POMOC - System Integrity Scan Wizard

[jack.p]

//Téma rozděleno. Příště si založ prosím tě vlastní téma, i kdyby jsi měl stejný problém jako se zde řeší
fredik

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:41:28, on 20.04.2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\rwzcjneb.exe
C:\WINDOWS\System32\regsvr32.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\System32\WISPTIS.EXE
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\Diana\Application Data\U3\0000167C877458EA\LaunchPad.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customi ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:9090 ftp=localhost:9093 https=localhost:9092
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost; 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {055BFCB0-D441-AF59-358F-0336FFD5BFC4} - C:\WINDOWS\system32\kiknlllq.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Everest] "C:\Program Files\Free-Soft\Everest Dictionary\Everest.exe" startup
O4 - HKLM\..\Run: [AttuneClientEngine] C:\PROGRA~1\Aveo\Attune\bin\attune_ce.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [rwzcjneb] C:\WINDOWS\system32\rwzcjneb.exe
O4 - HKLM\..\Run: [dixanohm] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\dixanohm.dll"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.c ... mplete.cab
O20 - Winlogon Notify: winkjf32 - winkjf32.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NNServ - Unknown owner - C:\Program Files\NewDotNet\nnrun.exe (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 8292 bytes

[Reklama]

[fredik]

Vítej na fóru

Doporučil bych ti odinstalovat přes Přidat nebo odebrat programy:
Aveo Attune

Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[jack.p]

ComboFix 08-04-20.5 - Diana 2008-04-21 19:29:31.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.50 [GMT 2:00]
Running from: C:\Documents and Settings\Diana\Application Data\Opera\Opera\profile\cache4\temporary_download\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Diana\Desktopblackbird.jpg
C:\Documents and Settings\Diana\DesktopEditorFKWP1.5.exe
C:\Documents and Settings\Diana\DesktopEditorFKWP2.0.exe
C:\Documents and Settings\Diana\Desktopfilemanagerclient.exe
C:\Documents and Settings\Diana\Desktopfkwp1.5.exe
C:\Documents and Settings\Diana\Desktopfkwp2.0.exe
C:\Documents and Settings\Diana\Desktopfwebd.exe
C:\Documents and Settings\Diana\DesktopFWebdEditor.exe
C:\Documents and Settings\Diana\DesktopTrojan.Win32.BlackBird.exe
C:\Documents and Settings\Diana\Desktopvirii
C:\Documents and Settings\Diana\ResErrors.log
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.exe
C:\Program Files\Inet Delivery
C:\Program Files\Inet Delivery\inetdl.exe
C:\Program Files\Inet Delivery\intdel.exe
C:\Program Files\PC-Cleaner
C:\WINDOWS\a.bat
C:\WINDOWS\base64.tmp
C:\WINDOWS\bdn.com
C:\WINDOWS\Downloaded Program Files\UGA6P_0001_N122M2802NetInstaller.exe
C:\WINDOWS\iTunesMusic.exe
C:\WINDOWS\mssecu.exe
C:\WINDOWS\system32akttzn.exe
C:\WINDOWS\system32anticipator.dll
C:\WINDOWS\system32awtoolb.dll
C:\WINDOWS\system32bdn.com
C:\WINDOWS\system32bsva-egihsg52.exe
C:\WINDOWS\system32dpcproxy.exe
C:\WINDOWS\system32emesx.dll
C:\WINDOWS\system32h@tkeysh@@k.dll
C:\WINDOWS\system32hoproxy.dll
C:\WINDOWS\system32hxiwlgpm.dat
C:\WINDOWS\system32hxiwlgpm.exe
C:\WINDOWS\system32medup012.dll
C:\WINDOWS\system32medup020.dll
C:\WINDOWS\system32msgp.exe
C:\WINDOWS\system32msnbho.dll
C:\WINDOWS\system32mssecu.exe
C:\WINDOWS\system32msvchost.exe
C:\WINDOWS\system32mtr2.exe
C:\WINDOWS\system32mwin32.exe
C:\WINDOWS\system32netode.exe
C:\WINDOWS\system32newsd32.exe
C:\WINDOWS\system32ps1.exe
C:\WINDOWS\system32psof1.exe
C:\WINDOWS\system32psoft1.exe
C:\WINDOWS\system32regc64.dll
C:\WINDOWS\system32regm64.dll
C:\WINDOWS\system32Rundl1.exe
C:\WINDOWS\system32smp
C:\WINDOWS\system32smp\msrc.exe
C:\WINDOWS\system32sncntr.exe
C:\WINDOWS\system32ssurf022.dll
C:\WINDOWS\system32ssvchost.com
C:\WINDOWS\system32ssvchost.exe
C:\WINDOWS\system32sysreq.exe
C:\WINDOWS\system32taack.dat
C:\WINDOWS\system32taack.exe
C:\WINDOWS\system32temp#01.exe
C:\WINDOWS\system32thun.dll
C:\WINDOWS\system32thun32.dll
C:\WINDOWS\system32VBIEWER.OCX
C:\WINDOWS\system32vbsys2.dll
C:\WINDOWS\system32vcatchpi.dll
C:\WINDOWS\system32winlogonpc.exe
C:\WINDOWS\system32winsystem.exe
C:\WINDOWS\system32WINWGPX.EXE
C:\WINDOWS\Web\def.htm
C:\WINDOWS\winsystem.exe
C:\WINDOWS\zip1.tmp
C:\WINDOWS\zip2.tmp
C:\WINDOWS\zip3.tmp
C:\WINDOWS\zipped.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DHLP
-------\Legacy_NNSERV
-------\Service_NNServ


((((((((((((((((((((((((( Files Created from 2008-03-21 to 2008-04-21 )))))))))))))))))))))))))))))))
.

2008-04-20 22:39 . 2008-04-20 22:39 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-19 17:27 . 2008-04-19 17:27 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-04-18 14:49 . 2008-04-18 14:55 <DIR> d-------- C:\Documents and Settings\Diana\Application Data\Zoner
2008-04-18 14:47 . 2008-04-18 14:47 <DIR> d-------- C:\Program Files\Zoner
2008-04-18 10:23 . 2008-04-18 10:24 <DIR> d-------- C:\Program Files\MP3 Player Utilities 1.50
2008-04-18 10:22 . 2005-10-21 05:32 8,913 -ra------ C:\WINDOWS\fwupgrade.ini
2008-04-18 10:22 . 2004-05-12 04:28 3,677 -ra------ C:\WINDOWS\SoundCon.INI
2008-04-17 21:56 . 2008-04-17 21:56 <DIR> d-------- C:\Documents and Settings\Administrator
2008-04-17 21:56 . 2008-04-21 19:29 1,024 --ah----- C:\Documents and Settings\Administrator\ntuser.dat.LOG
2008-04-17 20:41 . 2008-04-17 20:41 <DIR> d-------- C:\Program Files\Alwil Software
2008-04-16 19:15 . 2008-04-20 19:16 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-04-16 19:15 . 2008-04-20 19:11 <DIR> d-------- C:\Documents and Settings\Diana\Application Data\Spyware Terminator
2008-04-16 19:15 . 2008-04-20 19:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-04-16 19:15 . 2008-04-16 19:15 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-04-16 15:50 . 2008-04-16 15:50 <DIR> d--hs---- C:\AntiSpywareMaster
2008-04-16 15:49 . 2008-04-16 15:49 <DIR> d-------- C:\Documents and Settings\Diana\Application Data\AntiSpywareMaster
2008-04-16 15:49 . 2008-04-16 15:49 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-04-16 15:48 . 2004-10-07 14:39 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2008-04-16 15:48 . 2001-03-08 19:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-04-16 15:33 . 2008-04-16 15:33 110,592 --a------ C:\WINDOWS\system32\kiknlllq.dll
2008-04-16 15:33 . 2008-04-16 15:33 110,592 --a------ C:\Documents and Settings\All Users\Application Data\dixanohm.dll
2008-04-16 15:32 . 2008-04-16 15:32 98,304 --a------ C:\WINDOWS\system32\rwzcjneb.exe
2008-04-14 14:39 . 2008-04-14 14:39 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-14 09:33 . 2008-04-16 20:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-10 10:13 . 2008-04-21 07:35 <DIR> d-------- C:\Documents and Settings\Diana\Application Data\U3
2008-04-09 20:39 . 2008-04-09 20:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-04-09 20:38 . 2008-04-09 20:38 <DIR> d-------- C:\Program Files\Sony Ericsson
2008-04-09 20:14 . 2008-04-09 20:22 <DIR> d-------- C:\Program Files\The KMPlayer
2008-04-09 20:09 . 2008-04-09 20:13 <DIR> d-------- C:\Program Files\AdvancedDVDPlayer
2008-04-09 20:09 . 2008-04-09 20:09 8,464 --a------ C:\WINDOWS\system32\sporder.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-21 17:42 --------- d-----w C:\Documents and Settings\Diana\Application Data\Skype
2008-04-19 15:35 --------- d-----w C:\Program Files\Netkom
2008-04-13 08:22 --------- d-----w C:\Program Files\FrameShow
2008-04-13 08:18 --------- d-----w C:\Program Files\CulinatiX
2008-04-09 18:39 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-04-09 18:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Teleca
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{055BFCB0-D441-AF59-358F-0336FFD5BFC4}]
2008-04-16 15:33 110592 --a------ C:\WINDOWS\system32\kiknlllq.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-29 05:41 13312]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-06-20 15:02 4538368]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2002-08-20 14:08 1511453]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-10-13 16:20 20058152]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-08 21:59 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-03-27 15:34 53248 C:\WINDOWS\SOUNDMAN.EXE]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-10-02 13:37 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-10-02 13:19 118784]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"Everest"="C:\Program Files\Free-Soft\Everest Dictionary\Everest.exe" [2003-06-12 03:27 329216]
"AttuneClientEngine"="C:\PROGRA~1\Aveo\Attune\bin\attune_ce.exe" [2000-07-24 23:47 356728]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 23:48 479232]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17 159744]
"rwzcjneb"="C:\WINDOWS\system32\rwzcjneb.exe" [2008-04-16 15:32 98304]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-04-20 19:10 2957824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-08-29 05:41 13312]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winkjf32]
winkjf32.dll

R1 aswSP;avast! Self Protection;C:\WINDOWS\System32\drivers\aswSP.sys [2008-03-29 19:31]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\System32\drivers\sp_rsdrv2.sys [2008-04-16 19:15]
R3 ENE;ENE;C:\WINDOWS\System32\DRIVERS\EMCR7SK.sys [2003-02-12 01:12]

.
Contents of the 'Scheduled Tasks' folder
"2006-12-01 10:35:46 C:\WINDOWS\Tasks\Low Battery Alarm Program.job"
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-21 19:38:58
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
.
**************************************************************************
.
Completion time: 2008-04-21 19:46:32 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-21 17:46:16

Pre-Run: 3,349,331,968 bytes free
Post-Run: 3,806,879,744 bytes free

199

[fredik]

Mrkni se a jestli tam bude tak odinstaluj přes Přidat nebo odebrat programy:
AntiSpywareMaster


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Pro tuto akci je potřeba, aby sis stáhl a uložil ComboFix na plochu, což v současné době nemáš.


Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
C:\WINDOWS\system32\kiknlllq.dll
C:\Documents and Settings\All Users\Application Data\dixanohm.dll
C:\WINDOWS\system32\rwzcjneb.exe

Folder::
C:\AntiSpywareMaster
C:\Documents and Settings\Diana\Application Data\AntiSpywareMaster
C:\Documents and Settings\All Users\Application Data\SalesMon

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{055BFCB0-D441-AF59-358F-0336FFD5BFC4}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AttuneClientEngine"=-
"rwzcjneb"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winkjf32]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + vlož sem i nový log z HJT.

[jack.p]

Ten log z HJT jsem už poslal předtím, jestli je to teda pořád stejné a ten log z ComboFix posílám tady:

ComboFix 08-04-20.5 - Diana 2008-04-22 19:29:35.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.44 [GMT 2:00]
Running from: C:\Documents and Settings\Diana\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Diana\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\All Users\Application Data\dixanohm.dll
C:\WINDOWS\system32\kiknlllq.dll
C:\WINDOWS\system32\rwzcjneb.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\dixanohm.dll
C:\WINDOWS\system32\kiknlllq.dll
C:\WINDOWS\system32\rwzcjneb.exe

.
((((((((((((((((((((((((( Files Created from 2008-03-22 to 2008-04-22 )))))))))))))))))))))))))))))))
.

2008-04-20 22:39 . 2008-04-20 22:39 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-19 17:27 . 2008-04-19 17:27 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-04-18 14:49 . 2008-04-18 14:55 <DIR> d-------- C:\Documents and Settings\Diana\Application Data\Zoner
2008-04-18 14:47 . 2008-04-18 14:47 <DIR> d-------- C:\Program Files\Zoner
2008-04-18 10:23 . 2008-04-18 10:24 <DIR> d-------- C:\Program Files\MP3 Player Utilities 1.50
2008-04-18 10:22 . 2005-10-21 05:32 8,913 -ra------ C:\WINDOWS\fwupgrade.ini
2008-04-18 10:22 . 2004-05-12 04:28 3,677 -ra------ C:\WINDOWS\SoundCon.INI
2008-04-17 21:56 . 2008-04-17 21:56 <DIR> d-------- C:\Documents and Settings\Administrator
2008-04-17 21:56 . 2008-04-21 19:29 1,024 --ah----- C:\Documents and Settings\Administrator\ntuser.dat.LOG
2008-04-17 20:41 . 2008-04-17 20:41 <DIR> d-------- C:\Program Files\Alwil Software
2008-04-16 19:15 . 2008-04-22 19:04 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-04-16 19:15 . 2008-04-22 19:05 <DIR> d-------- C:\Documents and Settings\Diana\Application Data\Spyware Terminator
2008-04-16 19:15 . 2008-04-20 19:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-04-16 19:15 . 2008-04-16 19:15 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-04-16 15:50 . 2008-04-16 15:50 <DIR> d--hs---- C:\AntiSpywareMaster
2008-04-16 15:49 . 2008-04-16 15:49 <DIR> d-------- C:\Documents and Settings\Diana\Application Data\AntiSpywareMaster
2008-04-16 15:49 . 2008-04-16 15:49 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-04-16 15:48 . 2004-10-07 14:39 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2008-04-16 15:48 . 2001-03-08 19:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-04-14 14:39 . 2008-04-14 14:39 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-14 09:33 . 2008-04-16 20:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-10 10:13 . 2008-04-21 07:35 <DIR> d-------- C:\Documents and Settings\Diana\Application Data\U3
2008-04-09 20:39 . 2008-04-09 20:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-04-09 20:38 . 2008-04-09 20:38 <DIR> d-------- C:\Program Files\Sony Ericsson
2008-04-09 20:14 . 2008-04-09 20:22 <DIR> d-------- C:\Program Files\The KMPlayer
2008-04-09 20:09 . 2008-04-09 20:13 <DIR> d-------- C:\Program Files\AdvancedDVDPlayer
2008-04-09 20:09 . 2008-04-09 20:09 8,464 --a------ C:\WINDOWS\system32\sporder.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-21 17:49 --------- d-----w C:\Documents and Settings\Diana\Application Data\Skype
2008-04-19 15:35 --------- d-----w C:\Program Files\Netkom
2008-04-13 08:22 --------- d-----w C:\Program Files\FrameShow
2008-04-13 08:18 --------- d-----w C:\Program Files\CulinatiX
2008-04-09 18:39 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-04-09 18:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Teleca
.

((((((((((((((((((((((((((((( snapshot@2008-04-21_19.45.46.26 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-21 17:37:55 524,288 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-21 22:05:02 606,208 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{055BFCB0-D441-AF59-358F-0336FFD5BFC4}]
C:\WINDOWS\system32\kiknlllq.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-29 05:41 13312]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-06-20 15:02 4538368]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2002-08-20 14:08 1511453]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-10-13 16:20 20058152]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-08 21:59 68856]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-27 20:12 3142236]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-03-27 15:34 53248 C:\WINDOWS\SOUNDMAN.EXE]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-10-02 13:37 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-10-02 13:19 118784]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"Everest"="C:\Program Files\Free-Soft\Everest Dictionary\Everest.exe" [2003-06-12 03:27 329216]
"AttuneClientEngine"="C:\PROGRA~1\Aveo\Attune\bin\attune_ce.exe" [2000-07-24 23:47 356728]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 23:48 479232]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17 159744]
"rwzcjneb"="C:\WINDOWS\system32\rwzcjneb.exe" [ ]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-04-22 19:04 2957824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-08-29 05:41 13312]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winkjf32]
winkjf32.dll

R1 aswSP;avast! Self Protection;C:\WINDOWS\System32\drivers\aswSP.sys [2008-03-29 19:31]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\System32\drivers\sp_rsdrv2.sys [2008-04-16 19:15]
R3 ENE;ENE;C:\WINDOWS\System32\DRIVERS\EMCR7SK.sys [2003-02-12 01:12]

.
Contents of the 'Scheduled Tasks' folder
"2006-12-01 10:35:46 C:\WINDOWS\Tasks\Low Battery Alarm Program.job"
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-22 19:32:56
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

? [63932]
? [15240]
? [24204]
? [18804]
? [17284]

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-22 19:36:23
ComboFix-quarantined-files.txt 2008-04-22 17:36:17
ComboFix2.txt 2008-04-21 17:46:34

Pre-Run: 3,858,522,112 bytes free
Post-Run: 3,850,354,688 bytes free

121

Je toho tam strašně hodně, tak by mě zajhímalo jak se v tom vyznáš :-) a snad s tím moc neotravuju. Nevím co s tím spywarem mám dělat, furt to tu skáče a otravuje... Ale díky těm dvěma prográmkům už můžu používat TaskManager, za to díky. Jo a jestli mi můžeš poradit, co zatrhnout v tom HJT. Díky moc

[fredik]

Před použitím ComboFix vypni rezidentní štít ve Spyware Terminátoru:
Spusť Spywater Terminátora, nahoře klikni na ikonu Rezidentní štít
- program se přepne do okna Natavení rezidentního štítu
- tam na záložce Nastavení štítu zruš zatržení u položky: Aktivovat Rezidentní štít
- klikni dole na tlačítko: Uložit změny
- zavři program

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Pak si vytvoře nový CFScript a použij ho stejným postupem jako ten předchozí, ale s tím rozdílem, že do něho vlož tentokrát toto:

Kód: Vybrat vše

File::
C:\WINDOWS\system32\kiknlllq.dll

Folder::
C:\AntiSpywareMaster
C:\Documents and Settings\Diana\Application Data\AntiSpywareMaster
C:\Documents and Settings\All Users\Application Data\SalesMon

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{055BFCB0-D441-AF59-358F-0336FFD5BFC4}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AttuneClientEngine"=-
"rwzcjneb"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winkjf32]

Vlož sem pak log z ComboFix + nový log z HJT.