Moc prosim o kontrolu logu

SiRuK · Příspěvekod **SiRuK** » 29 srp 2007 19:09

snad to je tohle OTMoveIt

Reklama

SiRuK · Příspěvekod **SiRuK** » 29 srp 2007 19:16

tak zase bez uspechu :cry:

Log z OTMoveIt

File/Folder C:\WINDOWS\effdcd.dll not found.
File/Folder C:\WINDOWS\geebya.dll not found.
File/Folder C:\WINDOWS\sstqpq.dll not found.
File/Folder C:\WINDOWS\vtuurr.dll not found.
File/Folder C:\WINDOWS\system32\{F8C97EA1-D5D9-4E39-B663-BE21C93444D9}.exe not found.

Created on 08.29.2007 19:14:30

sakiri · Příspěvekod **sakiri** » 29 srp 2007 20:11

Při této akci je nutné mí t ComboFix na ploše již by jsi ho tam měl mít stažený.

Spusť Notepad (Poznámkový blok) a vlož do něj celý text z toho bílého políčka:

Kód: Vybrat vše

File::
c:\windows\system32\mstsdsc.exe
C:\tmp1.tmp.exe
c:\windows\system32\a.exe
c:\DriverLoad\windrv0.exe
C:\WINDOWS\system32\lsasss.exe
C:\DOCUME~1\Adela\LOCALS~1\Temp\tmp1.tmp.exe

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark_X79-55]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MemoryManager]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"alpha"=-
"beta"=-

Pak dej Soubor (File) -> Uložit jako (Save As) -> jak je Název souboru (File name) tak do toho řádku napiš: CFScript.txt
Typ souboru (Save as type) tak tam vyber *všechny soubory (*all files)
A ulož ho na plochu.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix a když se oba soubory překryjí, skript upusť
- Automaticky se spustí ComboFix
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení čistícího procesu a případném restartu počítače by se ti měl zobrazit log. Jinak umístěný C:\ComboFix.txt
- Tak sem zkopíruj celý jeho obsah

A řekni jestli ti už jdou prohlížet stránky.

SiRuK · Příspěvekod **SiRuK** » 29 srp 2007 21:15

Tady je log z COMBOFIXU

ComboFix 07-08-29.3 - "Adela" 2007-08-29 20:59:10.2 - NTFSx86
Syst‚m Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.135 [GMT 2:00]
Command switches used :: C:\Documents and Settings\Adela\Plocha\CFScript.txt

FILE::
c:\windows\system32\mstsdsc.exe
C:\tmp1.tmp.exe
c:\windows\system32\a.exe
c:\DriverLoad\windrv0.exe
C:\WINDOWS\system32\lsasss.exe
C:\DOCUME~1\Adela\LOCALS~1\Temp\tmp1.tmp.exe

((((((((((((((((((((((((( Files Created from 2007-07-28 to 2007-08-29 )))))))))))))))))))))))))))))))

2007-08-29 19:13 210,432 --a------ C:\OTMoveIt.exe
2007-08-29 16:54 111,616 --a------ C:\VundoFix.exe
2007-08-29 16:54 <DIR> d-------- C:\VundoFix Backups
2007-08-29 14:13 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-29 13:18 <DIR> d-a------ C:\WINDOWS\zts2.exe
2007-08-29 13:18 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2007-08-29 13:18 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2007-08-29 13:18 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2007-08-29 13:18 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2007-08-29 13:18 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2007-08-29 12:52 147,968 --a------ C:\WINDOWS\R.COM
2007-08-29 12:52 137,216 --a------ C:\WINDOWS\system32\T.COM
2007-08-29 12:47 <DIR> d-------- C:\Program Files\CCleaner
2007-08-28 23:17 130,048 --a------ C:\avenger.exe
2007-08-28 18:04 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-08-28 18:04 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\SUPERAntiSpyware.com
2007-08-28 18:03 401,720 --a------ C:\fluffy.exe
2007-08-28 18:03 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-28 17:49 <DIR> d-------- C:\WINDOWS\ERUNT
2007-08-28 15:14 <DIR> d-------- C:\backups
2007-08-28 14:33 77,312 --a------ C:\WINDOWS\ua2.dll
2007-08-28 13:58 233,868 --a------ C:\LSPRegBackup_28082007_135806.REG
2007-08-27 20:58 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-08-27 20:58 298,104 --a------ C:\WINDOWS\system32\imon.dll
2007-08-27 20:58 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2007-08-27 20:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Eset
2007-08-27 20:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Spybot - Search & Destroy
2007-08-26 18:41 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-08-26 18:41 <DIR> d-------- C:\WINDOWS\$hf_mig$
2007-08-21 18:39 <DIR> d-------- C:\Program Files\NetLimiter 2 Pro
2007-08-21 18:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Locktime
2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-29 12:49 --------- d-------- C:\Program Files\ICQ6
2007-08-20 09:36 --------- d-------- C:\Program Files\ICQLite
2007-07-31 20:36 --------- d-------- C:\Program Files\Mozilla Firefox24
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-27 21:39 --------- d-------- C:\Program Files\ICQToolbar
2007-07-27 20:52 --------- d-------- C:\Program Files\Radmin
2007-07-27 16:40 --------- d-------- C:\Program Files\PowerArchiver
2007-07-18 11:08 --------- d-------- C:\Program Files\VoipDiscount.com
2007-07-17 14:14 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-06-26 08:10 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-20 13:42 70331 --a------ C:\Program Files\client.rar
2007-06-13 15:23 1033728 --a------ C:\WINDOWS\explorer.exe
2001-01-11 09:02 794624 --a------ C:\WINDOWS\inf\OTHER\AUDIO3D.DLL

((((((((((((((((((((((((((((( snapshot_2007-08-29_141922.97 )))))))))))))))))))))))))))))))))))))))))

------w 16,384 2007-08-29 17:22:44 C:\WINDOWS\Temp\Cookies\index.dat
------w 32,768 2007-08-29 17:22:44 C:\WINDOWS\Temp\History\History.IE5\index.dat
------w 32,768 2007-08-29 17:59:48 C:\WINDOWS\Temp\History\History.IE5\MSHist012007082920070830\index.dat
------w 32,768 2007-08-29 17:22:44 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat

------w 16,384 2007-08-29 12:18:19 C:\WINDOWS\Temp\Cookies\index.dat
------w 32,768 2007-08-29 12:18:19 C:\WINDOWS\Temp\History\History.IE5\index.dat
------w 32,768 2007-08-29 12:18:21 C:\WINDOWS\Temp\History\History.IE5\MSHist012007082920070830\index.dat
------w 32,768 2007-08-29 12:18:19 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-08-27 20:58]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"ICQ Lite"=C:\Program Files\ICQLite\ICQLite.exe -trayboot

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADriver]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Speaker Configuration]
C:\PROGRA~1\C-Media\WIN_ME\Setup.exe /SPEAKER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CDriver]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]
RunDll32 cmicnfg.cpl,CMICtrlWnd

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DDriver]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverCheck]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverLoad]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FDriver]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
????

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MRT]
"C:\WINDOWS\system32\MRT.exe" /R

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
????

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemDriver]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemDriverLoad]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipDiscount]
"C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" -nosplash -minimized

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys
R1 nltdi;nltdi;\??\C:\WINDOWS\system32\drivers\nltdi.sys
R1 raddrvv3;raddrvv3;\??\C:\WINDOWS\system32\rserver30\raddrvv3.sys
R2 r_server;Remote Administrator Service;"C:\WINDOWS\system32\r_server.exe" /service
R3 mirrorv3;mirrorv3;C:\WINDOWS\system32\DRIVERS\rminiv3.sys
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
S0 pgpwwgci;pgpwwgci;C:\WINDOWS\system32\drivers\fksjvuil.sys
S2 RServer3;Radmin Server V3;"C:\WINDOWS\system32\rserver30\RServer3.exe" /service

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Schedule

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-29 21:01:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-29 21:02:29
C:\ComboFix-quarantined-files.txt ... 2007-08-29 21:02
C:\ComboFix2.txt ... 2007-08-29 14:20

--- E O F ---

STALE NEJDE NACITANI STRANEK :cry:

sakiri · Příspěvekod **sakiri** » 30 srp 2007 11:28

Již jsem tu.

Smaž tento soubor:
C:\WINDOWS\system32\drivers\fksjvuil.sys

Pokud by nešel smazat tak řekni.

Spusť CMD (Příkazový řádek) a napiš (zkopíruj) do něj tento příkaz:

reg delete HKLM\SYSTEM\CurrentControlSet\Services\pgpwwgci /f

Stiskni enter.
A restartuj PC.

Poté sem vlož nový log z ComboFixu.

Použij taky HostsXpert:
Stáhni si HostsXpert a rozbal ho do vlastní složky. A spusť ho.
Klikni na tlačítko Restore MS Hosts File a potvrď stisknutím na OK. Poté až to obnoví hosts soubor tak klikni na Make ReadOnly?
A restartuj PC.

V případě že když klikneš na Restore MS Hosts File a potvrdíš tu hlášku a vyskočí chyba ve znění:
ERROR:Cannot create file C:\WINDOWS\system32\drivers\etc\hosts

v tom případě budeš musem kliknout na - Make Writeable? potom by již vše mělo jít podle návodu co jsem napsal výše.

A řekni jestli fungujou stránky.

SiRuK · Příspěvekod **SiRuK** » 30 srp 2007 13:04

Takze soubor C:\WINDOWS\system32\drivers\fksjvuil.sys nesel smazat, protoze tam nebyl :(...
Jinak ten registr sel pres prikazovy radek smazat bez problemu...
S HostXpert jsem provedl vse podle pokynu ale nepomohlo to:( stale se stranky nenacitaji ale icq jde:(...

Tady je log z ComboFix

ComboFix 07-08-29.3 - "Adela" 2007-08-30 11:57:37.3 - NTFSx86
Syst‚m Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.140 [GMT 2:00]

((((((((((((((((((((((((( Files Created from 2007-07-28 to 2007-08-30 )))))))))))))))))))))))))))))))

2007-08-29 19:13 210,432 --a------ C:\OTMoveIt.exe
2007-08-29 16:54 111,616 --a------ C:\VundoFix.exe
2007-08-29 16:54 <DIR> d-------- C:\VundoFix Backups
2007-08-29 14:13 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-29 13:18 <DIR> d-a------ C:\WINDOWS\zts2.exe
2007-08-29 13:18 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2007-08-29 13:18 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2007-08-29 13:18 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2007-08-29 13:18 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2007-08-29 13:18 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2007-08-29 12:52 147,968 --a------ C:\WINDOWS\R.COM
2007-08-29 12:52 137,216 --a------ C:\WINDOWS\system32\T.COM
2007-08-29 12:47 <DIR> d-------- C:\Program Files\CCleaner
2007-08-28 23:17 130,048 --a------ C:\avenger.exe
2007-08-28 18:04 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-08-28 18:04 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\SUPERAntiSpyware.com
2007-08-28 18:03 401,720 --a------ C:\fluffy.exe
2007-08-28 18:03 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-28 17:49 <DIR> d-------- C:\WINDOWS\ERUNT
2007-08-28 15:14 <DIR> d-------- C:\backups
2007-08-28 14:33 77,312 --a------ C:\WINDOWS\ua2.dll
2007-08-28 13:58 233,868 --a------ C:\LSPRegBackup_28082007_135806.REG
2007-08-27 20:58 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-08-27 20:58 298,104 --a------ C:\WINDOWS\system32\imon.dll
2007-08-27 20:58 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2007-08-27 20:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Eset
2007-08-27 20:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Spybot - Search & Destroy
2007-08-26 18:41 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-08-26 18:41 <DIR> d-------- C:\WINDOWS\$hf_mig$
2007-08-21 18:39 <DIR> d-------- C:\Program Files\NetLimiter 2 Pro
2007-08-21 18:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Locktime
2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-27 20:52 708,608 --a------ C:\WINDOWS\system32\r_server.exe
2007-07-27 20:52 29,600 --a------ C:\WINDOWS\system32\raddrv.dll
2007-07-27 16:50 <DIR> d-------- C:\Program Files\Radmin
2007-07-27 16:40 <DIR> d-------- C:\Program Files\PowerArchiver
2007-07-17 14:14 <DIR> d-------- C:\Program Files\ICQToolbar
2007-07-17 14:13 <DIR> d-------- C:\Program Files\ICQ6

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-20 09:36 --------- d-------- C:\Program Files\ICQLite
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-17 14:14 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-06-26 08:10 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-20 13:42 70331 --a------ C:\Program Files\client.rar
2007-06-13 15:23 1033728 --a------ C:\WINDOWS\explorer.exe
2001-01-11 09:02 794624 --a------ C:\WINDOWS\inf\OTHER\AUDIO3D.DLL

((((((((((((((((((((((((((((( snapshot_2007-08-29_141922.97 )))))))))))))))))))))))))))))))))))))))))

------w 16,384 2007-08-30 09:52:19 C:\WINDOWS\Temp\Cookies\index.dat
------w 32,768 2007-08-30 09:52:19 C:\WINDOWS\Temp\History\History.IE5\index.dat
------w 32,768 2007-08-29 20:20:49 C:\WINDOWS\Temp\History\History.IE5\MSHist012007082920070830\index.dat
----a-w 49,152 2007-08-30 09:52:20 C:\WINDOWS\Temp\History\History.IE5\MSHist012007083020070831\index.dat
------w 32,768 2007-08-30 09:52:19 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat

------w 16,384 2007-08-29 12:18:19 C:\WINDOWS\Temp\Cookies\index.dat
------w 32,768 2007-08-29 12:18:19 C:\WINDOWS\Temp\History\History.IE5\index.dat
------w 32,768 2007-08-29 12:18:21 C:\WINDOWS\Temp\History\History.IE5\MSHist012007082920070830\index.dat
------w 32,768 2007-08-29 12:18:19 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-08-27 20:58]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADriver]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Speaker Configuration]
C:\PROGRA~1\C-Media\WIN_ME\Setup.exe /SPEAKER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CDriver]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]
RunDll32 cmicnfg.cpl,CMICtrlWnd

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DDriver]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverCheck]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverLoad]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FDriver]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
????

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MRT]
"C:\WINDOWS\system32\MRT.exe" /R

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
????

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemDriver]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemDriverLoad]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipDiscount]
"C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" -nosplash -minimized

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys
R1 nltdi;nltdi;\??\C:\WINDOWS\system32\drivers\nltdi.sys
R1 raddrvv3;raddrvv3;\??\C:\WINDOWS\system32\rserver30\raddrvv3.sys
R2 r_server;Remote Administrator Service;"C:\WINDOWS\system32\r_server.exe" /service
R3 mirrorv3;mirrorv3;C:\WINDOWS\system32\DRIVERS\rminiv3.sys
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
S2 RServer3;Radmin Server V3;"C:\WINDOWS\system32\rserver30\RServer3.exe" /service

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Schedule

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-30 11:59:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-30 12:00:42
C:\ComboFix-quarantined-files.txt ... 2007-08-30 12:00
C:\ComboFix2.txt ... 2007-08-29 21:02
C:\ComboFix3.txt ... 2007-08-29 14:20

--- E O F ---

SiRuK · Příspěvekod **SiRuK** » 31 srp 2007 14:24

pls help me :cry:

sakiri · Příspěvekod **sakiri** » 31 srp 2007 15:17

Můžeš mi říct jakého máš poskytovatele internetu?

Protože DNS servery pod 017 v HJT logu odkazují do Ameriky.
Má to tak být?

Wence · Příspěvekod **Wence** » 31 srp 2007 15:24

Zdravím, prosím o kontrolu logu, děkuji předem.

Logfile of HijackThis v1.99.1
Scan saved at 15:22:23, on 31.8.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\winsys2.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Companion Suite IH\MFServices.exe
C:\Program Files\Companion Suite IH\MFPrintServer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Programy\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\COMPAN~3\ONETOU~3.EXE
O4 - HKLM\..\Run: [MFServices] "C:\Program Files\Companion Suite IH\MFServices.exe" -n
O4 - HKLM\..\Run: [MFPrintServer] "C:\Program Files\Companion Suite IH\MFPrintServer.exe"
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autofix /waitprograms
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Download with &FileFactory Turbo - C:\Program Files\FileFactory Turbo\Plugins\IE\FileFactoryIE.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 6860645000
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: sgbx_device - Sagem - C:\WINDOWS\system32\sgbxcoms.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programy\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

sakiri · Příspěvekod **sakiri** » 31 srp 2007 15:26

Wence založ si prosím vlastní téma a vlož do něj svůj log z HJT.

SiRuK · Příspěvekod **SiRuK** » 31 srp 2007 17:06

mam bluetone adsl... asi to nejakej vir prenastavil... jde to dat nejak zpatky??

sakiri · Příspěvekod **sakiri** » 31 srp 2007 20:33

Pro SiRuK:
V HJT fixni:
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

A restartuj PC.

A poté kontaktuj tvého poskytovatele internetu a zjisti IP adresy DNS serverů. A pak je nastav.

Nebo pokud nepoužíváš pevnou IP atd. tak postupuj takto:

Tempest píše:Jestliže nepoužíváte pevnou IP adresu, proxy atd., v sekci Start - Nastavení - Ovládací panely - Síťová připojení - Připojení k místní síti - Vlastnosti - Protokol sítě Internet (TCP/IP) - Vlastnosti zvolíme Získat adresu IP ze serveru DHCP automaticky a Získat adresu serveru DNS automaticky.

A poté řekni jestli ti jdou prohlížet stránky.

Moc prosim o kontrolu logu

Kontrola Logu.

Kdo je online