PC se zasekava, tuhne, po par sekundach se rozjede a pak azse tuhne....
Muzete mi pls zkontrolovat LOG
Logfile of HijackThis v1.99.1
Scan saved at 12:45:11, on 6.8.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\LEXBCES.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\ATKKBService.exe
D:\WINDOWS\system32\drivers\KodakCCS.exe
D:\Program Files\Common Files\LightScribe\LSSrvc.exe
D:\WINDOWS\system32\nvsvc32.exe
E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
D:\WINDOWS\system32\svchost.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\system32\qwerty12.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\Mixer.exe
D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
E:\program files\powerstrip\pstrip.exe
E:\Program Files\A4Tech\Mouse\Amoumain.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\WINDOWS\system32\ctfmon.exe
E:\Program Files\SpyCatcher\Protector.exe
E:\Program Files\SpyCatcher\Scheduler daemon.exe
E:\Program Files\ICQLite\ICQLite.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Program Files\HiJackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - E:\Program Files\SpyCatcher\SCActiveBlock.dll
O2 - BHO: (no name) - {7071782f-d25c-4c16-8d6f-5381e226eb82} - D:\WINDOWS\system32\dumilt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - D:\WINDOWS\WebAssist.dll
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - D:\WINDOWS\system32\tmp75.tmp.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lexmark X1100 Series] "D:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [PowerStrip] e:\program files\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [SpyCatcher Reminder] E:\Program Files\SpyCatcher\SpyCatcher.exe
O4 - HKLM\..\Run: [WheelMouse] E:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "D:\WINDOWS\khihii.dll",forkonce
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\RunOnce: [ICQ Lite] E:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = E:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SpyCatcher Protector.lnk = E:\Program Files\SpyCatcher\Protector.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: secuload.dll
O20 - Winlogon Notify: dumilt - D:\WINDOWS\SYSTEM32\dumilt.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - D:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: DomainService - Unknown owner - D:\WINDOWS\system32\qwerty12.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - D:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - D:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - D:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
Prosim o kontrolu Logu
- Walker
- Začátečník
-
- Registrován: 16. pro 2004
- Bydliště: Praha
- Kontaktovat uživatele:
- Walker
- Začátečník
-
- Registrován: 16. pro 2004
- Bydliště: Praha
- Kontaktovat uživatele:
tohle mi taky nasel Ad-Aware SE:
http://www.ukazto.com/?img=Adwarescan.jpg
http://www.ukazto.com/?img=AdwareScan1.jpg
http://www.ukazto.com/?img=Adwarescan.jpg
http://www.ukazto.com/?img=AdwareScan1.jpg
- rary
- Začátečník
-
- Registrován: 20. čer 2006
Stáhni si ComboFix, ulož ho na plochu a spusť ho.
Postupuj dle pokynů během aplikování ComboFixu neklikej do zobrazujícího se okna může se stát totiž že to proces zastaví.
Po skončení se vytvoří log tak sem zkopíruj jeho obsah.
(Je možné že se PC restartuje pokud combofix nalezne nějaký infikovaný soubory u kterých je potřeba restart aby je smazal.)
Musíš mít účet administrátora aby ti fungoval ComboFix.
+ si nainstaluj FIREWALL.
Postupuj dle pokynů během aplikování ComboFixu neklikej do zobrazujícího se okna může se stát totiž že to proces zastaví.
Po skončení se vytvoří log tak sem zkopíruj jeho obsah.
(Je možné že se PC restartuje pokud combofix nalezne nějaký infikovaný soubory u kterých je potřeba restart aby je smazal.)
Musíš mít účet administrátora aby ti fungoval ComboFix.
+ si nainstaluj FIREWALL.
- Walker
- Začátečník
-
- Registrován: 16. pro 2004
- Bydliště: Praha
- Kontaktovat uživatele:
takze tady je ten log:
ComboFix 07-08-04.3 - "Honza" 2007-08-07 7:12:22.1 [GMT 2:00] - NTFS
Syst‚m Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.True
* Created a new restore point
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
D:\DOCUME~1\Honza\DATAAP~1\tmp12E.tmp.exe
D:\DOCUME~1\Honza\DATAAP~1\tmp12F.tmp.exe
D:\DOCUME~1\Honza\DATAAP~1\tmp130.tmp.exe
D:\DOCUME~1\Honza\DATAAP~1\tmp73.tmp.exe
D:\DOCUME~1\Honza\DATAAP~1\tmp74.tmp.exe
D:\DOCUME~1\Honza\DATAAP~1\tmp75.tmp.exe
D:\DOCUME~1\Honza\DATAAP~1\tmp86.tmp.exe
D:\WINDOWS\system32\dnd4dc1834.dat
D:\WINDOWS\system32\dumilt.dll
D:\WINDOWS\system32\qwerty12.exe
D:\WINDOWS\system32\tmp130.tmp.dll
D:\WINDOWS\system32\tmp75.tmp.dll
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_DOMAINSERVICE
-------\DomainService
-------\nm
((((((((((((((((((((((((( Files Created from 2007-07-07 to 2007-08-07 )))))))))))))))))))))))))))))))
2007-08-07 07:11 51,200 --a------ D:\WINDOWS\nircmd.exe
2007-08-06 23:19 131,421 --a------ D:\WINDOWS\rqrsst.dll
2007-08-05 13:48 95,608 --a------ D:\WINDOWS\system32\AvastSS.scr
2007-08-05 13:48 94,416 --a------ D:\WINDOWS\system32\drivers\aswmon2.sys
2007-08-05 13:48 92,848 --a------ D:\WINDOWS\system32\drivers\aswmon.sys
2007-08-05 13:48 783,224 --a------ D:\WINDOWS\system32\aswBoot.exe
2007-08-05 13:48 42,912 --a------ D:\WINDOWS\system32\drivers\aswTdi.sys
2007-08-05 13:48 26,624 --a------ D:\WINDOWS\system32\drivers\aavmker4.sys
2007-08-05 13:48 23,152 --a------ D:\WINDOWS\system32\drivers\aswRdr.sys
2007-08-04 07:13 13,380 --a------ D:\WINDOWS\system32\pmnljhh.dll
2007-07-31 10:10 84,992 --a------ D:\WINDOWS\WebAssist.dll
2007-07-19 10:01 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\DATAAP~1\Memo save stupid creative
2007-07-19 10:01 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\DATAAP~1\blue shim axis memo
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-07 00:04 --------- d-------- D:\DOCUME~1\Honza\DATAAP~1\Azureus
2007-08-04 22:32 --------- d-------- D:\DOCUME~1\Honza\DATAAP~1\Hamachi
2007-08-03 20:20 --------- d-------- D:\DOCUME~1\Honza\DATAAP~1\teamspeak2
2007-07-25 17:33 --------- d-------- D:\Program Files\Lexmark X1100 Series
2007-07-04 20:47 --------- d-------- D:\DOCUME~1\Honza\DATAAP~1\Tenebril
2007-06-30 08:00 108144 --a------ D:\WINDOWS\system32\CmdLineExt.dll
2007-06-30 08:00 --------- dr-h----- D:\DOCUME~1\Honza\DATAAP~1\SecuROM
2007-06-23 14:10 --------- d--h----- D:\Program Files\InstallShield Installation Information
2007-06-23 13:34 --------- d-------- D:\DOCUME~1\Honza\DATAAP~1\Disney Interactive Studios
2007-06-12 09:05 --------- d-------- D:\Program Files\Common Files\Ahead
2007-06-10 15:50 --------- d-------- D:\DOCUME~1\Honza\DATAAP~1\DeepBurner
2007-06-10 13:38 11973 --a--c--- D:\WINDOWS\system32\drivers\secdrv.sys
2007-06-09 09:50 --------- d-------- D:\DOCUME~1\Honza\DATAAP~1\Lavasoft
2007-06-07 19:50 --------- d-------- D:\DOCUME~1\Honza\DATAAP~1\Help
2007-06-01 20:29 73236 --a--c--- D:\WINDOWS\system32\perfc005.dat
2007-06-01 20:29 398472 --a--c--- D:\WINDOWS\system32\perfh005.dat
2007-05-07 11:42 40960 --a-s---- D:\WINDOWS\system32\ProcessKiller.dll
2007-05-07 11:39 169544 --a-s---- D:\WINDOWS\system32\SecuLoad.dll
2007-05-07 11:39 1103944 --a-s---- D:\WINDOWS\system32\Protector.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85589B5D-D53D-4237-A677-46B82EA275F3}]
2007-07-31 10:10 84992 --a------ D:\WINDOWS\WebAssist.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="Mixer.exe" [2001-10-22 11:24 D:\WINDOWS\mixer.exe]
"NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [2005-12-10 04:06]
"nwiz"="nwiz.exe" [2005-12-10 04:06 D:\WINDOWS\system32\nwiz.exe]
"QuickTime Task"="E:\Program Files\QuickTime\qttask.exe" [2006-12-26 01:23]
"Lexmark X1100 Series"="D:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 16:36]
"NvMediaCenter"="D:\WINDOWS\system32\NvMcTray.dll" [2005-12-10 04:06]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"PowerStrip"="e:\program files\powerstrip\pstrip.exe" [2006-05-01 15:51]
"SpyCatcher Reminder"="E:\Program Files\SpyCatcher\SpyCatcher.exe" [2007-05-07 11:56]
"WheelMouse"="E:\Program Files\A4Tech\Mouse\Amoumain.exe" [2006-12-26 09:08]
"avast!"="E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-28 00:03]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []
D:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - E:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 02:48:00]
Adobe Reader Synchronizer.lnk - E:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 01:01:00]
Microsoft Office.lnk - E:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 12:01:04]
SpyCatcher Protector.lnk - E:\Program Files\SpyCatcher\Protector.exe [2007-07-04 20:38:39]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=secuload.dll
R0 iteraid;ITERAID_Service_Install;D:\WINDOWS\system32\DRIVERS\iteraid.sys
R0 prohlp02;StarForce Protection Helper Driver v2;D:\WINDOWS\system32\drivers\prohlp02.sys
R0 prosync1;StarForce Protection Synchronization Driver v1;D:\WINDOWS\system32\drivers\prosync1.sys
R0 sfhlp01;StarForce Protection Helper Driver;D:\WINDOWS\system32\drivers\sfhlp01.sys
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x);D:\WINDOWS\system32\drivers\sfsync02.sys
R0 SI3112r;Silicon Image SiI 3512 SATARaid Controller;D:\WINDOWS\system32\DRIVERS\SI3112r.sys
R0 SiFilter;SATALink driver accelerator;D:\WINDOWS\system32\DRIVERS\SiWinAcc.sys
R1 Amfilter;A4Tech Mouse Filter Driver;D:\WINDOWS\system32\DRIVERS\Amfilter.sys
R1 asuskbnt;Enhanced Display Driver Helper Service;D:\WINDOWS\system32\drivers\atkkbnt.sys
R1 DcCam;Kodak Camera Proxy;D:\WINDOWS\system32\DRIVERS\DcCam.sys
R1 prodrv06;StarForce Protection Environment Driver v6;D:\WINDOWS\system32\drivers\prodrv06.sys
R2 DCFS2K;Kodak DCFS2K Driver;D:\WINDOWS\system32\drivers\dcfs2k.sys
R2 EIO;EIO;\??\D:\WINDOWS\system32\drivers\EIO.sys
R2 PStrip;PStrip;D:\WINDOWS\system32\drivers\pstrip.sys
R3 Amusbprt;A4Tech HID-compliant Mouse Driver;D:\WINDOWS\system32\DRIVERS\Amusbprt.sys
R3 cmpci;C-Media PCI Audio Driver (WDM);D:\WINDOWS\system32\drivers\cmaudio.sys
R3 PSched;Pl novaź paket… technologie QoS;D:\WINDOWS\system32\DRIVERS\psched.sys
R3 vaxscsi;vaxscsi;D:\WINDOWS\system32\Drivers\vaxscsi.sys
S1 Exportit;Exportit;D:\WINDOWS\system32\DRIVERS\exportit.sys
S3 atidgllk;atidgllk;\??\C:\Program Files\ASUS\SmartDoctor\atidgllk.sys
S3 Bridge;Most MAC;D:\WINDOWS\system32\DRIVERS\bridge.sys
S3 BridgeMP;Miniport mostu MAC;D:\WINDOWS\system32\DRIVERS\bridge.sys
S3 DcFpoint;DcFpoint;D:\WINDOWS\system32\DRIVERS\DcFpoint.sys
S3 DcLps;Legacy Polling Service;D:\WINDOWS\system32\DRIVERS\DcLps.sys
S3 DcPTP;dcptp;D:\WINDOWS\system32\DRIVERS\DcPTP.sys
S3 k750bus;Sony Ericsson 750 driver (WDM);D:\WINDOWS\system32\DRIVERS\k750bus.sys
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter;D:\WINDOWS\system32\DRIVERS\k750mdfl.sys
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers;D:\WINDOWS\system32\DRIVERS\k750mdm.sys
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers;D:\WINDOWS\system32\DRIVERS\k750mgmt.sys
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers;D:\WINDOWS\system32\DRIVERS\k750obex.sys
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Schedule
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-07 07:17:25
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwQueryDirectoryFile
scanning hidden processes ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?"="D:\WINDOWS\cursors\arrow_r.cur,D:\WINDOWS\cursors\help_r.cur,D:\WINDOWS\cursors\wait_r.cur,D:\WINDOWS\cursors\busy_r.cur,D:\WINDOWS\cursors\cross_r.cur,D:\WINDOWS\cursors\beam_r.cur,D:\WINDOWS\cursors\pen_r.cur,D:\WINDOWS\cursors\no_r.cur,D:\WINDOWS\cursors\size4_r.cur,D:\WINDOWS\cursors\size3_r.cur,D:\WINDOWS\cursors\size2_r.cur,D:\WINDOWS\cursors\size1_r.cur,D:\WINDOWS\cursors\move_r.cur,D:\WINDOWS\cursors\up_r.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?\xe9?)?"="D:\WINDOWS\cursors\arrow_rm.cur,D:\WINDOWS\cursors\help_rm.cur,D:\WINDOWS\cursors\wait_rm.cur,D:\WINDOWS\cursors\busy_rm.cur,D:\WINDOWS\cursors\cross_rm.cur,D:\WINDOWS\cursors\beam_rm.cur,D:\WINDOWS\cursors\pen_rm.cur,D:\WINDOWS\cursors\no_rm.cur,D:\WINDOWS\cursors\size4_rm.cur,D:\WINDOWS\cursors\size3_rm.cur,D:\WINDOWS\cursors\size2_rm.cur,D:\WINDOWS\cursors\size1_rm.cur,D:\WINDOWS\cursors\move_rm.cur,D:\WINDOWS\cursors\up_rm.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1\xed?)?"="D:\WINDOWS\cursors\arrow_rl.cur,D:\WINDOWS\cursors\help_rl.cur,D:\WINDOWS\cursors\wait_rl.cur,D:\WINDOWS\cursors\busy_rl.cur,D:\WINDOWS\cursors\cross_rl.cur,D:\WINDOWS\cursors\beam_rl.cur,D:\WINDOWS\cursors\pen_rl.cur,D:\WINDOWS\cursors\no_rl.cur,D:\WINDOWS\cursors\size4_rl.cur,D:\WINDOWS\cursors\size3_rl.cur,D:\WINDOWS\cursors\size2_rl.cur,D:\WINDOWS\cursors\size1_rl.cur,D:\WINDOWS\cursors\move_rl.cur,D:\WINDOWS\cursors\up_rl.cur"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Nero 7 Essentials\`\1t]
"Order"=hex:08,00,00,00,02,00,00,00,b0,00,00,00,01,00,00,00,01,00,00,00,a4,..
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C9B6604B-CDA4-7800-4AA4-B8BC14080B94}]
"iaecblhfgnohdljfgi"=hex:6a,61,6a,70,6c,6c,6a,64,63,67,67,65,61,6b,6a,61,65,6b,69,70,00,..
"haoggaaakhbcfnfp"=hex:6a,61,6a,70,6f,6c,6b,65,6c,65,70,64,61,70,62,63,61,61,6a,61,00,..
"haibiikeblfimojf"=hex:61,61,00,77
"haibiikeokaibdfb"=hex:61,61,00,77
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-07 7:19:52 - machine was rebooted
D:\ComboFix-quarantined-files.txt ... 2007-08-07 07:19
--- E O F ---
BTW: tenhle soubor D:\WINDOWS\system32\qwerty12.exe je trojskej kun to vim, dycky ho smazu a po restartu ho tam mam znova....
ComboFix 07-08-04.3 - "Honza" 2007-08-07 7:12:22.1 [GMT 2:00] - NTFS
Syst‚m Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.True
* Created a new restore point
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
D:\DOCUME~1\Honza\DATAAP~1\tmp12E.tmp.exe
D:\DOCUME~1\Honza\DATAAP~1\tmp12F.tmp.exe
D:\DOCUME~1\Honza\DATAAP~1\tmp130.tmp.exe
D:\DOCUME~1\Honza\DATAAP~1\tmp73.tmp.exe
D:\DOCUME~1\Honza\DATAAP~1\tmp74.tmp.exe
D:\DOCUME~1\Honza\DATAAP~1\tmp75.tmp.exe
D:\DOCUME~1\Honza\DATAAP~1\tmp86.tmp.exe
D:\WINDOWS\system32\dnd4dc1834.dat
D:\WINDOWS\system32\dumilt.dll
D:\WINDOWS\system32\qwerty12.exe
D:\WINDOWS\system32\tmp130.tmp.dll
D:\WINDOWS\system32\tmp75.tmp.dll
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_DOMAINSERVICE
-------\DomainService
-------\nm
((((((((((((((((((((((((( Files Created from 2007-07-07 to 2007-08-07 )))))))))))))))))))))))))))))))
2007-08-07 07:11 51,200 --a------ D:\WINDOWS\nircmd.exe
2007-08-06 23:19 131,421 --a------ D:\WINDOWS\rqrsst.dll
2007-08-05 13:48 95,608 --a------ D:\WINDOWS\system32\AvastSS.scr
2007-08-05 13:48 94,416 --a------ D:\WINDOWS\system32\drivers\aswmon2.sys
2007-08-05 13:48 92,848 --a------ D:\WINDOWS\system32\drivers\aswmon.sys
2007-08-05 13:48 783,224 --a------ D:\WINDOWS\system32\aswBoot.exe
2007-08-05 13:48 42,912 --a------ D:\WINDOWS\system32\drivers\aswTdi.sys
2007-08-05 13:48 26,624 --a------ D:\WINDOWS\system32\drivers\aavmker4.sys
2007-08-05 13:48 23,152 --a------ D:\WINDOWS\system32\drivers\aswRdr.sys
2007-08-04 07:13 13,380 --a------ D:\WINDOWS\system32\pmnljhh.dll
2007-07-31 10:10 84,992 --a------ D:\WINDOWS\WebAssist.dll
2007-07-19 10:01 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\DATAAP~1\Memo save stupid creative
2007-07-19 10:01 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\DATAAP~1\blue shim axis memo
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-07 00:04 --------- d-------- D:\DOCUME~1\Honza\DATAAP~1\Azureus
2007-08-04 22:32 --------- d-------- D:\DOCUME~1\Honza\DATAAP~1\Hamachi
2007-08-03 20:20 --------- d-------- D:\DOCUME~1\Honza\DATAAP~1\teamspeak2
2007-07-25 17:33 --------- d-------- D:\Program Files\Lexmark X1100 Series
2007-07-04 20:47 --------- d-------- D:\DOCUME~1\Honza\DATAAP~1\Tenebril
2007-06-30 08:00 108144 --a------ D:\WINDOWS\system32\CmdLineExt.dll
2007-06-30 08:00 --------- dr-h----- D:\DOCUME~1\Honza\DATAAP~1\SecuROM
2007-06-23 14:10 --------- d--h----- D:\Program Files\InstallShield Installation Information
2007-06-23 13:34 --------- d-------- D:\DOCUME~1\Honza\DATAAP~1\Disney Interactive Studios
2007-06-12 09:05 --------- d-------- D:\Program Files\Common Files\Ahead
2007-06-10 15:50 --------- d-------- D:\DOCUME~1\Honza\DATAAP~1\DeepBurner
2007-06-10 13:38 11973 --a--c--- D:\WINDOWS\system32\drivers\secdrv.sys
2007-06-09 09:50 --------- d-------- D:\DOCUME~1\Honza\DATAAP~1\Lavasoft
2007-06-07 19:50 --------- d-------- D:\DOCUME~1\Honza\DATAAP~1\Help
2007-06-01 20:29 73236 --a--c--- D:\WINDOWS\system32\perfc005.dat
2007-06-01 20:29 398472 --a--c--- D:\WINDOWS\system32\perfh005.dat
2007-05-07 11:42 40960 --a-s---- D:\WINDOWS\system32\ProcessKiller.dll
2007-05-07 11:39 169544 --a-s---- D:\WINDOWS\system32\SecuLoad.dll
2007-05-07 11:39 1103944 --a-s---- D:\WINDOWS\system32\Protector.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85589B5D-D53D-4237-A677-46B82EA275F3}]
2007-07-31 10:10 84992 --a------ D:\WINDOWS\WebAssist.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="Mixer.exe" [2001-10-22 11:24 D:\WINDOWS\mixer.exe]
"NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [2005-12-10 04:06]
"nwiz"="nwiz.exe" [2005-12-10 04:06 D:\WINDOWS\system32\nwiz.exe]
"QuickTime Task"="E:\Program Files\QuickTime\qttask.exe" [2006-12-26 01:23]
"Lexmark X1100 Series"="D:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 16:36]
"NvMediaCenter"="D:\WINDOWS\system32\NvMcTray.dll" [2005-12-10 04:06]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"PowerStrip"="e:\program files\powerstrip\pstrip.exe" [2006-05-01 15:51]
"SpyCatcher Reminder"="E:\Program Files\SpyCatcher\SpyCatcher.exe" [2007-05-07 11:56]
"WheelMouse"="E:\Program Files\A4Tech\Mouse\Amoumain.exe" [2006-12-26 09:08]
"avast!"="E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-28 00:03]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []
D:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - E:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 02:48:00]
Adobe Reader Synchronizer.lnk - E:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 01:01:00]
Microsoft Office.lnk - E:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 12:01:04]
SpyCatcher Protector.lnk - E:\Program Files\SpyCatcher\Protector.exe [2007-07-04 20:38:39]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=secuload.dll
R0 iteraid;ITERAID_Service_Install;D:\WINDOWS\system32\DRIVERS\iteraid.sys
R0 prohlp02;StarForce Protection Helper Driver v2;D:\WINDOWS\system32\drivers\prohlp02.sys
R0 prosync1;StarForce Protection Synchronization Driver v1;D:\WINDOWS\system32\drivers\prosync1.sys
R0 sfhlp01;StarForce Protection Helper Driver;D:\WINDOWS\system32\drivers\sfhlp01.sys
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x);D:\WINDOWS\system32\drivers\sfsync02.sys
R0 SI3112r;Silicon Image SiI 3512 SATARaid Controller;D:\WINDOWS\system32\DRIVERS\SI3112r.sys
R0 SiFilter;SATALink driver accelerator;D:\WINDOWS\system32\DRIVERS\SiWinAcc.sys
R1 Amfilter;A4Tech Mouse Filter Driver;D:\WINDOWS\system32\DRIVERS\Amfilter.sys
R1 asuskbnt;Enhanced Display Driver Helper Service;D:\WINDOWS\system32\drivers\atkkbnt.sys
R1 DcCam;Kodak Camera Proxy;D:\WINDOWS\system32\DRIVERS\DcCam.sys
R1 prodrv06;StarForce Protection Environment Driver v6;D:\WINDOWS\system32\drivers\prodrv06.sys
R2 DCFS2K;Kodak DCFS2K Driver;D:\WINDOWS\system32\drivers\dcfs2k.sys
R2 EIO;EIO;\??\D:\WINDOWS\system32\drivers\EIO.sys
R2 PStrip;PStrip;D:\WINDOWS\system32\drivers\pstrip.sys
R3 Amusbprt;A4Tech HID-compliant Mouse Driver;D:\WINDOWS\system32\DRIVERS\Amusbprt.sys
R3 cmpci;C-Media PCI Audio Driver (WDM);D:\WINDOWS\system32\drivers\cmaudio.sys
R3 PSched;Pl novaź paket… technologie QoS;D:\WINDOWS\system32\DRIVERS\psched.sys
R3 vaxscsi;vaxscsi;D:\WINDOWS\system32\Drivers\vaxscsi.sys
S1 Exportit;Exportit;D:\WINDOWS\system32\DRIVERS\exportit.sys
S3 atidgllk;atidgllk;\??\C:\Program Files\ASUS\SmartDoctor\atidgllk.sys
S3 Bridge;Most MAC;D:\WINDOWS\system32\DRIVERS\bridge.sys
S3 BridgeMP;Miniport mostu MAC;D:\WINDOWS\system32\DRIVERS\bridge.sys
S3 DcFpoint;DcFpoint;D:\WINDOWS\system32\DRIVERS\DcFpoint.sys
S3 DcLps;Legacy Polling Service;D:\WINDOWS\system32\DRIVERS\DcLps.sys
S3 DcPTP;dcptp;D:\WINDOWS\system32\DRIVERS\DcPTP.sys
S3 k750bus;Sony Ericsson 750 driver (WDM);D:\WINDOWS\system32\DRIVERS\k750bus.sys
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter;D:\WINDOWS\system32\DRIVERS\k750mdfl.sys
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers;D:\WINDOWS\system32\DRIVERS\k750mdm.sys
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers;D:\WINDOWS\system32\DRIVERS\k750mgmt.sys
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers;D:\WINDOWS\system32\DRIVERS\k750obex.sys
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Schedule
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-07 07:17:25
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwQueryDirectoryFile
scanning hidden processes ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?"="D:\WINDOWS\cursors\arrow_r.cur,D:\WINDOWS\cursors\help_r.cur,D:\WINDOWS\cursors\wait_r.cur,D:\WINDOWS\cursors\busy_r.cur,D:\WINDOWS\cursors\cross_r.cur,D:\WINDOWS\cursors\beam_r.cur,D:\WINDOWS\cursors\pen_r.cur,D:\WINDOWS\cursors\no_r.cur,D:\WINDOWS\cursors\size4_r.cur,D:\WINDOWS\cursors\size3_r.cur,D:\WINDOWS\cursors\size2_r.cur,D:\WINDOWS\cursors\size1_r.cur,D:\WINDOWS\cursors\move_r.cur,D:\WINDOWS\cursors\up_r.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?\xe9?)?"="D:\WINDOWS\cursors\arrow_rm.cur,D:\WINDOWS\cursors\help_rm.cur,D:\WINDOWS\cursors\wait_rm.cur,D:\WINDOWS\cursors\busy_rm.cur,D:\WINDOWS\cursors\cross_rm.cur,D:\WINDOWS\cursors\beam_rm.cur,D:\WINDOWS\cursors\pen_rm.cur,D:\WINDOWS\cursors\no_rm.cur,D:\WINDOWS\cursors\size4_rm.cur,D:\WINDOWS\cursors\size3_rm.cur,D:\WINDOWS\cursors\size2_rm.cur,D:\WINDOWS\cursors\size1_rm.cur,D:\WINDOWS\cursors\move_rm.cur,D:\WINDOWS\cursors\up_rm.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1\xed?)?"="D:\WINDOWS\cursors\arrow_rl.cur,D:\WINDOWS\cursors\help_rl.cur,D:\WINDOWS\cursors\wait_rl.cur,D:\WINDOWS\cursors\busy_rl.cur,D:\WINDOWS\cursors\cross_rl.cur,D:\WINDOWS\cursors\beam_rl.cur,D:\WINDOWS\cursors\pen_rl.cur,D:\WINDOWS\cursors\no_rl.cur,D:\WINDOWS\cursors\size4_rl.cur,D:\WINDOWS\cursors\size3_rl.cur,D:\WINDOWS\cursors\size2_rl.cur,D:\WINDOWS\cursors\size1_rl.cur,D:\WINDOWS\cursors\move_rl.cur,D:\WINDOWS\cursors\up_rl.cur"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Nero 7 Essentials\`\1t]
"Order"=hex:08,00,00,00,02,00,00,00,b0,00,00,00,01,00,00,00,01,00,00,00,a4,..
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C9B6604B-CDA4-7800-4AA4-B8BC14080B94}]
"iaecblhfgnohdljfgi"=hex:6a,61,6a,70,6c,6c,6a,64,63,67,67,65,61,6b,6a,61,65,6b,69,70,00,..
"haoggaaakhbcfnfp"=hex:6a,61,6a,70,6f,6c,6b,65,6c,65,70,64,61,70,62,63,61,61,6a,61,00,..
"haibiikeblfimojf"=hex:61,61,00,77
"haibiikeokaibdfb"=hex:61,61,00,77
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-07 7:19:52 - machine was rebooted
D:\ComboFix-quarantined-files.txt ... 2007-08-07 07:19
--- E O F ---
BTW: tenhle soubor D:\WINDOWS\system32\qwerty12.exe je trojskej kun to vim, dycky ho smazu a po restartu ho tam mam znova....
- rary
- Začátečník
-
- Registrován: 20. čer 2006
Při této akci je nutné mít Combofix na ploše měl by jsi ho tam už mít. V případě že ho nemáš na ploše tak si ho tam stáhni.
1. Spusť Poznámkový blok (Notepad) přes Start - Programy - Příslušenství a zkopíruj do něj celý tento text:
Pak dej Soubor (File) -> Uložit jako (Save As) -> jak je Název souboru (File name) tak do toho řádku napiš: CFScript.txt
Typ souboru (Save as type) tak tam vyber *všechny soubory (*all files)
A ulož ho na plochu.
2. Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix a když se oba soubory překryjí, skript upusť
- Automaticky se spustí ComboFix
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení čistícího procesu a případném restartu počítače by se ti měl zobrazit log. Jinak umístěný C:\ComboFix.txt
- Tak sem zkopíruj celý jeho obsah
+ sem vlož nový log z HJT.
Ale stáhni novou verzi HijackThisu. Ke stažení odsud a ulož ho do samostatného adresáře a spusť ho.
Návod na novou verzi:
1. Spusť Poznámkový blok (Notepad) přes Start - Programy - Příslušenství a zkopíruj do něj celý tento text:
Kód: Vybrat vše
File::
D:\WINDOWS\rqrsst.dll
D:\WINDOWS\system32\pmnljhh.dll
D:\WINDOWS\WebAssist.dll
D:\WINDOWS\khihii.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85589B5D-D53D-4237-A677-46B82EA275F3}]
Folder::
D:\DOCUME~1\ALLUSE~1\DATAAP~1\Memo save stupid creative
D:\DOCUME~1\ALLUSE~1\DATAAP~1\blue shim axis memoTyp souboru (Save as type) tak tam vyber *všechny soubory (*all files)
A ulož ho na plochu.
2. Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix a když se oba soubory překryjí, skript upusť
- Automaticky se spustí ComboFix
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení čistícího procesu a případném restartu počítače by se ti měl zobrazit log. Jinak umístěný C:\ComboFix.txt
- Tak sem zkopíruj celý jeho obsah
+ sem vlož nový log z HJT.
Ale stáhni novou verzi HijackThisu. Ke stažení odsud a ulož ho do samostatného adresáře a spusť ho.
Návod na novou verzi:
Předtím než si stáhneš a použiješ nový HijackThis tak smaž starou verzi.sakiri píše:Objeví se ti okno tak dole uprosřed klikni na tlačítko - Main Menu
A poté až se ti objeví menu tak klikni na Do a system scan and save a logfile
A počkej po chvilce by se ti mělo objevit okno Poznámkového bloku kde bude výpis HJT tak ho sem zkopíruj.