Prosim o kontrolu logu ( VYŘEŠENO)

tomas_ch · Příspěvekod **tomas_ch** » 06 zář 2007 16:22

Dobry den.
Prosim o kontrolu logu.
Dekuji

Logfile of HijackThis v1.99.1
Scan saved at 16:17:14, on 6.9.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WinProxy\WinProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ICQLite\ICQLite.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\totalcmd\TOTALCMD.EXE
H:\vir\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page ... _id=152757
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.seznam.cz/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.1:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem219.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho13.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunServices: [C121A1C6] C:\WINDOWS\System32\xjjfuogpg.exe
O4 - HKLM\..\RunServices: [Microsoft Update] wuagtrd.exe
O4 - HKLM\..\RunServices: [Micro Update] dailin.exe
O4 - HKLM\..\RunServices: [Micr Update] soundblaster.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind13.dll (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/
O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90} (Loader Class) - http://connect.online-dialer.com/MaConnect.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares ... _adult.cab
O16 - DPF: {4ADC518E-B607-11D4-B395-0001020F4519} (SigVer Class) - https://ib24.csob.cz/Comp/signer.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab
O16 - DPF: {E8EDB60C-951E-4130-93DC-FAF1AD25F8E7} (MoneyTree Dialer) - http://xbs.mtree.com/mt/dialers/fc/UniDist.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{8043079A-D5C6-4DAB-8DCE-93BBE9FF64B2}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: WinProxy - M&M hist - C:\WinProxy\WinProxy.exe

Reklama

Příspěvekod **fredik** » 06 zář 2007 17:26

Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

tomas_ch · Příspěvekod **tomas_ch** » 06 zář 2007 18:10

ComboFix 07-09-06.4 - "Administrator" 2007-09-06 18:03:06.1 - FAT32x86
Syst‚m Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.419 [GMT 2:00]
* Created a new restore point

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\M.EXE
C:\Program Files\dialers
C:\Program Files\internet optimizer
C:\Program Files\SideFind
C:\setup.exe
C:\WINDOWS\system32\media
C:\WINDOWS\system32\media\AvidRender.wav
C:\WINDOWS\system32\winsys.exe

((((((((((((((((((((((((( Files Created from 2007-08-06 to 2007-09-06 )))))))))))))))))))))))))))))))

2007-09-06 18:02 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-04 20:02 <DIR> d-------- C:\TEMP\podvazek
2007-09-03 22:03 1,056 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-09-03 19:41 <DIR> d-------- C:\Program Files\legis
2007-08-30 15:35 <DIR> d-------- C:\WINDOWS\system32\cs-cz
2007-08-29 18:39 <DIR> d--hs---- C:\FOUND.023
2007-08-29 16:34 <DIR> d--hs---- C:\FOUND.022
2007-08-29 14:22 <DIR> d--hs---- C:\FOUND.021
2007-08-28 22:52 <DIR> d--hs---- C:\FOUND.020
2007-08-28 22:15 <DIR> d--hs---- C:\FOUND.019
2007-08-28 21:51 <DIR> d--hs---- C:\FOUND.018
2007-08-28 14:47 <DIR> d--hs---- C:\FOUND.017
2007-08-28 13:03 <DIR> d--hs---- C:\FOUND.016
2007-08-26 21:07 <DIR> d-------- C:\TEMP\billboard
2007-08-21 17:30 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-08-21 17:30 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
2007-08-21 17:30 <DIR> d-------- C:\Program Files\ffdshow
2007-08-21 17:29 <DIR> d-------- C:\Program Files\AC3Filter
2007-08-21 16:35 188,482 -ra------ C:\WINDOWS\system32\helixprodctrl.dll
2007-08-21 16:34 385,108 --a------ C:\WINDOWS\system32\csedv.dll
2007-08-21 16:34 376,832 --a------ C:\WINDOWS\system32\hlcdvc.dll
2007-08-21 16:34 32,256 --a------ C:\WINDOWS\system32\cdvccodc.dll
2007-08-21 16:34 22,528 --a------ C:\WINDOWS\system32\csthread.dll
2007-08-21 16:34 159,832 --a------ C:\WINDOWS\system32\csccdvc.dll
2007-08-21 16:34 147,456 --a------ C:\WINDOWS\system32\csccdvcx.dll
2007-08-21 16:34 1,089,625 --a------ C:\WINDOWS\system32\csedvh.dll
2007-08-21 16:34 <DIR> d-------- C:\Program Files\Canopus
2007-08-19 12:37 <DIR> d-------- C:\Program Files\MainConcept
2007-08-18 13:39 <DIR> d-------- C:\Program Files\Mv2Player
2007-08-18 03:40 <DIR> d-------- C:\Program Files\TrayMessMags
2007-08-18 03:39 <DIR> d-------- C:\Program Files\3wPlayer

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-01 18:58 --------- d-------- C:\Program Files\Crystal Software
2007-07-30 20:48 --------- d-------- C:\Program Files\Skype
2007-07-30 20:48 --------- d-------- C:\Program Files\Common Files\Skype
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\WUPS2.DLL
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-28 11:55 --------- d-------- C:\Program Files\MagicISO
2007-07-28 11:55 --------- d-------- C:\Program Files\Common Files\Crystal Decisions
2007-07-28 11:55 --------- d-------- C:\Program Files\AML Products
2007-07-19 08:58 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-13 01:32 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-27 16:10 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 16:09 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 16:09 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 16:09 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 16:09 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 16:09 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 16:09 44544 --------- C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 16:09 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 16:09 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 16:09 232960 --------- C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 16:09 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 16:09 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 16:09 105984 --------- C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 16:09 102400 --------- C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 16:08 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 16:08 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 16:08 230400 --------- C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 16:08 153088 --------- C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 16:08 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 16:08 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 10:27 63488 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 10:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 10:26 625152 --------- C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 09:00 161792 --a------ C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 08:10 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 08:10 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 15:32 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 15:32 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-14 20:11 474112 --------- C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-06-14 20:11 151552 --------- C:\WINDOWS\system32\dllcache\cdfview.dll
2007-06-14 20:11 1495040 --------- C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-06-14 20:11 1055232 --------- C:\WINDOWS\system32\dllcache\danim.dll
2007-06-14 20:11 1023488 --------- C:\WINDOWS\system32\dllcache\browseui.dll
2007-06-13 15:23 1033728 --a------ C:\WINDOWS\explorer.exe
2007-06-13 15:23 1033728 --------- C:\WINDOWS\system32\dllcache\explorer.exe
2003-09-05 10:52 2893952 --a------ C:\Program Files\PPView97.exe

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000010-6F7D-442C-93E3-4A4827C2E4C8}]
C:\WINDOWS\nem219.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3FDD654-A057-4971-9844-4ED8E67DBBB8}]
C:\Program Files\SideFind\sfbho13.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2002-10-15 23:18]
"SW20"="C:\WINDOWS\system32\sw20.exe" [2005-06-29 11:08]
"SW24"="C:\WINDOWS\system32\sw24.exe" [2005-07-04 07:29]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-27 19:12]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-08-29 19:15]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-12-12 18:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 23:49]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-07-02 17:10]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"ICQ Lite"=C:\Program Files\ICQLite\ICQLite.exe -trayboot

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"C121A1C6"=C:\WINDOWS\System32\xjjfuogpg.exe
"Microsoft Update"=wuagtrd.exe
"Micro Update"=dailin.exe
"Micr Update"=soundblaster.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Microsoft Update"=wuagtrd.exe
"Micro Update"=dailin.exe
"Micr Update"=soundblaster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\B891D650]
C:\WINDOWS\System32\xjjfuogpg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Boneproxy]
C:\DOCUME~1\ADMINI~1\DATAAP~1\TRAYME~1\Stylecreative.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer]
"C:\Program Files\Internet Optimizer\optimize.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Micr Update]
soundblaster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Micro Update]
dailin.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Update]
wuagtrd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipBuster]
"C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipDiscount]
"C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" -nosplash -minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipStunt]
"C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"C:\Program Files\Winamp\Winampa.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\windows auto update]
msblast.exe

R0 d346bus;d346bus;C:\WINDOWS\system32\DRIVERS\d346bus.sys
R0 d346prt;d346prt;C:\WINDOWS\system32\Drivers\d346prt.sys
R1 Angelnt;Angelnt;C:\WINDOWS\system32\Drivers\ANGELNT.SYS
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Schedule

*Newly Created Service* - CATCHME

Contents of the 'Scheduled Tasks' folder
"2007-09-06 08:14:02 C:\WINDOWS\Tasks\WebReg 20050616101430.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqwrg.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-06 18:06:35
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-09-06 18:07:13
C:\ComboFix-quarantined-files.txt ... 2007-09-06 18:07

--- E O F ---

Příspěvekod **fredik** » 06 zář 2007 19:13

Spusť znovu HijackThis a zaškrtni v něm okénka před řádky:
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/se....._id=152757
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem219.dll (file missing)
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho13.dll (file missing)
O4 - HKLM\..\RunServices: [C121A1C6] C:\WINDOWS\System32\xjjfuogpg.exe
O4 - HKLM\..\RunServices: [Microsoft Update] wuagtrd.exe
O4 - HKLM\..\RunServices: [Micro Update] dailin.exe
O4 - HKLM\..\RunServices: [Micr Update] soundblaster.exe
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind13.dll (file missing)
O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90} (Loader Class) - http://connect.online-dialer.com/MaConnect.cab
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/....._adult.cab
O16 - DPF: {E8EDB60C-951E-4130-93DC-FAF1AD25F8E7} (MoneyTree Dialer) - http://xbs.mtree.com/mt/dialers/fc/UniDist.CAB
po zaškrtnutí klikni na tlačítko Fix Checked

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Stáhni si Avengera spusť ho pod účtem administrátora.
Zvol možnost - Input script manually a klikni na ikonku lupy vyskočí prázdné okno kam zkopíruj tento tučný text:
Files to delete:
C:\WINDOWS\System32\xjjfuogpg.exe
C:\WINDOWS\system32\wuagtrd.exe
C:\WINDOWS\system32\dailin.exe
C:\WINDOWS\system32\soundblaster.exe

Poté klikni na Done.
Pak klikni na ikonku semafory.
Vyskočí ti hláška kde odklikni Yes. PC se restartuje po restartu by ti měl "vyskočit" výpis z Avengeru tak ho sem zkopíruj.

Dej sem nový log z HJT + nový log z Combofix

tomas_ch · Příspěvekod **tomas_ch** » 06 zář 2007 19:40

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ligbdwdk

*******************

Script file located at: \??\C:\bchgyslo.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\System32\xjjfuogpg.exe not found!
Deletion of file C:\WINDOWS\System32\xjjfuogpg.exe failed!

Could not process line:
C:\WINDOWS\System32\xjjfuogpg.exe
Status: 0xc0000034

File C:\WINDOWS\system32\wuagtrd.exe not found!
Deletion of file C:\WINDOWS\system32\wuagtrd.exe failed!

Could not process line:
C:\WINDOWS\system32\wuagtrd.exe
Status: 0xc0000034

File C:\WINDOWS\system32\dailin.exe not found!
Deletion of file C:\WINDOWS\system32\dailin.exe failed!

Could not process line:
C:\WINDOWS\system32\dailin.exe
Status: 0xc0000034

File C:\WINDOWS\system32\soundblaster.exe not found!
Deletion of file C:\WINDOWS\system32\soundblaster.exe failed!

Could not process line:
C:\WINDOWS\system32\soundblaster.exe
Status: 0xc0000034

Completed script processing.

*******************

Finished! Terminate.

-----------------------------------------------------------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 19:34:44, on 6.9.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WinProxy\WinProxy.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
H:\vir\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.seznam.cz/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.1:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ADC518E-B607-11D4-B395-0001020F4519} (SigVer Class) - https://ib24.csob.cz/Comp/signer.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8043079A-D5C6-4DAB-8DCE-93BBE9FF64B2}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: WinProxy - M&M hist - C:\WinProxy\WinProxy.exe

-----------------------------------------------------------------------------------------------------------------------------

ComboFix 07-09-06.4 - "Administrator" 2007-09-06 19:35:29.2 - FAT32x86
Syst‚m Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.258 [GMT 2:00]

((((((((((((((((((((((((( Files Created from 2007-08-06 to 2007-09-06 )))))))))))))))))))))))))))))))

2007-09-06 18:02 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-04 20:02 <DIR> d-------- C:\TEMP\podvazek
2007-09-03 22:03 1,056 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-09-03 19:41 <DIR> d-------- C:\Program Files\legis
2007-08-30 15:35 <DIR> d-------- C:\WINDOWS\system32\cs-cz
2007-08-29 18:39 <DIR> d--hs---- C:\FOUND.023
2007-08-29 16:34 <DIR> d--hs---- C:\FOUND.022
2007-08-29 14:22 <DIR> d--hs---- C:\FOUND.021
2007-08-28 22:52 <DIR> d--hs---- C:\FOUND.020
2007-08-28 22:15 <DIR> d--hs---- C:\FOUND.019
2007-08-28 21:51 <DIR> d--hs---- C:\FOUND.018
2007-08-28 14:47 <DIR> d--hs---- C:\FOUND.017
2007-08-28 13:03 <DIR> d--hs---- C:\FOUND.016
2007-08-26 21:07 <DIR> d-------- C:\TEMP\billboard
2007-08-21 17:30 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-08-21 17:30 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
2007-08-21 17:30 <DIR> d-------- C:\Program Files\ffdshow
2007-08-21 17:29 <DIR> d-------- C:\Program Files\AC3Filter
2007-08-21 16:35 188,482 -ra------ C:\WINDOWS\system32\helixprodctrl.dll
2007-08-21 16:34 385,108 --a------ C:\WINDOWS\system32\csedv.dll
2007-08-21 16:34 376,832 --a------ C:\WINDOWS\system32\hlcdvc.dll
2007-08-21 16:34 32,256 --a------ C:\WINDOWS\system32\cdvccodc.dll
2007-08-21 16:34 22,528 --a------ C:\WINDOWS\system32\csthread.dll
2007-08-21 16:34 159,832 --a------ C:\WINDOWS\system32\csccdvc.dll
2007-08-21 16:34 147,456 --a------ C:\WINDOWS\system32\csccdvcx.dll
2007-08-21 16:34 1,089,625 --a------ C:\WINDOWS\system32\csedvh.dll
2007-08-21 16:34 <DIR> d-------- C:\Program Files\Canopus
2007-08-19 12:37 <DIR> d-------- C:\Program Files\MainConcept
2007-08-18 13:39 <DIR> d-------- C:\Program Files\Mv2Player
2007-08-18 03:40 <DIR> d-------- C:\Program Files\TrayMessMags
2007-08-18 03:39 <DIR> d-------- C:\Program Files\3wPlayer

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-01 18:58 --------- d-------- C:\Program Files\Crystal Software
2007-07-30 20:48 --------- d-------- C:\Program Files\Skype
2007-07-30 20:48 --------- d-------- C:\Program Files\Common Files\Skype
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\WUPS2.DLL
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-28 11:55 --------- d-------- C:\Program Files\MagicISO
2007-07-28 11:55 --------- d-------- C:\Program Files\Common Files\Crystal Decisions
2007-07-28 11:55 --------- d-------- C:\Program Files\AML Products
2007-07-19 08:58 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-13 01:32 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-27 16:10 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 16:09 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 16:09 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 16:09 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 16:09 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 16:09 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 16:09 44544 --------- C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 16:09 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 16:09 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 16:09 232960 --------- C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 16:09 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 16:09 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 16:09 105984 --------- C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 16:09 102400 --------- C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 16:08 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 16:08 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 16:08 230400 --------- C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 16:08 153088 --------- C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 16:08 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 16:08 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 10:27 63488 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 10:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 10:26 625152 --------- C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 09:00 161792 --a------ C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 08:10 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 08:10 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 15:32 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 15:32 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-14 20:11 474112 --------- C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-06-14 20:11 151552 --------- C:\WINDOWS\system32\dllcache\cdfview.dll
2007-06-14 20:11 1495040 --------- C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-06-14 20:11 1055232 --------- C:\WINDOWS\system32\dllcache\danim.dll
2007-06-14 20:11 1023488 --------- C:\WINDOWS\system32\dllcache\browseui.dll
2007-06-13 15:23 1033728 --a------ C:\WINDOWS\explorer.exe
2007-06-13 15:23 1033728 --------- C:\WINDOWS\system32\dllcache\explorer.exe
2003-09-05 10:52 2893952 --a------ C:\Program Files\PPView97.exe

((((((((((((((((((((((((((((( snapshot_2007-09-06_180653,64 )))))))))))))))))))))))))))))))))))))))))

----a-w 163,328 2007-03-13 08:57:12 C:\WINDOWS\erdnt\subs\F3M\ERDNT.EXE

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2002-10-15 23:18]
"SW20"="C:\WINDOWS\system32\sw20.exe" [2005-06-29 11:08]
"SW24"="C:\WINDOWS\system32\sw24.exe" [2005-07-04 07:29]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-27 19:12]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-08-29 19:15]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-12-12 18:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 23:49]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-07-02 17:10]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Microsoft Update"=wuagtrd.exe
"Micro Update"=dailin.exe
"Micr Update"=soundblaster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\B891D650]
C:\WINDOWS\System32\xjjfuogpg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Boneproxy]
C:\DOCUME~1\ADMINI~1\DATAAP~1\TRAYME~1\Stylecreative.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer]
"C:\Program Files\Internet Optimizer\optimize.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Micr Update]
soundblaster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Micro Update]
dailin.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Update]
wuagtrd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipBuster]
"C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipDiscount]
"C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" -nosplash -minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipStunt]
"C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"C:\Program Files\Winamp\Winampa.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\windows auto update]
msblast.exe

R0 d346bus;d346bus;C:\WINDOWS\system32\DRIVERS\d346bus.sys
R0 d346prt;d346prt;C:\WINDOWS\system32\Drivers\d346prt.sys
R1 Angelnt;Angelnt;C:\WINDOWS\system32\Drivers\ANGELNT.SYS
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Schedule

Contents of the 'Scheduled Tasks' folder
"2007-09-06 08:14:02 C:\WINDOWS\Tasks\WebReg 20050616101430.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqwrg.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-06 19:38:19
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-09-06 19:39:07
C:\ComboFix-quarantined-files.txt ... 2007-09-06 19:39
C:\ComboFix2.txt ... 2007-09-06 18:07

--- E O F ---

Příspěvekod **fredik** » 06 zář 2007 21:16

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:

Kód: Vybrat vše

Folder::
C:\FOUND.023
C:\FOUND.022
C:\FOUND.021
C:\FOUND.020
C:\FOUND.019
C:\FOUND.018
C:\FOUND.017
C:\FOUND.016 

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\B891D650]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Boneproxy] 
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Micr Update] 
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Micro Update] 
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Update] 
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\windows auto update]

Zvol možnost Uložit soubor jako, pojmenuj soubor CFScript.txt a zvol Uložit jako typ: Všechny soubory.
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
- Tak sem zkopíruj celý jeho obsah

tomas_ch · Příspěvekod **tomas_ch** » 06 zář 2007 21:54

ComboFix 07-09-06.4 - "Administrator" 2007-09-06 21:48:09.3 - FAT32x86
Syst‚m Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.346 [GMT 2:00]
Command switches used :: C:\Documents and Settings\Administrator\Plocha\CFScript.txt
* Created a new restore point

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\FOUND.016
C:\FOUND.016\FILE0000.CHK
C:\FOUND.017
C:\FOUND.017\FILE0000.CHK
C:\FOUND.017\FILE0001.CHK
C:\FOUND.017\FILE0002.CHK
C:\FOUND.017\FILE0003.CHK
C:\FOUND.017\FILE0004.CHK
C:\FOUND.017\FILE0005.CHK
C:\FOUND.017\FILE0006.CHK
C:\FOUND.017\FILE0007.CHK
C:\FOUND.017\FILE0008.CHK
C:\FOUND.017\FILE0009.CHK
C:\FOUND.017\FILE0010.CHK
C:\FOUND.017\FILE0011.CHK
C:\FOUND.017\FILE0012.CHK
C:\FOUND.017\FILE0013.CHK
C:\FOUND.018
C:\FOUND.018\FILE0000.CHK
C:\FOUND.018\FILE0001.CHK
C:\FOUND.018\FILE0002.CHK
C:\FOUND.018\FILE0003.CHK
C:\FOUND.019
C:\FOUND.019\FILE0000.CHK
C:\FOUND.019\FILE0001.CHK
C:\FOUND.019\FILE0002.CHK
C:\FOUND.020
C:\FOUND.020\FILE0000.CHK
C:\FOUND.021
C:\FOUND.021\FILE0000.CHK
C:\FOUND.021\FILE0001.CHK
C:\FOUND.021\FILE0002.CHK
C:\FOUND.021\FILE0003.CHK
C:\FOUND.022
C:\FOUND.022\FILE0000.CHK
C:\FOUND.022\FILE0001.CHK
C:\FOUND.022\FILE0002.CHK
C:\FOUND.023
C:\FOUND.023\FILE0000.CHK

((((((((((((((((((((((((( Files Created from 2007-08-06 to 2007-09-06 )))))))))))))))))))))))))))))))

2007-09-06 18:02 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-04 20:02 <DIR> d-------- C:\TEMP\podvazek
2007-09-03 22:03 1,056 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-09-03 19:41 <DIR> d-------- C:\Program Files\legis
2007-08-30 15:35 <DIR> d-------- C:\WINDOWS\system32\cs-cz
2007-08-26 21:07 <DIR> d-------- C:\TEMP\billboard
2007-08-21 17:30 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-08-21 17:30 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
2007-08-21 17:30 <DIR> d-------- C:\Program Files\ffdshow
2007-08-21 17:29 <DIR> d-------- C:\Program Files\AC3Filter
2007-08-21 16:35 188,482 -ra------ C:\WINDOWS\system32\helixprodctrl.dll
2007-08-21 16:34 385,108 --a------ C:\WINDOWS\system32\csedv.dll
2007-08-21 16:34 376,832 --a------ C:\WINDOWS\system32\hlcdvc.dll
2007-08-21 16:34 32,256 --a------ C:\WINDOWS\system32\cdvccodc.dll
2007-08-21 16:34 22,528 --a------ C:\WINDOWS\system32\csthread.dll
2007-08-21 16:34 159,832 --a------ C:\WINDOWS\system32\csccdvc.dll
2007-08-21 16:34 147,456 --a------ C:\WINDOWS\system32\csccdvcx.dll
2007-08-21 16:34 1,089,625 --a------ C:\WINDOWS\system32\csedvh.dll
2007-08-21 16:34 <DIR> d-------- C:\Program Files\Canopus
2007-08-19 12:37 <DIR> d-------- C:\Program Files\MainConcept
2007-08-18 13:39 <DIR> d-------- C:\Program Files\Mv2Player
2007-08-18 03:40 <DIR> d-------- C:\Program Files\TrayMessMags
2007-08-18 03:39 <DIR> d-------- C:\Program Files\3wPlayer

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-01 18:58 --------- d-------- C:\Program Files\Crystal Software
2007-07-30 20:48 --------- d-------- C:\Program Files\Skype
2007-07-30 20:48 --------- d-------- C:\Program Files\Common Files\Skype
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\WUPS2.DLL
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-28 11:55 --------- d-------- C:\Program Files\MagicISO
2007-07-28 11:55 --------- d-------- C:\Program Files\Common Files\Crystal Decisions
2007-07-28 11:55 --------- d-------- C:\Program Files\AML Products
2007-07-19 08:58 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-13 01:32 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-27 16:10 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 16:09 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 16:09 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 16:09 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 16:09 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 16:09 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 16:09 44544 --------- C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 16:09 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 16:09 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 16:09 232960 --------- C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 16:09 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 16:09 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 16:09 105984 --------- C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 16:09 102400 --------- C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 16:08 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 16:08 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 16:08 230400 --------- C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 16:08 153088 --------- C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 16:08 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 16:08 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 10:27 63488 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 10:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 10:26 625152 --------- C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 09:00 161792 --a------ C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 08:10 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 08:10 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 15:32 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 15:32 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-14 20:11 474112 --------- C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-06-14 20:11 151552 --------- C:\WINDOWS\system32\dllcache\cdfview.dll
2007-06-14 20:11 1495040 --------- C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-06-14 20:11 1055232 --------- C:\WINDOWS\system32\dllcache\danim.dll
2007-06-14 20:11 1023488 --------- C:\WINDOWS\system32\dllcache\browseui.dll
2007-06-13 15:23 1033728 --a------ C:\WINDOWS\explorer.exe
2007-06-13 15:23 1033728 --------- C:\WINDOWS\system32\dllcache\explorer.exe
2003-09-05 10:52 2893952 --a------ C:\Program Files\PPView97.exe

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2002-10-15 23:18]
"SW20"="C:\WINDOWS\system32\sw20.exe" [2005-06-29 11:08]
"SW24"="C:\WINDOWS\system32\sw24.exe" [2005-07-04 07:29]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-27 19:12]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-08-29 19:15]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-12-12 18:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 23:49]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-07-02 17:10]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Microsoft Update"=wuagtrd.exe
"Micro Update"=dailin.exe
"Micr Update"=soundblaster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer]
"C:\Program Files\Internet Optimizer\optimize.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipBuster]
"C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipDiscount]
"C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" -nosplash -minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipStunt]
"C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"C:\Program Files\Winamp\Winampa.exe"

R0 d346bus;d346bus;C:\WINDOWS\system32\DRIVERS\d346bus.sys
R0 d346prt;d346prt;C:\WINDOWS\system32\Drivers\d346prt.sys
R1 Angelnt;Angelnt;C:\WINDOWS\system32\Drivers\ANGELNT.SYS
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Schedule

Contents of the 'Scheduled Tasks' folder
"2007-09-06 08:14:02 C:\WINDOWS\Tasks\WebReg 20050616101430.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqwrg.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-06 21:51:20
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-09-06 21:51:59
C:\ComboFix-quarantined-files.txt ... 2007-09-06 21:52
C:\ComboFix3.txt ... 2007-09-06 18:07
C:\ComboFix2.txt ... 2007-09-06 19:39

--- E O F ---

Příspěvekod **fredik** » 07 zář 2007 09:49

Dobře. Ještě si vytvoř nový CFScript a použij ho jako předtím s Combofixem. Tentokrát do skriptu vlož toto:

Kód: Vybrat vše

Registry::
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Microsoft Update"=-
"Micro Update"=-
"Micr Update"=-

Vlož sem pak opět log z Combofix

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Máš tam starou verzi Javy tak proveď její update:
- Stáhni si poslení verzi Java Runtime Environment (JRE) 6u2
- Posuň se dolů kde je napsáno Java Runtime Environment (JRE) 6u2 a klikni na tlačítko Download
- Zatrhni možnost kde je napsáno: Accept License Agreement
- Stránka se ti znovu načte.
- Klikni na odkaz pro stažení: Windows Offline Installation, Multi-language a ulož si ho na disk
- Ukonči běžící programy které máš spuštěné, hlavě webový prohlížeč
- Jdi přes Start -> Ovládací panely -> Přidat nebo odebrat programy a odinstaluj všechny staré verze Javy
- Podívej se po položkách s názvem Java Runtime Environment (JRE or J2SE)
* příklady starých verzí v Přidat nebo odebrat programy:

- Odinstaluj je přes tlačítko Změnit nebo odebrat nebo Odebrat
- Odinstaluj postupně po sobě případné všechny staré verze Javy
- Po skončení odinstalovaní restartuj Pc.
- Pak už jen spusť instalaci poslední verze ze souboru jre-6u2-windows-i586-p.exe, který sis stáhl na začátku.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Dej sem pak ještě nový log z HJT a řekni jestli problémy přetrvávají.

tomas_ch · Příspěvekod **tomas_ch** » 07 zář 2007 14:47

myslim, ze to bude snad dobry
dekujuuuuuuuuuuuuuuuuu

ComboFix 07-09-06.4 - "Administrator" 2007-09-07 14:22:50.4 - FAT32x86
Syst‚m Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.249 [GMT 2:00]
* Created a new restore point

((((((((((((((((((((((((( Files Created from 2007-08-07 to 2007-09-07 )))))))))))))))))))))))))))))))

2007-09-06 18:02 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-04 20:02 <DIR> d-------- C:\TEMP\podvazek
2007-09-03 22:03 1,056 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-09-03 19:41 <DIR> d-------- C:\Program Files\legis
2007-08-30 15:35 <DIR> d-------- C:\WINDOWS\system32\cs-cz
2007-08-26 21:07 <DIR> d-------- C:\TEMP\billboard
2007-08-21 17:30 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-08-21 17:30 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
2007-08-21 17:30 <DIR> d-------- C:\Program Files\ffdshow
2007-08-21 17:29 <DIR> d-------- C:\Program Files\AC3Filter
2007-08-21 16:35 188,482 -ra------ C:\WINDOWS\system32\helixprodctrl.dll
2007-08-21 16:34 385,108 --a------ C:\WINDOWS\system32\csedv.dll
2007-08-21 16:34 376,832 --a------ C:\WINDOWS\system32\hlcdvc.dll
2007-08-21 16:34 32,256 --a------ C:\WINDOWS\system32\cdvccodc.dll
2007-08-21 16:34 22,528 --a------ C:\WINDOWS\system32\csthread.dll
2007-08-21 16:34 159,832 --a------ C:\WINDOWS\system32\csccdvc.dll
2007-08-21 16:34 147,456 --a------ C:\WINDOWS\system32\csccdvcx.dll
2007-08-21 16:34 1,089,625 --a------ C:\WINDOWS\system32\csedvh.dll
2007-08-21 16:34 <DIR> d-------- C:\Program Files\Canopus
2007-08-19 12:37 <DIR> d-------- C:\Program Files\MainConcept
2007-08-18 13:39 <DIR> d-------- C:\Program Files\Mv2Player
2007-08-18 03:40 <DIR> d-------- C:\Program Files\TrayMessMags
2007-08-18 03:39 <DIR> d-------- C:\Program Files\3wPlayer

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-01 18:58 --------- d-------- C:\Program Files\Crystal Software
2007-07-30 20:48 --------- d-------- C:\Program Files\Skype
2007-07-30 20:48 --------- d-------- C:\Program Files\Common Files\Skype
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\WUPS2.DLL
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-28 11:55 --------- d-------- C:\Program Files\MagicISO
2007-07-28 11:55 --------- d-------- C:\Program Files\Common Files\Crystal Decisions
2007-07-28 11:55 --------- d-------- C:\Program Files\AML Products
2007-07-19 08:58 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-13 01:32 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-27 16:10 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 16:09 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 16:09 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 16:09 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 16:09 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 16:09 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 16:09 44544 --------- C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 16:09 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 16:09 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 16:09 232960 --------- C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 16:09 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 16:09 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 16:09 105984 --------- C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 16:09 102400 --------- C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 16:08 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 16:08 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 16:08 230400 --------- C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 16:08 153088 --------- C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 16:08 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 16:08 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 10:27 63488 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 10:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 10:26 625152 --------- C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 09:00 161792 --a------ C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 08:10 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 08:10 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 15:32 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 15:32 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-14 20:11 474112 --------- C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-06-14 20:11 151552 --------- C:\WINDOWS\system32\dllcache\cdfview.dll
2007-06-14 20:11 1495040 --------- C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-06-14 20:11 1055232 --------- C:\WINDOWS\system32\dllcache\danim.dll
2007-06-14 20:11 1023488 --------- C:\WINDOWS\system32\dllcache\browseui.dll
2007-06-13 15:23 1033728 --a------ C:\WINDOWS\explorer.exe
2007-06-13 15:23 1033728 --------- C:\WINDOWS\system32\dllcache\explorer.exe
2003-09-05 10:52 2893952 --a------ C:\Program Files\PPView97.exe

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2002-10-15 23:18]
"SW20"="C:\WINDOWS\system32\sw20.exe" [2005-06-29 11:08]
"SW24"="C:\WINDOWS\system32\sw24.exe" [2005-07-04 07:29]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-27 19:12]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-08-29 19:15]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-12-12 18:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 23:49]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-07-02 17:10]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"ICQ Lite"=C:\Program Files\ICQLite\ICQLite.exe -trayboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer]
"C:\Program Files\Internet Optimizer\optimize.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipBuster]
"C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipDiscount]
"C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" -nosplash -minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipStunt]
"C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"C:\Program Files\Winamp\Winampa.exe"

R0 d346bus;d346bus;C:\WINDOWS\system32\DRIVERS\d346bus.sys
R0 d346prt;d346prt;C:\WINDOWS\system32\Drivers\d346prt.sys
R1 Angelnt;Angelnt;C:\WINDOWS\system32\Drivers\ANGELNT.SYS
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Schedule

Contents of the 'Scheduled Tasks' folder
"2007-09-07 08:14:02 C:\WINDOWS\Tasks\WebReg 20050616101430.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqwrg.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-07 14:25:31
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-09-07 14:26:20
C:\ComboFix2.txt ... 2007-09-06 21:52
C:\ComboFix-quarantined-files.txt ... 2007-09-07 14:26
C:\ComboFix3.txt ... 2007-09-06 19:39

--- E O F ---
-------------------------------------------------------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 14:46:55, on 7.9.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WinProxy\WinProxy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ICQLite\ICQLite.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\totalcmd\TOTALCMD.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
H:\vir\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.seznam.cz/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.1:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ADC518E-B607-11D4-B395-0001020F4519} (SigVer Class) - https://ib24.csob.cz/Comp/signer.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8043079A-D5C6-4DAB-8DCE-93BBE9FF64B2}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: WinProxy - M&M hist - C:\WinProxy\WinProxy.exe

sakiri · Příspěvekod **sakiri** » 07 zář 2007 14:54

Máš tam Lop infiltraci.

Použij LopFind a vlož sem z něho log - http://www.viry.cz/forum/viewtopic.php?t=34528

tomas_ch · Příspěvekod **tomas_ch** » 07 zář 2007 15:14

LopFind v3 © Čas: 15:10:45,82 Datum: p 07.09.2007

******************************************

1) Výpis obsahů Application Data složek pro zjištění podezřelých adresářů:

Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je 1226-14F1.

Věpis adres ýe C:\Documents and Settings\All Users\DATAAP~1

29.08.2007 19:15 <DIR> Grisoft
29.08.2007 16:38 <DIR> Avg7
31.05.2007 20:20 <DIR> NVIDIA
17.04.2007 21:53 <DIR> TEMP
07.04.2007 19:31 <DIR> Office Genuine Advantage
17.08.2006 08:14 <DIR> SmartSound Software Inc
08.08.2006 21:07 <DIR> nView_Profiles
18.07.2006 20:24 <DIR> InstallShield
15.07.2006 21:50 <DIR> Pinnacle Studio
15.07.2006 21:37 <DIR> Adobe
07.06.2006 19:23 <DIR> Adobe Systems
30.05.2006 21:08 <DIR> Pinnacle
25.04.2006 21:17 1359 QTSBandwidthCache
15.01.2006 10:06 <DIR> Windows Genuine Advantage
12.12.2005 17:55 <DIR> Apple Computer
12.10.2005 19:58 <DIR> QuickTime
05.10.2005 10:41 <DIR> discreet
02.10.2005 20:30 <DIR> Skype
25.02.2004 08:26 <DIR> MSN6
08.03.2003 19:23 <DIR> ConMet
25.02.2003 09:42 62 desktop.ini
25.02.2003 09:41 <DIR> Microsoft
25.02.2003 09:41 <DIR> .
25.02.2003 09:41 <DIR> ..
2 soubor…, 1421 bajt…
Adres ý…: 22, Volněch bajt…: 1476067328
Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je 1226-14F1.

Věpis adres ýe C:\Documents and Settings\Administrator\DATAAP~1

29.08.2007 19:15 <DIR> AVG7
18.08.2007 03:40 <DIR> TrayMessMags
06.05.2007 19:04 <DIR> DVD Flick
24.03.2007 17:33 <DIR> .RTS
08.02.2007 19:47 <DIR> uTorrent
16.11.2006 08:58 <DIR> ICQ Toolbar
12.10.2006 21:40 <DIR> ICQLite
04.10.2006 18:41 <DIR> Sun
01.10.2006 20:47 <DIR> RapidGet
05.09.2006 21:13 <DIR> MCMPEGEnc
02.08.2006 18:43 <DIR> mirage
07.06.2006 19:24 <DIR> Opera
29.03.2006 20:26 <DIR> VoipDiscount
29.01.2006 11:18 <DIR> VoipStunt
25.12.2005 16:35 <DIR> Canopus
12.12.2005 18:01 <DIR> Apple Computer
08.12.2005 20:49 <DIR> VoipBuster
27.10.2005 22:34 <DIR> CÖGLER SOFTWARE, a.s
27.10.2005 22:34 <DIR> 1.0.0.0
14.10.2005 19:44 <DIR> SpamPal
05.10.2005 10:41 <DIR> combustion3
02.10.2005 20:30 <DIR> Skype
02.10.2005 13:30 <DIR> teamspeak2
03.08.2005 14:04 <DIR> IrfanView
16.06.2005 21:35 <DIR> Hewlett-Packard
16.06.2005 20:56 <DIR> Slo§ka odesˇl nˇ Share-to-Web
31.05.2005 10:48 <DIR> XnView
25.02.2004 08:26 <DIR> MSN6
03.04.2003 09:12 63320 GDIPFONTCACHEV1.DAT
08.03.2003 19:23 <DIR> Help
08.03.2003 19:23 <DIR> ConMet
27.02.2003 14:34 <DIR> Macromedia
25.02.2003 09:55 <DIR> Identities
25.02.2003 09:54 <DIR> Adobe
25.02.2003 09:54 <DIR> InterTrust
25.02.2003 09:54 62 desktop.ini
25.02.2003 09:54 <DIR> ..
25.02.2003 09:54 <DIR> .
25.02.2003 09:54 <DIR> Microsoft
2 soubor…, 63382 bajt…
Adres ý…: 37, Volněch bajt…: 1476067328
Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je 1226-14F1.

Věpis adres ýe C:\Documents and Settings\Default User\DATAAP~1

25.02.2003 09:42 62 desktop.ini
25.02.2003 09:41 <DIR> Microsoft
25.02.2003 09:41 <DIR> ..
25.02.2003 09:41 <DIR> .
1 soubor…, 62 bajt…
Adres ý…: 3, Volněch bajt…: 1476067328
Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je 1226-14F1.

Věpis adres ýe C:\Documents and Settings\NetworkService\DATAAP~1

25.02.2003 09:53 <DIR> ..
25.02.2003 09:53 <DIR> Microsoft
25.02.2003 09:53 <DIR> .
0 soubor…, 0 bajt…
Adres ý…: 3, Volněch bajt…: 1476067328
Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je 1226-14F1.

Věpis adres ýe C:\Documents and Settings\LocalService\DATAAP~1

29.08.2007 19:15 <DIR> AVG7
25.02.2003 09:53 <DIR> Microsoft
25.02.2003 09:53 <DIR> ..
25.02.2003 09:53 <DIR> .
0 soubor…, 0 bajt…
Adres ý…: 4, Volněch bajt…: 1476067328
Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je 1226-14F1.

Věpis adres ýe C:\Documents and Settings\Administrator\Application Data

11.01.2007 20:18 <DIR> Microsoft
11.01.2007 20:18 <DIR> ..
11.01.2007 20:18 <DIR> .
0 soubor…, 0 bajt…
Adres ý…: 3, Volněch bajt…: 1476067328

******************************************

2) Vyhledávání a odstranění podezřelých .job souborů:

a) Soubory přítomné v C:\WINDOWS\tasks\ adresáři:

Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je 1226-14F1.

Věpis adres ýe C:\WINDOWS\Tasks

28.08.2007 22:15 6 SA.DAT
16.06.2005 10:14 402 WebReg 20050616101430.job
25.02.2003 09:47 <DIR> ..
25.02.2003 09:47 <DIR> .
01.01.1980 00:00 65 desktop.ini
3 soubor…, 473 bajt…
Adres ý…: 2, Volněch bajt…: 1˙476˙067˙328

––––––––––––––––––––––––––––––––––––––––––

b) Zjišťování vlastností přítomných .job souborů:

––––––––––––––––––––––––––––––––––––––––––

c) Nalezené a odstraněné nežádoucí soubory:

––––––––––––––––––––––––––––––––––––––––––

d) Soubory přítomné v adresáři po vymazání:

Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je 1226-14F1.

Věpis adres ýe C:\WINDOWS\Tasks

28.08.2007 22:15 6 SA.DAT
16.06.2005 10:14 402 WebReg 20050616101430.job
25.02.2003 09:47 <DIR> ..
25.02.2003 09:47 <DIR> .
01.01.1980 00:00 65 desktop.ini
3 soubor…, 473 bajt…
Adres ý…: 2, Volněch bajt…: 1˙476˙067˙328

******************************************

3) Vyhledávání podvodných programů ve složce Program Files:

Adresář C:\Program Files\3wPlayer Přítomen !

Příspěvekod **fredik** » 07 zář 2007 15:38

Podívej se do Přidat nebo odebrat programy a odinstaluj jestli tam bude:
3wPlayer

Použij znovu Avenger s tímto skriptem označeným tučně:
Folders to delete:
C:\Documents and Settings\Administrator\DATAAP~1\TrayMessMags
C:\Program Files\3wPlayer
C:\Program Files\TrayMessMags

Vlož sem pak z něho log.

Ještě projeď pro jistoto PC tímto a vlož sem z něho log pokud něco najde:
Stáhni si SUPERAntiSpyware
Nainstaluj a spusť ho a klikni na tlačítko Check for Updates...
Po provedení Update klikni na tlačítko: Scan your computer
Zvol možnost: Perform Complete Scan a klikni na tlačítko Další >

Proběhne kontrola, po skončení vypíše vše co našel.
Ujisti se že všechny položko jsou zaškrtnuty a pak zvol tlačítko Další
Pak klikni na tlačítko Finish a měl by ses dostat na úvodní obrazovku.
Tam klikni na tlačítko: Preferences... a tam zvol záložku Statistics/Logs
Tam klikni na log s dnešním datem který tam bude a dej tlačítko: View Log...
Otevře se ti Okno s logem tak jeho obsah sem zkopíruj.

Prosim o kontrolu logu ( VYŘEŠENO) Vyřešeno

Prosim o kontrolu logu ( VYŘEŠENO) Vyřešeno

Kdo je online