problem s winlogon

[speedy123]

ahojte som tu novy neviem ako funguje to precistenie cez hijack this pomozte mi s tym asi mam trojskeho kona vo winlogon.exe aspon avg8 mi vypisuje ze tam sa nachadza mam sem dat aj ten log z hijacku??

[Reklama]

[jaro3]

Vlož ho sem:
viewtopic.php?f=70&t=5119

[speedy123]

ten log? a mam vypnut internet operu a vsetko a az potom dat ten hijack??

[jaro3]

vypni všechny ostatní aplikace a prohlížeče , udělej dle návodu log a vlož ho sem.

[speedy123]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:23:19, on 24.2.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1993962763-1592454029-725345543-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Kika')
O4 - HKUS\S-1-5-21-1993962763-1592454029-725345543-1004\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Kika')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 5841 bytes

[jaro3]

Vypni rez. ochranu u AVG.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[speedy123]

ComboFix 09-02-24.01 - Peter 2009-02-24 20:37:17.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.2047.1543 [GMT 1:00]
Running from: c:\documents and settings\Peter.HOME\Desktop\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning enabled* (Updated)
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
c:\documents and settings\Peter.HOME\Application Data\inst.exe
C:\resycled

.
((((((((((((((((((((((((( Files Created from 2009-01-24 to 2009-02-24 )))))))))))))))))))))))))))))))
.

2009-02-24 18:11 . 2009-02-24 18:11 <DIR> d-------- c:\program files\Opera
2009-02-24 16:48 . 2009-02-24 16:48 <DIR> d-------- c:\program files\Trend Micro
2009-02-24 15:20 . 2009-02-24 16:56 <DIR> d-------- c:\program files\Counter-Strike 1.6
2009-02-21 22:03 . 2009-02-21 22:03 <DIR> d-------- c:\documents and settings\Kika\Application Data\AdobeUM
2009-02-21 19:07 . 2009-02-21 19:07 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\vsosdk
2009-02-17 16:58 . 2009-02-17 16:59 <DIR> d-------- c:\program files\Valve
2009-02-16 00:13 . 1998-09-02 09:02 194,320 --a------ c:\windows\system32\qcut.dll
2009-02-16 00:13 . 1998-08-27 05:51 182,032 --a------ c:\windows\system32\dxtmsft3.dll
2009-02-16 00:13 . 1998-08-20 12:02 140,800 --a------ c:\windows\system32\tm20dec.ax
2009-02-16 00:13 . 1998-09-02 09:28 80,896 --a------ c:\windows\system32\unam4ie.exe
2009-02-16 00:13 . 1998-09-02 09:28 38,160 --a------ c:\windows\system32\LMRTREND.dll
2009-02-16 00:13 . 1998-08-17 10:21 11,776 --a------ c:\windows\system32\mciqtz.drv
2009-02-16 00:13 . 1998-08-17 10:21 10,240 --a------ c:\windows\system32\vidx16.dll
2009-02-16 00:13 . 1998-08-17 10:21 5,672 --a------ c:\windows\system32\quartz.vxd
2009-02-16 00:13 . 2009-02-16 00:13 4,608 --a------ c:\windows\system32\w95inf32.dll
2009-02-16 00:13 . 2009-02-16 00:13 2,272 --a------ c:\windows\system32\w95inf16.dll
2009-02-15 19:34 . 2009-02-15 19:34 <DIR> d-------- c:\documents and settings\Peter.HOME\Application Data\Image Zone Express
2009-02-11 18:47 . 2009-02-11 18:47 <DIR> d-------- c:\documents and settings\Peter.HOME\Application Data\AdobeUM
2009-02-11 18:45 . 2009-02-11 18:45 <DIR> d-------- c:\windows\Cache
2009-02-10 17:46 . 2009-02-10 17:46 <DIR> d-------- c:\program files\Tools
2009-02-10 16:32 . 2009-02-24 16:56 <DIR> d-------- c:\program files\Live For Speed S2
2009-02-09 18:17 . 2009-02-24 15:23 <DIR> d-------- c:\program files\Windows Media Connect 2
2009-02-09 18:15 . 2009-02-24 16:56 <DIR> d-------- c:\windows\system32\drivers\UMDF
2009-02-09 18:15 . 2009-02-09 18:16 <DIR> d-------- C:\8816270abdebc60577
2009-02-08 14:36 . 2004-08-03 22:58 14,848 --a------ c:\windows\system32\drivers\kbdhid.sys
2009-02-08 14:36 . 2004-08-03 22:58 14,848 --a--c--- c:\windows\system32\dllcache\kbdhid.sys
2009-02-08 14:35 . 2009-02-08 14:35 <DIR> d-------- c:\program files\Logitech
2009-02-08 14:35 . 2009-02-08 14:35 <DIR> d-------- c:\program files\Common Files\Logitech
2009-02-08 14:35 . 2005-04-12 19:09 159,744 --a------ c:\windows\system32\WmJoyFrc.dll
2009-02-08 14:35 . 2005-04-12 19:21 45,504 --a------ c:\windows\system32\drivers\WmXlCore.sys
2009-02-08 14:35 . 2005-04-12 19:21 22,240 --a------ c:\windows\system32\drivers\WmFilter.sys
2009-02-08 14:35 . 2005-04-12 19:21 17,632 --a------ c:\windows\system32\drivers\WmHidLo.sys
2009-02-08 14:35 . 2005-04-12 19:21 10,144 --a------ c:\windows\system32\drivers\WmBEnum.sys
2009-02-08 14:35 . 2005-04-12 19:21 5,600 --a------ c:\windows\system32\drivers\WmVirHid.sys
2009-02-07 14:47 . 2009-02-07 14:47 <DIR> d-------- c:\documents and settings\Kika\Application Data\360desktop
2009-02-07 11:51 . 2009-02-24 16:56 <DIR> d-------- c:\program files\CDex_150
2009-02-06 21:01 . 2009-02-07 08:55 <DIR> d-------- c:\program files\360desktop
2009-02-06 21:01 . 2009-02-06 21:01 <DIR> d-------- c:\documents and settings\Peter.HOME\Application Data\360desktop
2009-02-06 21:01 . 2009-02-06 21:01 426 --a------ c:\windows\{21D15DED-F125-46C8-8017-CB9F1CEB5B4D}_WiseFW.ini
2009-02-03 19:04 . 2006-03-13 15:50 87,824 -ra------ c:\windows\system32\drivers\w300mgmt.sys
2009-02-03 19:04 . 2006-03-13 15:50 85,696 -ra------ c:\windows\system32\drivers\w300obex.sys
2009-02-03 18:54 . 2009-02-03 19:50 <DIR> d-------- c:\program files\Disc2Phone
2009-02-03 18:50 . 2009-02-19 20:34 <DIR> d-------- c:\windows\system32\URTTemp
2009-02-03 18:49 . 2009-02-03 18:49 54,156 --ah----- c:\windows\QTFont.qfn
2009-02-03 18:49 . 2009-02-03 18:49 1,409 --a------ c:\windows\QTFont.for
2009-02-03 18:48 . 2006-03-13 15:50 96,352 -ra------ c:\windows\system32\drivers\w300mdm.sys
2009-02-03 18:48 . 2006-03-13 15:49 60,800 -ra------ c:\windows\system32\drivers\w300bus.sys
2009-02-03 18:48 . 2006-03-13 15:50 9,264 -ra------ c:\windows\system32\drivers\w300mdfl.sys
2009-02-03 18:48 . 2006-03-13 15:49 6,208 -ra------ c:\windows\system32\drivers\w300cmnt.sys
2009-02-03 18:48 . 2006-03-13 15:49 6,208 -ra------ c:\windows\system32\drivers\w300cm.sys
2009-02-03 18:48 . 2006-03-13 15:50 5,840 -ra------ c:\windows\system32\drivers\w300whnt.sys
2009-02-03 18:48 . 2006-03-13 15:50 5,840 -ra------ c:\windows\system32\drivers\w300wh.sys
2009-02-03 18:45 . 2009-02-03 18:45 <DIR> d-------- c:\documents and settings\Peter.HOME\Application Data\Teleca
2009-02-03 18:44 . 2009-02-03 18:44 <DIR> d-------- c:\documents and settings\Peter.HOME\Application Data\Sony Ericsson
2009-02-01 13:28 . 2009-02-08 14:03 <DIR> d-------- c:\documents and settings\Kika\Application Data\ICQ
2009-02-01 12:49 . 2009-02-01 13:00 <DIR> d-------- c:\program files\VirtualDJ
2009-02-01 10:18 . 2009-02-24 19:57 <DIR> d-------- c:\documents and settings\Peter.HOME\Application Data\skypePM
2009-02-01 10:18 . 2009-02-01 10:18 56 --ah----- c:\windows\system32\ezsidmv.dat
2009-02-01 10:17 . 2009-02-01 10:17 <DIR> d-------- c:\program files\Skype
2009-02-01 10:17 . 2009-02-01 10:17 <DIR> d-------- c:\program files\Common Files\Skype
2009-02-01 10:17 . 2009-02-24 20:22 <DIR> d-------- c:\documents and settings\Peter.HOME\Application Data\Skype
2009-02-01 10:16 . 2009-02-01 10:17 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Skype
2009-02-01 10:14 . 2009-02-01 10:14 <DIR> d-------- c:\program files\ICQ6.5
2009-02-01 10:14 . 2009-02-01 10:14 <DIR> d-------- c:\documents and settings\Peter.HOME\Application Data\ICQ
2009-02-01 10:14 . 2009-02-01 10:14 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\ICQ
2009-01-30 15:06 . 2009-02-20 09:35 <DIR> d-------- c:\program files\Fraps
2009-01-30 15:06 . 2009-02-20 09:36 <DIR> d-a------ c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2009-01-30 13:29 . 2009-01-31 17:01 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\NFS Underground
2009-01-27 09:00 . 2009-01-27 09:00 <DIR> d-------- c:\program files\DVD X Studios
2009-01-26 17:44 . 2009-01-26 17:44 <DIR> d-------- c:\program files\Gamepitstop.ru
2009-01-26 16:48 . 2009-01-26 16:48 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2009-01-25 14:18 . 2009-02-24 19:44 <DIR> d-------- c:\program files\EA GAMES
2009-01-25 14:18 . 2004-08-18 09:34 442,368 -ra------ c:\windows\system32\vp6vfw.dll
2009-01-24 17:13 . 2001-11-19 11:26 1,984 --a------ c:\windows\system32\drivers\papycpu2.sys
2009-01-24 17:13 . 2001-11-19 11:26 1,856 --a------ c:\windows\system32\drivers\papyjoy.sys
2009-01-24 17:13 . 2009-01-24 17:38 131 --a------ c:\windows\SIERRA.INI
2009-01-24 17:12 . 2009-01-24 17:12 <DIR> d-------- c:\documents and settings\PETER~1~HOM\LOCALS~1
2009-01-24 17:12 . 2009-01-24 17:12 <DIR> d-------- c:\documents and settings\PETER~1~HOM
2009-01-24 17:12 . 2009-01-24 17:12 <DIR> d-------- c:\documents and settings\Peter.HOME\WINDOWS
2009-01-24 16:56 . 2009-01-24 16:56 <DIR> d-------- c:\documents and settings\Peter.HOME\Application Data\Apple Computer
2009-01-24 16:56 . 2009-01-24 16:56 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer
2009-01-24 16:45 . 2009-01-24 16:45 3,932,214 --a------ c:\windows\BricoPack Wallpaper.bmp
2009-01-24 16:44 . 2009-01-24 16:51 <DIR> d-------- c:\windows\Packs

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-21 18:20 196,608 ----a-w c:\windows\system32\drivers\nStandard.bin
2009-02-20 13:38 18,304 ----a-w c:\documents and settings\Kika\Application Data\GDIPFONTCACHEV1.DAT
2009-02-11 14:44 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-10 15:06 --------- d-----w c:\program files\Common Files\InstallShield
2009-02-09 14:24 --------- d-----w c:\documents and settings\Kika\Application Data\AVGTOOLBAR
2009-02-06 20:01 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-02-01 10:00 --------- d-----w c:\program files\ICQ6Toolbar
2009-01-28 17:35 --------- d-----w c:\program files\Team17
2009-01-28 07:53 --------- d-----w c:\program files\DVDFab 5
2009-01-24 19:13 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\QuickTime
2009-01-22 16:34 --------- d-----w c:\program files\GRETECH
2009-01-22 16:34 --------- d-----w c:\documents and settings\Peter.HOME\Application Data\GRETECH
2009-01-22 16:34 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\GRETECH
2009-01-22 14:07 203,592 ----a-w c:\windows\system32\PnkBstrB.exe
2009-01-22 14:07 138,184 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-01-22 13:45 66,872 ----a-w c:\windows\system32\PnkBstrA.exe
2009-01-21 19:39 --------- d-----w c:\documents and settings\Peter.HOME\Application Data\Leadertech
2009-01-18 15:02 163,644 ----a-w c:\windows\system32\drivers\secdrv.sys
2009-01-17 13:29 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-01-17 13:29 12,552 ----a-w c:\windows\system32\drivers\avgrkx86.sys
2009-01-17 13:29 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-01-17 13:29 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2009-01-17 13:28 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\avg8
2009-01-17 13:01 --------- d--h--r c:\documents and settings\Kika\Application Data\Chromeflower
2009-01-17 13:01 --------- d--h--r c:\documents and settings\Kika\Application Data\CrystalSpace
2009-01-17 11:06 --------- d-----w c:\documents and settings\Kika\Application Data\GRETECH
2009-01-17 09:36 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2009-01-17 09:36 47,360 ----a-w c:\documents and settings\Peter.HOME\Application Data\pcouffin.sys
2009-01-17 09:36 --------- d-----w c:\documents and settings\Peter.HOME\Application Data\Vso
2009-01-17 09:05 --------- d-----w c:\documents and settings\Peter.HOME\Application Data\InstallShield
2009-01-17 09:04 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\nView_Profiles
2009-01-16 20:56 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Trymedia
2009-01-16 20:40 --------- d-----w c:\documents and settings\Peter.HOME\Application Data\HP
2009-01-16 20:40 --------- d-----w c:\documents and settings\Kika\Application Data\HP
2009-01-16 19:58 --------- d-----w c:\documents and settings\Peter.HOME\Application Data\Mp3tag
2009-01-16 19:49 --------- d-----w c:\program files\Mp3tag
2009-01-16 19:48 --------- d-----w c:\program files\DiskCheckerXP
2009-01-16 19:48 --------- d-----w c:\program files\CrystalCPUID
2009-01-16 19:46 --------- d-----w c:\documents and settings\Peter.HOME\Application Data\AVGTOOLBAR
2009-01-16 18:48 --------- d-----w c:\documents and settings\LocalService.NT AUTHORITY.000\Application Data\HP
2009-01-16 18:47 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\HP
2009-01-15 20:33 --------- d-----w c:\program files\AVG
2009-01-15 20:25 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\FLEXnet
2009-01-15 20:20 --------- d-----w c:\program files\Bonjour
2009-01-15 20:19 --------- d-----w c:\program files\Common Files\Adobe
2009-01-15 20:16 --------- d-----w c:\program files\Common Files\Macrovision Shared
2009-01-15 16:43 --------- d-----w c:\program files\Beneton Movie GIF 1.1
2009-01-15 15:33 --------- d-----w c:\program files\ASUS
2009-01-15 13:37 757,760 ----a-w c:\windows\iun6002.exe
2009-01-14 13:59 --------- d-----w c:\program files\CCleaner
2009-01-13 15:40 --------- d-----w c:\program files\DIFX
2009-01-12 14:09 --------- d-----w c:\program files\CyberLink
2009-01-12 14:09 --------- d-----w c:\program files\Common Files\Ahead
2009-01-03 08:07 81,920 ----a-w c:\windows\system32\frapsvid.dll
.

------- Sigcheck -------

2004-08-03 23:56 1049088 69cf4e2935a818e70da6640e927a6b37 c:\windows\explorer.exe
2004-08-03 23:56 2727424 92ac55e1136dc2f2fa5b53aad55e2d98 c:\windows\system32\dllcache\explorer.exe

2004-08-03 23:56 32768 26752358bc1b5912c4de5c64f508bfaa c:\windows\system32\ctfmon.exe
2004-08-03 23:56 32768 68689e891bc6122330ac09aaec30f26b c:\windows\system32\dllcache\ctfmon.exe

2004-08-03 23:56 41984 82b95e1c1e8b0695fd3506c958f2a747 c:\windows\system32\userinit.exe
2004-08-03 23:56 41472 8b5aa7d00619ea8f4efbe6704f49bf7d c:\windows\system32\dllcache\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 32768]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2008-12-17 172792]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
"Start WingMan Profiler"="c:\program files\Logitech\Profiler\lwemon.exe" [2005-04-18 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"ASUSGamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2007-07-12 401408]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-17 1601304]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 69632]
"nwiz"="nwiz.exe" [2007-06-28 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-12 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 32768]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-01-17 14:29 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.asv2"= asusasv2.dll
"msacm.divxa32"= msaud32_divx.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hlds.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hltv.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\360desktop\\360desktop.exe"=
"c:\\Program Files\\360desktop\\360manager.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Documents and Settings\\Peter.HOME\\My Documents\\downloads\\lfs\\MOMOLEDS11\\LFSmomoLeds.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-01-15 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-15 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-01-15 107272]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-17 903960]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-17 298264]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2008-12-09 222456]
R3 PSched;QoS Packet Scheduler;c:\windows\system32\drivers\psched.sys [2004-08-03 69120]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w300mgmt.sys [2009-02-03 87824]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\system32\drivers\w300obex.sys [2009-02-03 85696]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a337a56c-f2b9-11dd-8b21-00196678a68d}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(0)\command - Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b13cc7e4-eef1-11dd-8b11-00196678a68d}]
\Shell\AutoRun\command - e:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
\Shell\open\command - e:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb9937d0-f055-11dd-8b18-00196678a68d}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(0)\command - Recycled\ctfmon.exe
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-360desktop - (no file)


.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-24 20:38:41
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(752)
c:\program files\Bonjour\mdnsNSP.dll
.
Completion time: 2009-02-24 20:39:29
ComboFix-quarantined-files.txt 2009-02-24 19:39:26

Pre-Run: 285 919 805 440 bytes free
Post-Run: 14 adresárov, 285,961,629,696 voľných bajtov

269

[speedy123]

ako si na tom?? ja musim ist prec zajtra to dorobime ok??

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
c:\windows\iun6002.exe
e:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a337a56c-f2b9-11dd-8b21-00196678a68d}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b13cc7e4-eef1-11dd-8b11-00196678a68d}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb9937d0-f055-11dd-8b18-00196678a68d}]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Toto otestuj na Virustotal
C:\Windows\System32\winlogon.exe
Pokud bude ukazovat 0 bytes:
Start-spustit-napiš: notepad .do něho vlož tento celý text:

Kód: Vybrat vše

dir \winlogon.exe /a h /s > File.txt

uložit na plochu s názvem: find.bat ( všechny soubory)
Najdi ho na ploše, poklepej na něj a počkej až se okno zavře a objeví se soubor.txt
Vlož sem potom celý text z tohoto souboru.

jj, tak zítra...

[speedy123]

tu je z combofix

ComboFix 09-02-24.01 - Peter 2009-02-25 14:47:22.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.2047.1579 [GMT 1:00]
Running from: c:\documents and settings\Peter.HOME\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Peter.HOME\Desktop\CFScript.txt
AV: AVG Anti-Virus *On-access scanning enabled* (Updated)
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
c:\windows\iun6002.exe
e:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\iun6002.exe

.
((((((((((((((((((((((((( Files Created from 2009-01-25 to 2009-02-25 )))))))))))))))))))))))))))))))
.

2009-02-24 18:11 . 2009-02-24 18:11 <DIR> d-------- c:\program files\Opera
2009-02-24 16:48 . 2009-02-24 16:48 <DIR> d-------- c:\program files\Trend Micro
2009-02-24 15:20 . 2009-02-24 21:03 <DIR> d-------- c:\program files\Counter-Strike 1.6
2009-02-21 22:03 . 2009-02-21 22:03 <DIR> d-------- c:\documents and settings\Kika\Application Data\AdobeUM
2009-02-21 19:07 . 2009-02-21 19:07 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\vsosdk
2009-02-17 16:58 . 2009-02-17 16:59 <DIR> d-------- c:\program files\Valve
2009-02-16 00:13 . 1998-09-02 09:02 194,320 --a------ c:\windows\system32\qcut.dll
2009-02-16 00:13 . 1998-08-27 05:51 182,032 --a------ c:\windows\system32\dxtmsft3.dll
2009-02-16 00:13 . 1998-08-20 12:02 140,800 --a------ c:\windows\system32\tm20dec.ax
2009-02-16 00:13 . 1998-09-02 09:28 80,896 --a------ c:\windows\system32\unam4ie.exe
2009-02-16 00:13 . 1998-09-02 09:28 38,160 --a------ c:\windows\system32\LMRTREND.dll
2009-02-16 00:13 . 1998-08-17 10:21 11,776 --a------ c:\windows\system32\mciqtz.drv
2009-02-16 00:13 . 1998-08-17 10:21 10,240 --a------ c:\windows\system32\vidx16.dll
2009-02-16 00:13 . 1998-08-17 10:21 5,672 --a------ c:\windows\system32\quartz.vxd
2009-02-16 00:13 . 2009-02-16 00:13 4,608 --a------ c:\windows\system32\w95inf32.dll
2009-02-16 00:13 . 2009-02-16 00:13 2,272 --a------ c:\windows\system32\w95inf16.dll
2009-02-15 19:34 . 2009-02-15 19:34 <DIR> d-------- c:\documents and settings\Peter.HOME\Application Data\Image Zone Express
2009-02-11 18:47 . 2009-02-11 18:47 <DIR> d-------- c:\documents and settings\Peter.HOME\Application Data\AdobeUM
2009-02-11 18:45 . 2009-02-11 18:45 <DIR> d-------- c:\windows\Cache
2009-02-10 17:46 . 2009-02-10 17:46 <DIR> d-------- c:\program files\Tools
2009-02-10 16:32 . 2009-02-24 16:56 <DIR> d-------- c:\program files\Live For Speed S2
2009-02-09 18:17 . 2009-02-24 15:23 <DIR> d-------- c:\program files\Windows Media Connect 2
2009-02-09 18:15 . 2009-02-24 16:56 <DIR> d-------- c:\windows\system32\drivers\UMDF
2009-02-09 18:15 . 2009-02-09 18:16 <DIR> d-------- C:\8816270abdebc60577
2009-02-08 14:36 . 2004-08-03 22:58 14,848 --a------ c:\windows\system32\drivers\kbdhid.sys
2009-02-08 14:36 . 2004-08-03 22:58 14,848 --a--c--- c:\windows\system32\dllcache\kbdhid.sys
2009-02-08 14:35 . 2009-02-08 14:35 <DIR> d-------- c:\program files\Logitech
2009-02-08 14:35 . 2009-02-08 14:35 <DIR> d-------- c:\program files\Common Files\Logitech
2009-02-08 14:35 . 2005-04-12 19:09 159,744 --a------ c:\windows\system32\WmJoyFrc.dll
2009-02-08 14:35 . 2005-04-12 19:21 45,504 --a------ c:\windows\system32\drivers\WmXlCore.sys
2009-02-08 14:35 . 2005-04-12 19:21 22,240 --a------ c:\windows\system32\drivers\WmFilter.sys
2009-02-08 14:35 . 2005-04-12 19:21 17,632 --a------ c:\windows\system32\drivers\WmHidLo.sys
2009-02-08 14:35 . 2005-04-12 19:21 10,144 --a------ c:\windows\system32\drivers\WmBEnum.sys
2009-02-08 14:35 . 2005-04-12 19:21 5,600 --a------ c:\windows\system32\drivers\WmVirHid.sys
2009-02-07 14:47 . 2009-02-07 14:47 <DIR> d-------- c:\documents and settings\Kika\Application Data\360desktop
2009-02-07 11:51 . 2009-02-24 16:56 <DIR> d-------- c:\program files\CDex_150
2009-02-06 21:01 . 2009-02-07 08:55 <DIR> d-------- c:\program files\360desktop
2009-02-06 21:01 . 2009-02-06 21:01 <DIR> d-------- c:\documents and settings\Peter.HOME\Application Data\360desktop
2009-02-06 21:01 . 2009-02-06 21:01 426 --a------ c:\windows\{21D15DED-F125-46C8-8017-CB9F1CEB5B4D}_WiseFW.ini
2009-02-03 19:04 . 2006-03-13 15:50 87,824 -ra------ c:\windows\system32\drivers\w300mgmt.sys
2009-02-03 19:04 . 2006-03-13 15:50 85,696 -ra------ c:\windows\system32\drivers\w300obex.sys
2009-02-03 18:54 . 2009-02-03 19:50 <DIR> d-------- c:\program files\Disc2Phone
2009-02-03 18:50 . 2009-02-19 20:34 <DIR> d-------- c:\windows\system32\URTTemp
2009-02-03 18:49 . 2009-02-03 18:49 54,156 --ah----- c:\windows\QTFont.qfn
2009-02-03 18:49 . 2009-02-03 18:49 1,409 --a------ c:\windows\QTFont.for
2009-02-03 18:48 . 2006-03-13 15:50 96,352 -ra------ c:\windows\system32\drivers\w300mdm.sys
2009-02-03 18:48 . 2006-03-13 15:49 60,800 -ra------ c:\windows\system32\drivers\w300bus.sys
2009-02-03 18:48 . 2006-03-13 15:50 9,264 -ra------ c:\windows\system32\drivers\w300mdfl.sys
2009-02-03 18:48 . 2006-03-13 15:49 6,208 -ra------ c:\windows\system32\drivers\w300cmnt.sys
2009-02-03 18:48 . 2006-03-13 15:49 6,208 -ra------ c:\windows\system32\drivers\w300cm.sys
2009-02-03 18:48 . 2006-03-13 15:50 5,840 -ra------ c:\windows\system32\drivers\w300whnt.sys
2009-02-03 18:48 . 2006-03-13 15:50 5,840 -ra------ c:\windows\system32\drivers\w300wh.sys
2009-02-03 18:45 . 2009-02-03 18:45 <DIR> d-------- c:\documents and settings\Peter.HOME\Application Data\Teleca
2009-02-03 18:44 . 2009-02-03 18:44 <DIR> d-------- c:\documents and settings\Peter.HOME\Application Data\Sony Ericsson
2009-02-01 13:28 . 2009-02-08 14:03 <DIR> d-------- c:\documents and settings\Kika\Application Data\ICQ
2009-02-01 12:49 . 2009-02-01 13:00 <DIR> d-------- c:\program files\VirtualDJ
2009-02-01 10:18 . 2009-02-25 14:35 <DIR> d-------- c:\documents and settings\Peter.HOME\Application Data\skypePM
2009-02-01 10:18 . 2009-02-01 10:18 56 --ah----- c:\windows\system32\ezsidmv.dat
2009-02-01 10:17 . 2009-02-01 10:17 <DIR> d-------- c:\program files\Skype
2009-02-01 10:17 . 2009-02-01 10:17 <DIR> d-------- c:\program files\Common Files\Skype
2009-02-01 10:17 . 2009-02-25 14:45 <DIR> d-------- c:\documents and settings\Peter.HOME\Application Data\Skype
2009-02-01 10:16 . 2009-02-01 10:17 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Skype
2009-02-01 10:14 . 2009-02-01 10:14 <DIR> d-------- c:\program files\ICQ6.5
2009-02-01 10:14 . 2009-02-01 10:14 <DIR> d-------- c:\documents and settings\Peter.HOME\Application Data\ICQ
2009-02-01 10:14 . 2009-02-01 10:14 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\ICQ
2009-01-30 15:06 . 2009-02-20 09:35 <DIR> d-------- c:\program files\Fraps
2009-01-30 15:06 . 2009-02-20 09:36 <DIR> d-a------ c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2009-01-30 13:29 . 2009-01-31 17:01 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\NFS Underground
2009-01-27 09:00 . 2009-01-27 09:00 <DIR> d-------- c:\program files\DVD X Studios
2009-01-26 17:44 . 2009-01-26 17:44 <DIR> d-------- c:\program files\Gamepitstop.ru
2009-01-26 16:48 . 2009-01-26 16:48 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2009-01-25 14:18 . 2009-02-24 19:44 <DIR> d-------- c:\program files\EA GAMES
2009-01-25 14:18 . 2004-08-18 09:34 442,368 -ra------ c:\windows\system32\vp6vfw.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-21 18:20 196,608 ----a-w c:\windows\system32\drivers\nStandard.bin
2009-02-20 13:38 18,304 ----a-w c:\documents and settings\Kika\Application Data\GDIPFONTCACHEV1.DAT
2009-02-11 14:44 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-10 15:06 --------- d-----w c:\program files\Common Files\InstallShield
2009-02-09 14:24 --------- d-----w c:\documents and settings\Kika\Application Data\AVGTOOLBAR
2009-02-06 20:01 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-02-01 10:00 --------- d-----w c:\program files\ICQ6Toolbar
2009-01-28 17:35 --------- d-----w c:\program files\Team17
2009-01-28 07:53 --------- d-----w c:\program files\DVDFab 5
2009-01-24 19:13 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\QuickTime
2009-01-24 15:56 --------- d-----w c:\documents and settings\Peter.HOME\Application Data\Apple Computer
2009-01-24 15:56 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer
2009-01-22 16:34 --------- d-----w c:\program files\GRETECH
2009-01-22 16:34 --------- d-----w c:\documents and settings\Peter.HOME\Application Data\GRETECH
2009-01-22 16:34 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\GRETECH
2009-01-22 14:07 203,592 ----a-w c:\windows\system32\PnkBstrB.exe
2009-01-22 14:07 138,184 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-01-22 13:45 66,872 ----a-w c:\windows\system32\PnkBstrA.exe
2009-01-21 19:39 --------- d-----w c:\documents and settings\Peter.HOME\Application Data\Leadertech
2009-01-18 15:02 163,644 ----a-w c:\windows\system32\drivers\secdrv.sys
2009-01-17 13:29 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-01-17 13:29 12,552 ----a-w c:\windows\system32\drivers\avgrkx86.sys
2009-01-17 13:29 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-01-17 13:29 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2009-01-17 13:28 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\avg8
2009-01-17 13:01 --------- d--h--r c:\documents and settings\Kika\Application Data\Chromeflower
2009-01-17 13:01 --------- d--h--r c:\documents and settings\Kika\Application Data\CrystalSpace
2009-01-17 11:06 --------- d-----w c:\documents and settings\Kika\Application Data\GRETECH
2009-01-17 09:36 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2009-01-17 09:36 47,360 ----a-w c:\documents and settings\Peter.HOME\Application Data\pcouffin.sys
2009-01-17 09:36 --------- d-----w c:\documents and settings\Peter.HOME\Application Data\Vso
2009-01-17 09:05 --------- d-----w c:\documents and settings\Peter.HOME\Application Data\InstallShield
2009-01-17 09:04 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\nView_Profiles
2009-01-16 20:56 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Trymedia
2009-01-16 20:40 --------- d-----w c:\documents and settings\Peter.HOME\Application Data\HP
2009-01-16 20:40 --------- d-----w c:\documents and settings\Kika\Application Data\HP
2009-01-16 19:58 --------- d-----w c:\documents and settings\Peter.HOME\Application Data\Mp3tag
2009-01-16 19:49 --------- d-----w c:\program files\Mp3tag
2009-01-16 19:48 --------- d-----w c:\program files\DiskCheckerXP
2009-01-16 19:48 --------- d-----w c:\program files\CrystalCPUID
2009-01-16 19:46 --------- d-----w c:\documents and settings\Peter.HOME\Application Data\AVGTOOLBAR
2009-01-16 18:48 --------- d-----w c:\documents and settings\LocalService.NT AUTHORITY.000\Application Data\HP
2009-01-16 18:47 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\HP
2009-01-15 20:33 --------- d-----w c:\program files\AVG
2009-01-15 20:25 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\FLEXnet
2009-01-15 20:20 --------- d-----w c:\program files\Bonjour
2009-01-15 20:19 --------- d-----w c:\program files\Common Files\Adobe
2009-01-15 20:16 --------- d-----w c:\program files\Common Files\Macrovision Shared
2009-01-15 16:43 --------- d-----w c:\program files\Beneton Movie GIF 1.1
2009-01-15 15:33 --------- d-----w c:\program files\ASUS
2009-01-14 13:59 --------- d-----w c:\program files\CCleaner
2009-01-13 15:40 --------- d-----w c:\program files\DIFX
2009-01-12 14:09 --------- d-----w c:\program files\CyberLink
2009-01-12 14:09 --------- d-----w c:\program files\Common Files\Ahead
2009-01-03 08:07 81,920 ----a-w c:\windows\system32\frapsvid.dll
.

------- Sigcheck -------

2004-08-03 23:56 1049088 69cf4e2935a818e70da6640e927a6b37 c:\windows\explorer.exe
2004-08-03 23:56 2727424 92ac55e1136dc2f2fa5b53aad55e2d98 c:\windows\system32\dllcache\explorer.exe

2004-08-03 23:56 32768 26752358bc1b5912c4de5c64f508bfaa c:\windows\system32\ctfmon.exe
2004-08-03 23:56 32768 68689e891bc6122330ac09aaec30f26b c:\windows\system32\dllcache\ctfmon.exe

2004-08-03 23:56 41984 82b95e1c1e8b0695fd3506c958f2a747 c:\windows\system32\userinit.exe
2004-08-03 23:56 41472 8b5aa7d00619ea8f4efbe6704f49bf7d c:\windows\system32\dllcache\userinit.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-02-24_20.38.56,93 )))))))))))))))))))))))))))))))))))))))))
.
- 2000-08-31 07:00:00 49,152 ----a-w c:\windows\NIRCMD.exe
+ 2000-08-31 07:00:00 48,640 ----a-w c:\windows\NIRCMD.exe
- 2009-02-24 17:44:34 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-02-25 13:34:32 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-02-24 17:44:34 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-02-25 13:34:32 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-02-24 17:44:34 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-25 13:34:32 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 32768]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2008-12-17 172792]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
"Start WingMan Profiler"="c:\program files\Logitech\Profiler\lwemon.exe" [2005-04-18 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"ASUSGamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2007-07-12 401408]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-17 1601304]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 69632]
"nwiz"="nwiz.exe" [2007-06-28 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-12 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 32768]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-01-17 14:29 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.asv2"= asusasv2.dll
"msacm.divxa32"= msaud32_divx.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hlds.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hltv.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\360desktop\\360desktop.exe"=
"c:\\Program Files\\360desktop\\360manager.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Documents and Settings\\Peter.HOME\\My Documents\\downloads\\lfs\\MOMOLEDS11\\LFSmomoLeds.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-01-15 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-15 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-01-15 107272]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-17 903960]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-17 298264]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2008-12-09 222456]
R3 PSched;QoS Packet Scheduler;c:\windows\system32\drivers\psched.sys [2004-08-03 69120]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w300mgmt.sys [2009-02-03 87824]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\system32\drivers\w300obex.sys [2009-02-03 85696]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-25 14:48:54
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(752)
c:\program files\Bonjour\mdnsNSP.dll
.
Completion time: 2009-02-25 14:49:41
ComboFix-quarantined-files.txt 2009-02-25 13:49:38
ComboFix2.txt 2009-02-24 19:39:29

Pre-Run: 285 940 412 416 bytes free
Post-Run: 14 adresárov, 285,926,318,080 voľných bajtov

263

[speedy123]

a tu z hijack this

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:51:42, on 25.2.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 5627 bytes

[speedy123]

noo a tu stranku co si mi dal tak tak ako uploadovu rychlos ci ako?? ako hodi to tam nwm ci to je v poriadku

vysledok by mal byt 0/32