C:\SDFix\backups\findstr.exe
C:\SDFix\backups\HOSTS
C:\SDFix\backups\regedit.exe
C:\SDFix\catchme.exe
C:\SDFix\dummy.exe
C:\SDFix\dummy.sys
C:\SDFix\FixSecurityProvider.reg
C:\SDFix\FixSecurityProvider2.reg
C:\SDFix\Report.txt
C:\SDFix\RunThis.bat
C:\SDFix\SDFIX_ReadMe_Online.url
C:\WINDOWS\system32\alcop.sys
C:\WINDOWS\system32\install_temp_318
C:\WINDOWS\system32\msdxexch.dll
C:\WINDOWS\system32\msfeedswc.dll
C:\WINDOWS\system32\msrdo20x23.dll
C:\WINDOWS\system32\ngxt.bin

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_ALCOP
-------\alcop


((((((((((((((((((((((((( Files Created from 2008-01-23 to 2008-02-23 )))))))))))))))))))))))))))))))
.

2008-02-22 20:43 . 2005-09-03 23:48 1,970,176 --a------ C:\WINDOWS\system32\d3dx9.dll
2008-02-22 20:43 . 2005-09-03 23:48 679,936 --a------ C:\WINDOWS\system32\D3DX81ab.dll
2008-02-21 14:14 . 2008-02-21 14:14 <DIR> d-------- C:\WINDOWS\ERUNT
2008-02-20 19:56 . 2008-02-20 19:56 0 --a------ C:\WINDOWS\oodcnt.INI
2008-02-20 19:19 . 2008-02-20 19:19 306,432 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-02-20 19:19 . 2007-12-20 10:41 29,440 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-02-20 19:18 . 2008-02-20 19:22 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-02-20 19:11 . 2008-02-20 19:13 <DIR> d-------- C:\Temp\TuneUp Utilities 2008
2008-02-20 19:11 . 2008-02-20 19:11 <DIR> d-------- C:\Temp\OO Software
2008-02-19 19:28 . 2008-02-22 20:43 <DIR> d-------- C:\Downloads
2008-02-17 14:50 . 2008-02-17 14:50 <DIR> d-------- C:\Program Files\Atari
2008-02-17 13:38 . 2008-02-17 13:38 1,005,403 --a------ C:\vista wmp11.rar
2008-02-16 19:05 . 2007-06-01 13:51 <DIR> d--h----- C:\Documents and Settings\Administrator\ćablony
2008-02-16 19:05 . 2008-02-21 14:15 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2008-02-16 19:05 . 2007-06-01 15:44 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolnˇ tisk rny
2008-02-16 19:05 . 2007-06-01 15:44 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolnˇ sˇś
2008-02-16 19:05 . 2008-02-16 19:08 <DIR> d-------- C:\Documents and Settings\Administrator\Oblˇben‚ polo§ky
2008-02-16 19:05 . 2007-06-01 15:44 <DIR> dr------- C:\Documents and Settings\Administrator\Nabˇdka Start
2008-02-16 19:05 . 2007-06-01 15:44 <DIR> d-------- C:\Documents and Settings\Administrator\Dokumenty
2008-02-16 19:05 . 2007-06-01 15:44 <DIR> dr-h----- C:\Documents and Settings\Administrator\Data aplikacˇ
2008-02-13 12:53 . 2008-02-20 17:11 <DIR> d-------- C:\Program Files\ICQ6
2008-01-25 15:12 . 2008-02-20 18:41 <DIR> d-------- C:\Program Files\Skype
2008-01-25 15:12 . 2008-01-25 15:12 <DIR> d-------- C:\Program Files\Common Files\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-23 15:25 --------- d-----w C:\Program Files\Call of Duty
2008-02-22 19:43 --------- d-----w C:\Program Files\Cheat Engine
2008-02-20 18:17 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-20 16:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-20 16:00 --------- d-----w C:\Program Files\Valve
2008-02-16 18:09 --------- d-----w C:\Program Files\SPW-D
2008-01-17 13:44 --------- d-----w C:\Program Files\BitComet
2008-01-17 13:12 --------- d-----w C:\Program Files\Lavasoft
2008-01-16 16:48 --------- d-----w C:\Program Files\Download Express
2008-01-14 13:34 --------- d-----w C:\Program Files\ESET
2008-01-11 20:30 --------- d-----w C:\Program Files\Common Files\SWF Studio
2008-01-11 17:58 --------- d-----w C:\Program Files\Ski Jumping
2008-01-05 08:53 --------- d-----w C:\Program Files\EA GAMES
2008-01-04 16:10 --------- d-----w C:\Program Files\RivaTuner v2.0 RC 16.1
2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-18 13:00 15360]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2007-12-19 15:48 172280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 14:55 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-08-20 14:51 118784]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-03-30 03:48 5898240]
"nwiz"="nwiz.exe" [2005-03-30 03:48 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-03-30 03:48 86016]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-17 14:17 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-18 13:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-17 14:17 219136]

R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-18 13:00]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2008-02-22 16:21:05 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-23 16:33:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-02-23 16:36:00 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-23 15:35:57
ComboFix2.txt 2008-02-21 13:33:50


ten soubor se neobjevil

[fredik]

Dej sem ještě nový log z HJT a případně ještě ten původní log z SDFix (stačí jen ta část co je pod tou položkou co jsem psal)