Problem s virama :-( Opět jsem v tom :-( Prosim o pomoc.

solda1 · Příspěvek od **solda1** » pon 4. úno 2008, 15:39

Ahojte,mam dalsi problem,me to jednou dostane do hrobu jake mam z toho nervy...

Zapnu kompa a po cca 20 min se me ukaze mala tabulka s vypnutim do 1 minuty,a ze vypnuti vyzaduje NT AUTHORITY/SYSTEM , nevite nekdo prosim co to zas ma byt ? Me uz z tech pojebanych viru a vseckeho jednou odvezou,diky za rady

Příspěvek od **Dzin** » pon 4. úno 2008, 15:45

solda1 píše:Ahojte,mam dalsi problem,me to jednou dostane do hrobu jake mam z toho nervy...

Zapnu kompa a po cca 20 min se me ukaze mala tabulka s vypnutim do 1 minuty,a ze vypnuti vyzaduje NT AUTHORITY/SYSTEM , nevite nekdo prosim co to zas ma byt ? Me uz z tech pojebanych viru a vseckeho jednou odvezou,diky za rady

Projet antivirem, adavarem, a hod log z Hijackthis

solda1 · Příspěvek od **solda1** » pon 4. úno 2008, 16:08

ted to projizdim spywarwe terminatorem a ani sem to predtim nedokoncil,ukazalo se to zas a po resnuti PC se ukazalo toto

http://img255.imageshack.us/my.php?image=beznzvukk9.jpg

Ted projizdim zas spywem a mam tam neco kritickeho a pak avastem to jeste projedu...a pak hodim ten log,je to fakt v prdeli ty viry,to neni mozne uz jakou mam na to smulu

solda1 · Příspěvek od **solda1** » pon 4. úno 2008, 17:09

Predem moc diky za pomoc

Logfile of HijackThis v1.99.1
Scan saved at 17:09:27, on 4.2.2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Plocha\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Steam] C:\Games\Steam\Steam.exe -silent
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{05DD93D2-FB60-41E3-83C9-6658F4241DAF}: NameServer = 62.240.178.250,10.0.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{05DD93D2-FB60-41E3-83C9-6658F4241DAF}: NameServer = 62.240.178.250,10.0.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{05DD93D2-FB60-41E3-83C9-6658F4241DAF}: NameServer = 62.240.178.250,10.0.0.1
O18 - Protocol: bw+0 - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

BUBINO · Příspěvek od **BUBINO** » pon 4. úno 2008, 19:26

V klidu. Nevidim SP2, najnovsie aktualizacie a firewall. Pretiahni pocitac s combofixom v nudzovom rezime :

stahnete a ulozte na plochu [http://download.bleepingcomputer.com/sUBs/ComboFix.exe]ComboFix[/url]

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, stisknete klavesu 1 pro pokracovani

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), postupujte dle pokynu na obrazovce, behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate Spyware Terminator, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze se pri skenu Combofix pokousi infikovane soubory smazat a Spyware Terminator tomu muze branit

po restartu aplikace vytvori log, ulozeny na C:/Combofix.txt (pri opakovanem pouziti jsou logy oznaceny Combofix2.txt atd.), jeho obsah vlozte sem

solda1 · Příspěvek od **solda1** » pon 4. úno 2008, 20:47

ComboFix 08-02.03.1 - Administrator 2008-02-04 20:41:47.1 - NTFSx86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.1.1250.1.1029.18.853 [GMT 1:00]
Running from: C:\Documents and Settings\Administrator\Plocha\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\OPTIONS\CABS\_desktop.ini
C:\WINDOWS\system32\.exe

.
((((((((((((((((((((((((( Files Created from 2008-01-04 to 2008-02-04 )))))))))))))))))))))))))))))))
.

2008-02-04 20:28 . 2008-02-04 20:30 60,928 --ah----- C:\WINDOWS\system32\vcdb.exe
2008-02-04 20:13 . 2008-02-04 20:13 19,711 --a------ C:\WINDOWS\system32\kxqzzrtg.exe
2008-02-04 20:13 . 2008-02-04 20:13 7,680 --a------ C:\WINDOWS\system32\ibfg.exe
2008-02-04 20:11 . 2008-02-04 20:11 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\ICQ Toolbar
2008-02-04 20:11 . 2008-02-04 20:11 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\ICQ Toolbar
2008-02-04 20:11 . 2008-02-04 20:11 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\ICQ Toolbar
2008-02-04 19:36 . 2008-02-04 19:45 57,159 --ah----- C:\WINDOWS\system32\ymgrkaye.exe
2008-02-04 18:47 . 2008-02-04 18:47 19,711 --a------ C:\WINDOWS\system32\ambckvpm.exe
2008-02-04 18:47 . 2008-02-04 18:47 7,680 --a------ C:\WINDOWS\system32\navfmqi.exe
2008-02-04 18:27 . 2008-02-04 18:28 <DIR> d-------- C:\Downloads
2008-02-04 18:27 . 2008-02-04 18:27 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2008-02-04 18:26 . 2008-02-04 19:19 <DIR> d-------- C:\Program Files\BitComet
2008-02-04 18:18 . 2008-02-04 18:20 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\uTorrent
2008-02-04 18:18 . 2008-02-04 18:20 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\uTorrent
2008-02-04 18:18 . 2008-02-04 18:20 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\uTorrent
2008-02-04 17:54 . 2008-02-04 17:54 <DIR> d-------- C:\Program Files\QIP
2008-02-04 16:32 . 2008-02-04 16:32 19,711 --a------ C:\WINDOWS\system32\nqpfvdol.exe
2008-02-04 16:32 . 2008-02-04 16:32 7,680 --a------ C:\WINDOWS\system32\unnoatb.exe
2008-02-04 16:09 . 2008-02-04 16:11 21,048 --ah----- C:\WINDOWS\system32\ypmw.exe
2008-02-04 16:04 . 2008-02-04 16:04 19,711 --a------ C:\WINDOWS\system32\xdjxlv.exe
2008-02-04 16:04 . 2008-02-04 16:04 7,680 --a------ C:\WINDOWS\system32\awlrqijb.exe
2008-02-04 15:55 . 2008-02-04 15:59 24,820 --ah----- C:\WINDOWS\system32\iloehhb.exe
2008-02-04 15:47 . 2008-02-04 15:47 138,624 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-02-04 15:44 . 2008-02-04 15:44 <DIR> d-------- C:\Program Files\Crawler
2008-02-04 15:44 . 2008-02-04 17:48 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2008-02-04 15:43 . 2008-02-04 18:25 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-02-04 15:36 . 2008-02-04 15:36 19,711 --a------ C:\WINDOWS\system32\mutkmsnh.exe
2008-02-04 15:36 . 2008-02-04 15:36 7,680 --a------ C:\WINDOWS\system32\ssfdewux.exe
2008-02-04 15:21 . 2008-02-04 15:21 <DIR> d-------- C:\Program Files\Lavalys
2008-02-04 15:12 . 2008-02-04 20:11 <DIR> d-------- C:\Program Files\ICQToolbar
2008-02-04 15:12 . 2008-02-04 15:12 <DIR> d-------- C:\Program Files\ICQLite
2008-02-04 15:12 . 2008-02-04 15:12 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\ICQLite
2008-02-04 15:12 . 2008-02-04 15:12 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\ICQLite
2008-02-04 15:12 . 2008-02-04 15:12 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\ICQLite
2008-02-04 15:09 . 2008-02-04 15:09 1,158 --a------ C:\WINDOWS\mozver.dat
2008-02-04 15:08 . 2008-02-04 15:08 0 --a------ C:\WINDOWS\nsreg.dat
2008-02-04 15:07 . 2008-02-04 15:07 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-02-04 15:06 . 2008-02-04 15:06 <DIR> d-------- C:\Program Files\Webteh
2008-02-04 15:05 . 2008-02-04 15:05 <DIR> d-------- C:\Program Files\Opera
2008-02-04 15:02 . 2008-02-04 15:02 19,711 --a------ C:\WINDOWS\system32\rosd.exe
2008-02-04 15:02 . 2008-02-04 15:02 7,680 --a------ C:\WINDOWS\system32\ftgggtek.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-04 13:59 --------- d-----w C:\Program Files\totalcmd
2008-02-04 13:49 7,680 ----a-w C:\WINDOWS\system32\qcovfxk.exe
2008-02-04 13:49 19,711 ----a-w C:\WINDOWS\system32\xifztmu.exe
2008-02-04 13:47 --------- d-----w C:\Program Files\Alwil Software
2008-02-04 13:45 7,680 ----a-w C:\WINDOWS\system32\ikoqduo.exe
2008-02-04 13:45 19,711 ----a-w C:\WINDOWS\system32\mopidace.exe
2008-02-04 13:35 --------- d-----w C:\Program Files\ESET
2008-02-04 13:35 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\ESET
2008-02-04 13:25 7,680 ----a-w C:\WINDOWS\system32\tiinwf.exe
2008-02-04 13:16 7,680 ----a-w C:\WINDOWS\system32\xewgqgw.exe
2008-02-04 13:16 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\ATI
2008-02-04 13:16 --------- d-----w C:\Documents and Settings\Administrator\Data aplikací\ATI
2008-02-04 13:16 --------- d-----w C:\Documents and Settings\Administrator\Data aplikací\ATI
2008-02-04 13:16 --------- d-----w C:\Documents and Settings\Administrator\Data aplikací\ATI
2008-02-04 13:08 --------- d-----w C:\Program Files\ATI Technologies
2008-02-04 13:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-04 13:02 7,680 ----a-w C:\WINDOWS\system32\mwzun.exe
2008-02-04 13:02 19,711 ----a-w C:\WINDOWS\system32\bapvtd.exe
2008-02-04 12:55 --------- d-----w C:\Documents and Settings\Administrator\Data aplikací\Logitech
2008-02-04 12:55 --------- d-----w C:\Documents and Settings\Administrator\Data aplikací\Logitech
2008-02-04 12:55 --------- d-----w C:\Documents and Settings\Administrator\Data aplikací\Logitech
2008-02-04 12:53 118,784 ------r C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
2008-02-04 12:53 --------- d-----w C:\Program Files\Logitech
2008-02-04 12:52 --------- d-----w C:\Program Files\Common Files\Logitech
2008-02-04 12:37 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-04 12:36 --------- d-----w C:\Program Files\Common Files\ATI Technologies
2008-02-04 12:29 423 ----a-w C:\Program Files\RHDSetup.log
2008-02-04 12:29 197 ----a-w C:\Program Files\csb.log
2008-02-04 12:28 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-02-04 12:28 --------- d-----w C:\Program Files\Realtek
2008-02-04 12:28 --------- d-----w C:\Documents and Settings\Administrator\Data aplikací\InstallShield
2008-02-04 12:28 --------- d-----w C:\Documents and Settings\Administrator\Data aplikací\InstallShield
2008-02-04 12:28 --------- d-----w C:\Documents and Settings\Administrator\Data aplikací\InstallShield
2008-02-04 12:27 15,600 ----a-w C:\WINDOWS\gdrv.sys
2008-02-04 12:25 --------- d-----w C:\Program Files\Yahoo!
2008-02-04 12:25 --------- d-----w C:\Program Files\Intel
2008-02-04 12:15 --------- d-----w C:\Program Files\microsoft frontpage
2008-02-04 12:14 558,142 ----a-w C:\WINDOWS\java\Packages\VTRHJZ5N.ZIP
2008-02-04 12:14 155,995 ----a-w C:\WINDOWS\java\Packages\OIJ7P773.ZIP
2007-12-21 03:53 2,843,136 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-12-21 03:09 368,640 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-12-21 03:08 272,384 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-12-21 03:02 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-12-21 02:59 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-12-21 02:59 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-12-21 02:59 147,456 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-12-21 02:59 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-12-21 02:58 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-12-21 02:57 512,000 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-12-21 02:56 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-12-21 02:53 9,826,304 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-12-21 02:47 3,120,640 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-12-21 02:36 1,661,696 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-12-21 02:24 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2007-12-21 02:20 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-12-21 02:20 385,024 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-12-21 02:18 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-12-21 02:17 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2007-12-21 02:15 159,744 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-12-21 02:11 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-12-20 20:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-20 18:05 13312]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-02-04 13:53 32768]
"Steam"="C:\Games\Steam\Steam.exe" [2008-02-04 14:21 1266936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 10:33 16132608 C:\WINDOWS\RTHDCPL.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 12:45 49152 C:\WINDOWS\KHALMNPR.Exe]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-02-04 15:45 2776576]
"Application Layer Gateway Service"="C:\WINDOWS\System32\algs.exe" [2002-09-20 18:05 82882]
"Advanced DHTML Enable"="C:\WINDOWS\System32\kxqzzrtg.exe" [2008-02-04 20:13 19711]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-09-20 18:05 13312]

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-02-04 13:53:14 450560]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-02-04 13:52:38 434176]

S1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\System32\drivers\sp_rsdrv2.sys [2008-02-04 15:47]
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2008-02-04 13:27]
S3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\System32\DRIVERS\psched.sys [2002-08-29 01:35]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-04 20:42:57
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-04 20:43:22
ComboFix-quarantined-files.txt 2008-02-04 19:43:15

BUBINO · Příspěvek od **BUBINO** » pon 4. úno 2008, 21:01

Je tam toho pomerne dost. Hned napisem navod.

BUBINO · Příspěvek od **BUBINO** » pon 4. úno 2008, 21:19

Stiahni si avenger: http://www.viry.cz/forum/viewtopic.php?t=19832
Dopracuj sa k tomu oknu a do neho vloz cely tento text:

Files to delete:
C:\WINDOWS\system32\ibfg.exe
C:\WINDOWS\system32\kxqzzrtg.exe
C:\WINDOWS\system32\ymgrkaye.exe
C:\WINDOWS\system32\ambckvpm.exe
C:\WINDOWS\system32\navfmqi.exe
C:\WINDOWS\system32\nqpfvdol.exe
C:\WINDOWS\system32\unnoatb.exe
C:\WINDOWS\system32\ypmw.exe
C:\WINDOWS\system32\xdjxlv.exe
C:\WINDOWS\system32\awlrqijb.exe
C:\WINDOWS\system32\iloehhb.exe
C:\WINDOWS\system32\mutkmsnh.exe
C:\WINDOWS\system32\ssfdewux.exe
C:\WINDOWS\WMSysPr9.prx
C:\WINDOWS\system32\ftgggtek.exe
C:\WINDOWS\system32\qcovfxk.exe
C:\WINDOWS\system32\xifztmu.exe
C:\WINDOWS\system32\ikoqduo.exe
C:\WINDOWS\system32\mopidace.exe
C:\WINDOWS\system32\tiinwf.exe
C:\WINDOWS\system32\xewgqgw.exe
C:\WINDOWS\system32\mwzun.exe
C:\WINDOWS\system32\bapvtd.exe

Registry values to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | Advanced DHTML Enable

Done >> semafor >> OK
Po restarte sem vloz log, ktory nabehne.Je ulozeny aj v c:qavenger.txt

Toto otestuj na virustotal.com:
C:\WINDOWS\system32\rosd.exe
C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
C:\WINDOWS\HideWin.exe
C:\WINDOWS\gdrv.sys

solda1 · Příspěvek od **solda1** » pon 4. úno 2008, 21:28

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\hymxibyx

*******************

Script file located at: \??\C:\Program Files\opfqtxae.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\ibfg.exe deleted successfully.
File C:\WINDOWS\system32\kxqzzrtg.exe deleted successfully.
File C:\WINDOWS\system32\ymgrkaye.exe deleted successfully.
File C:\WINDOWS\system32\ambckvpm.exe deleted successfully.
File C:\WINDOWS\system32\navfmqi.exe deleted successfully.
File C:\WINDOWS\system32\nqpfvdol.exe deleted successfully.
File C:\WINDOWS\system32\unnoatb.exe deleted successfully.
File C:\WINDOWS\system32\ypmw.exe deleted successfully.
File C:\WINDOWS\system32\xdjxlv.exe deleted successfully.
File C:\WINDOWS\system32\awlrqijb.exe deleted successfully.
File C:\WINDOWS\system32\iloehhb.exe deleted successfully.
File C:\WINDOWS\system32\mutkmsnh.exe deleted successfully.
File C:\WINDOWS\system32\ssfdewux.exe deleted successfully.
File C:\WINDOWS\WMSysPr9.prx deleted successfully.
File C:\WINDOWS\system32\ftgggtek.exe deleted successfully.
File C:\WINDOWS\system32\qcovfxk.exe deleted successfully.
File C:\WINDOWS\system32\xifztmu.exe deleted successfully.
File C:\WINDOWS\system32\ikoqduo.exe deleted successfully.
File C:\WINDOWS\system32\mopidace.exe deleted successfully.
File C:\WINDOWS\system32\tiinwf.exe deleted successfully.
File C:\WINDOWS\system32\xewgqgw.exe deleted successfully.
File C:\WINDOWS\system32\mwzun.exe deleted successfully.
File C:\WINDOWS\system32\bapvtd.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Advanced DHTML Enable deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

a na tom virustotal.com nevim co ti sem mam z toho vypsat.

BUBINO · Příspěvek od **BUBINO** » pon 4. úno 2008, 21:45

Na virustotal.com to uploadni a nasledne pockaj na skenovanie. Ak je subori nfikovany, tak na pravej strane budu cervene hodnoty.To cele skopiruj sem. Daj sem novy log z combofixu.

Prosim ta, mohol by si zlozku c:\avenger zrarovat , zaheslovat a poslat na bubu1@centrum.sk? Bol by som ti velmi vdacny. Diky.

solda1 · Příspěvek od **solda1** » pon 4. úno 2008, 21:52

Tento
Antivirus Verze Poslední aktualizace Výsledek
AhnLab-V3 2008.2.5.10 2008.02.04 Win-Trojan/Agent.19711
AntiVir 7.6.0.62 2008.02.04 TR/Crypt.XPACK.Gen
Authentium 4.93.8 2008.02.04 Possibly a new variant of W32/CrazyCrunch-based!Maximus
Avast 4.7.1098.0 2008.02.04 -
AVG 7.5.0.516 2008.02.04 Proxy.XNR
(Ale porad se dale testuje,mam to nechat bo to staci?)

Tyto jsou OK

C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
C:\WINDOWS\HideWin.exe
C:\WINDOWS\gdrv.sys

Zas mam dat ten combo nebo jak to myslis ?

BUBINO · Příspěvek od **BUBINO** » pon 4. úno 2008, 21:56

Ten prvy je smejd. Do avengera :

Files to delete:
C:\WINDOWS\system32\rosd.exe

Potom urob novy log z combofixu.

solda1 · Příspěvek od **solda1** » pon 4. úno 2008, 22:12

Mam totalni nervy,co toto zas ma jako byt....zrovna jak davam ty fotky tak me vyjede ta totalni pojebana pi*a , ze se to zas do minuty vypne , no to uz neni pravda

Tu fotky,nejde to...

http://img230.imageshack.us/my.php?imag ... 777rg4.jpg

http://img166.imageshack.us/my.php?imag ... 874zm5.jpg

http://img248.imageshack.us/my.php?imag ... 323jn2.jpg

Takove nervy jake mam,mam jen kvuli tem virum pojebanym,met prebytecne penize,tak si nakupim tolik spywů a avg ze bych za to dal aj milion,za ty nervy to nestoji,co s tim proste ? Dneska sem presitaloval winy a od rana me to sere a uz na me de pomalu infarkt,od rana se s tim seru...a mam toho dost

BUBINO · Příspěvek od **BUBINO** » pon 4. úno 2008, 22:15

V poho, hlavne klidek. Urob novy log z combofixu a daj ho sem. Urob ho v nudzovom rezime. Potom urob log aj z IceSword

Stahnete aplikaci IceSword 1.22 -> http://download.sosej.cz/programy3/IceSword122en.zip
V aplikaci Icesword udelejte logy z:
Process (v pripade, ze Icesword zobrazi proces cervenou barvou, zvyraznete to radcum v logu)
Kernel Module
Navod k IceSwordu je zde: http://www.viry.cz/forum/viewtopic.php?t=11394

Vsetky logy treba vlozit do prispevku, radcovia ich budu musiet vylustit

solda1 · Příspěvek od **solda1** » pon 4. úno 2008, 22:31

uz to pak slo....a pak sem dal combo ale ne v nouzovem..a nebehla ta svina ze se to vypne za minutu,ale combo to smazal,proste zmizl.....tu je log

ComboFix 08-02.03.1 - Administrator 2008-02-04 22:21:46.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.1.1250.1.1029.18.652 [GMT 1:00]
Running from: C:\Documents and Settings\Administrator\Plocha\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\msv.exe

.
((((((((((((((((((((((((( Files Created from 2008-01-04 to 2008-02-04 )))))))))))))))))))))))))))))))
.

2008-02-04 21:39 . 2008-02-04 21:39 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\atitray
2008-02-04 21:39 . 2008-02-04 21:39 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\atitray
2008-02-04 21:39 . 2008-02-04 21:39 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\atitray
2008-02-04 21:38 . 2008-02-04 21:38 <DIR> d-------- C:\Program Files\Ray Adams
2008-02-04 21:24 . 2008-02-04 21:24 60 --a------ C:\WINDOWS\system32\o
2008-02-04 20:45 . 2008-02-04 20:45 19,711 --a------ C:\WINDOWS\system32\dnncbxya.exe
2008-02-04 20:45 . 2008-02-04 20:45 7,680 --a------ C:\WINDOWS\system32\bpjukd.exe
2008-02-04 20:28 . 2008-02-04 20:30 60,928 --ah----- C:\WINDOWS\system32\vcdb.exe
2008-02-04 20:11 . 2008-02-04 20:11 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\ICQ Toolbar
2008-02-04 20:11 . 2008-02-04 20:11 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\ICQ Toolbar
2008-02-04 20:11 . 2008-02-04 20:11 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\ICQ Toolbar
2008-02-04 18:27 . 2008-02-04 18:28 <DIR> d-------- C:\Downloads
2008-02-04 18:27 . 2008-02-04 18:27 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2008-02-04 18:26 . 2008-02-04 19:19 <DIR> d-------- C:\Program Files\BitComet
2008-02-04 18:18 . 2008-02-04 18:20 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\uTorrent
2008-02-04 18:18 . 2008-02-04 18:20 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\uTorrent
2008-02-04 18:18 . 2008-02-04 18:20 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\uTorrent
2008-02-04 17:54 . 2008-02-04 17:54 <DIR> d-------- C:\Program Files\QIP
2008-02-04 15:47 . 2008-02-04 15:47 138,624 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-02-04 15:44 . 2008-02-04 15:44 <DIR> d-------- C:\Program Files\Crawler
2008-02-04 15:44 . 2008-02-04 21:18 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2008-02-04 15:43 . 2008-02-04 22:20 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-02-04 15:21 . 2008-02-04 15:21 <DIR> d-------- C:\Program Files\Lavalys
2008-02-04 15:12 . 2008-02-04 20:11 <DIR> d-------- C:\Program Files\ICQToolbar
2008-02-04 15:12 . 2008-02-04 15:12 <DIR> d-------- C:\Program Files\ICQLite
2008-02-04 15:12 . 2008-02-04 15:12 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\ICQLite
2008-02-04 15:12 . 2008-02-04 15:12 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\ICQLite
2008-02-04 15:12 . 2008-02-04 15:12 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\ICQLite
2008-02-04 15:09 . 2008-02-04 15:09 1,158 --a------ C:\WINDOWS\mozver.dat
2008-02-04 15:08 . 2008-02-04 15:08 0 --a------ C:\WINDOWS\nsreg.dat
2008-02-04 15:06 . 2008-02-04 15:06 <DIR> d-------- C:\Program Files\Webteh
2008-02-04 15:05 . 2008-02-04 15:05 <DIR> d-------- C:\Program Files\Opera

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-04 20:33 --------- d-----w C:\Program Files\ATI Technologies
2008-02-04 13:59 --------- d-----w C:\Program Files\totalcmd
2008-02-04 13:47 --------- d-----w C:\Program Files\Alwil Software
2008-02-04 13:35 --------- d-----w C:\Program Files\ESET
2008-02-04 13:35 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\ESET
2008-02-04 13:16 --------- d-----w C:\Documents and Settings\Administrator\Data aplikací\ATI
2008-02-04 13:16 --------- d-----w C:\Documents and Settings\Administrator\Data aplikací\ATI
2008-02-04 13:16 --------- d-----w C:\Documents and Settings\Administrator\Data aplikací\ATI
2008-02-04 13:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-04 12:55 --------- d-----w C:\Documents and Settings\Administrator\Data aplikací\Logitech
2008-02-04 12:55 --------- d-----w C:\Documents and Settings\Administrator\Data aplikací\Logitech
2008-02-04 12:55 --------- d-----w C:\Documents and Settings\Administrator\Data aplikací\Logitech
2008-02-04 12:53 118,784 ------r C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
2008-02-04 12:53 --------- d-----w C:\Program Files\Logitech
2008-02-04 12:52 --------- d-----w C:\Program Files\Common Files\Logitech
2008-02-04 12:37 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-04 12:36 --------- d-----w C:\Program Files\Common Files\ATI Technologies
2008-02-04 12:29 423 ----a-w C:\Program Files\RHDSetup.log
2008-02-04 12:29 197 ----a-w C:\Program Files\csb.log
2008-02-04 12:28 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-02-04 12:28 --------- d-----w C:\Program Files\Realtek
2008-02-04 12:28 --------- d-----w C:\Documents and Settings\Administrator\Data aplikací\InstallShield
2008-02-04 12:28 --------- d-----w C:\Documents and Settings\Administrator\Data aplikací\InstallShield
2008-02-04 12:28 --------- d-----w C:\Documents and Settings\Administrator\Data aplikací\InstallShield
2008-02-04 12:27 15,600 ----a-w C:\WINDOWS\gdrv.sys
2008-02-04 12:25 --------- d-----w C:\Program Files\Yahoo!
2008-02-04 12:25 --------- d-----w C:\Program Files\Intel
2008-02-04 12:15 --------- d-----w C:\Program Files\microsoft frontpage
2008-02-04 12:14 558,142 ----a-w C:\WINDOWS\java\Packages\VTRHJZ5N.ZIP
2008-02-04 12:14 155,995 ----a-w C:\WINDOWS\java\Packages\OIJ7P773.ZIP
2007-12-21 03:53 2,843,136 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-12-21 03:09 368,640 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-12-21 03:08 272,384 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-12-21 03:02 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-12-21 02:59 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-12-21 02:59 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-12-21 02:59 147,456 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-12-21 02:59 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-12-21 02:58 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-12-21 02:57 512,000 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-12-21 02:56 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-12-21 02:53 9,826,304 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-12-21 02:47 3,120,640 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-12-21 02:36 1,661,696 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-12-21 02:24 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2007-12-21 02:20 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-12-21 02:20 385,024 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-12-21 02:18 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-12-21 02:17 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2007-12-21 02:15 159,744 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-12-21 02:11 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-12-20 20:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-20 18:05 13312]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-02-04 13:53 32768]
"Steam"="C:\Games\Steam\Steam.exe" [2008-02-04 14:21 1266936]
"AtiTrayTools"="C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe" [2007-08-27 13:42 517120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 10:33 16132608 C:\WINDOWS\RTHDCPL.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 12:45 49152 C:\WINDOWS\KHALMNPR.Exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"SpywareTerminator"="C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe" [2008-02-04 15:45 2776576]
"Application Layer Gateway Service"="C:\WINDOWS\System32\algs.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-09-20 18:05 13312]

R1 atitray;atitray;C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys [2007-05-22 10:04]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\System32\drivers\sp_rsdrv2.sys [2008-02-04 15:47]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\System32\DRIVERS\psched.sys [2002-08-29 01:35]
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2008-02-04 13:27]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-04 22:22:24
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-04 22:22:35
ComboFix-quarantined-files.txt 2008-02-04 21:22:34
ComboFix2.txt 2008-02-04 19:43:23

solda1 · Příspěvek od **solda1** » pon 4. úno 2008, 22:32

BUBINO de videt,ze se me tu hodne venujes intezivne....Mohl by si delat cokoli jinyho....Moc diky,vazim si toho,kolik ti je roků a z kama ses ?

Jo a jeste mam neco udelat nebo uz je to OK ?

solda1 · Příspěvek od **solda1** » úte 5. úno 2008, 11:26

porad me to hlasi nejake wiry ve windowsu avast to hlasi,tak dam vzdy smazat,ale rekl bych ze je tam porad,ale dobre je,ze uz me nehaze ta svina to tvrde vypnuti za minutu,aspon neco dobryho.

solda1 · Příspěvek od **solda1** » úte 5. úno 2008, 13:55

to je v prdeli,hraju kurva a ta pi*a me hodi ze se to za minutu zas vypne.....to je uplne v prdeli,premyslim o tom,ze prodam compa a seru na to,ty viry me uplne serou a po restartu jebnutem zas toto

http://img255.imageshack.us/my.php?image=beznzvukk9.jpg

michalpuk · Příspěvek od **michalpuk** » úte 5. úno 2008, 14:03

docasne reseni ze az tam vyskoci ta tabulka jdi do Start, Spustit, napis shutdown -a

BUBINO · Příspěvek od **BUBINO** » úte 5. úno 2008, 14:41

Su tam este viry, ale preco chytas nerva? Sak to vyriesime. Ak je problem v normalnom rezime, tak but v nudzovom rezime.

Do avengera skopiruj toto:

Files to delete:
C:\WINDOWS\system32\o
C:\WINDOWS\system32\dnncbxya.exe
C:\WINDOWS\system32\bpjukd.exe
C:\WINDOWS\system32\vcdb.exe
C:\WINDOWS\System32\algs.exe

Registry values to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | Application Layer Gateway Service

Po restarte sem log. Urom log z IceSwordu :

Stahnete aplikaci IceSword 1.22 -> http://download.sosej.cz/programy3/IceSword122en.zip
V aplikaci Icesword udelejte logy z:
Process (v pripade, ze Icesword zobrazi proces cervenou barvou, zvyraznete to radcum v logu)
Kernel Module
Navod k IceSwordu je zde: http://www.viry.cz/forum/viewtopic.php?t=11394

Vsetky logy treba vlozit do prispevku, radcovia ich budu musiet vylustit

Inak, co si sa pytal, ze radim, je to moja praca a bavi ma to.

Brutalne.

Problem s virama :-( Opět jsem v tom :-( Prosim o pomoc.

Problem s virama :-( Opět jsem v tom :-( Prosim o pomoc.

Re: Tvrde vypnuti