Please HELP!!!

BUBINO · Příspěvek od **BUBINO** » pát 8. úno 2008, 15:18

Este ho tam mame hajzla jedneho.

Toto v programe fixni:
O4 - HKLM\..\Run: [cssrs] c:\windows\cssrs.exe
O4 - HKLM\..\Run: [WindowsServicesStartup] C:\DOCUME~1\Nikola\LOCALS~1\Temp\svchost.exe
O4 - HKLM\..\Run: [Dynamic System Bios] MSLOG.exe
O4 - HKLM\..\RunServices: [Dynamic System Bios] MSLOG.exe
O4 - HKCU\..\Run: [Dynamic System Bios] MSLOG.exe
O4 - HKLM\..\Run: [6c5ac73c] rundll32.exe "C:\WINDOWS\system32\socwweia.dll",b
O4 - HKCU\..\Policies\Explorer\Run: [NTSpool] NTSpool.exe
O4 - HKCU\..\Policies\Explorer\Run: [System Patcher] BTCPatcher.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

Otvor program HijackThis a v nom najdi tieto veci, co som ti napisal.Na lavej strane su okienka.Tie odklikni a nasledne klikni dole na tlacitko FIX Checked .

Stiahni si avenger :
http://www.viry.cz/forum/viewtopic.php?t=19832

Podla navodu sa dopracuj k tomu okne a do neho skopiruj toto dole :

Files to delete:
C:\WINDOWS\system32\MSLOG.exe
C:\windows\cssrs.exe
C:\WINDOWS\system32\socwweia.dll
C:\DOCUME~1\Nikola\LOCALS~1\Temp\svchost.exe

DONE >> SEMAFOR >> OK
Pocitac sa restartuje a po restarte naskoci log. Ten daj sem.
Urob novy log z Hjackthisu.

Nova.Niky · Příspěvek od **Nova.Niky** » pát 8. úno 2008, 17:51

Logfile of HijackThis v1.99.1
Scan saved at 17:49:52, on 8.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\eMule\emule.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Plocha\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [eMuleAutoStart] D:\Program Files\eMule\emule.exe -AutoStart
O4 - Global Startup: Hlavní panel ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe

BUBINO · Příspěvek od **BUBINO** » pát 8. úno 2008, 18:37

Je to ok. Na zaver urob posledne preverenie pmocou combofixu a je to ok:

stahnete a ulozte na plochu [http://download.bleepingcomputer.com/sUBs/ComboFix.exe]ComboFix[/url]

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, stisknete klavesu 1 pro pokracovani

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), postupujte dle pokynu na obrazovce, behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate Spyware Terminator, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze se pri skenu Combofix pokousi infikovane soubory smazat a Spyware Terminator tomu muze branit

po restartu aplikace vytvori log, ulozeny na C:/Combofix.txt (pri opakovanem pouziti jsou logy oznaceny Combofix2.txt atd.), jeho obsah vlozte sem

Nova.Niky · Příspěvek od **Nova.Niky** » pát 8. úno 2008, 19:01

ComboFix 08-02.05.3 - Owner 2008-02-08 18:42:49.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.642 [GMT 1:00]
Running from: C:\Documents and Settings\Owner\Plocha\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-01-08 to 2008-02-08 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-08 16:30 --------- d-----w C:\Documents and Settings\Owner\Data aplikací\Logitech
2008-02-08 16:30 --------- d-----w C:\Documents and Settings\Owner\Data aplikací\Logitech
2008-02-08 16:30 --------- d-----w C:\Documents and Settings\Owner\Data aplikací\Logitech
2008-02-08 16:29 --------- d-----w C:\Program Files\Creative
2008-02-08 16:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-08 16:27 --------- d-----w C:\Program Files\Realtek AC97
2008-02-08 16:21 --------- d-----w C:\Program Files\Logitech
2008-02-08 16:21 --------- d-----w C:\Program Files\CyberLink
2008-02-08 16:21 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Logitech
2008-02-08 16:19 --------- d-----w C:\Program Files\Common Files\Logitech
2008-02-08 16:16 --------- d-----w C:\Documents and Settings\Owner\Data aplikací\ATI
2008-02-08 16:16 --------- d-----w C:\Documents and Settings\Owner\Data aplikací\ATI
2008-02-08 16:16 --------- d-----w C:\Documents and Settings\Owner\Data aplikací\ATI
2008-02-08 16:13 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-08 16:13 --------- d-----w C:\Program Files\ATI Technologies
2008-02-08 16:07 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-08 16:05 --------- d--h--w C:\Documents and Settings\All Users\Data aplikací\CanonBJ
2008-02-08 15:58 --------- d-----w C:\Documents and Settings\Owner\Data aplikací\ScanSoft
2008-02-08 15:58 --------- d-----w C:\Documents and Settings\Owner\Data aplikací\ScanSoft
2008-02-08 15:58 --------- d-----w C:\Documents and Settings\Owner\Data aplikací\ScanSoft
2008-02-08 15:58 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\SSScanWizard
2008-02-08 15:58 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\SSScanAppDataDir
2008-02-08 15:57 --------- d-----w C:\Program Files\ScanSoft
2008-02-08 15:57 --------- d-----w C:\Program Files\Common Files\ScanSoft Shared
2008-02-08 15:56 --------- d-----w C:\Program Files\ArcSoft
2008-02-08 15:55 --------- d-----w C:\Program Files\Canon
2008-02-08 15:51 --------- d-----w C:\Documents and Settings\Owner\Data aplikací\Lavasoft
2008-02-08 15:51 --------- d-----w C:\Documents and Settings\Owner\Data aplikací\Lavasoft
2008-02-08 15:51 --------- d-----w C:\Documents and Settings\Owner\Data aplikací\Lavasoft
2008-02-08 15:49 --------- d-----w C:\Documents and Settings\Owner\Data aplikací\ESET
2008-02-08 15:49 --------- d-----w C:\Documents and Settings\Owner\Data aplikací\ESET
2008-02-08 15:49 --------- d-----w C:\Documents and Settings\Owner\Data aplikací\ESET
2008-02-08 15:47 --------- d-----w C:\Program Files\ESET
2008-02-08 15:47 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\ESET
2008-02-08 15:25 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-21 07:21 71,176 ----a-w C:\WINDOWS\system32\drivers\epfw.sys
2007-12-21 07:21 53,768 ----a-w C:\WINDOWS\system32\drivers\epfwtdi.sys
2007-12-21 07:21 30,728 ----a-w C:\WINDOWS\system32\drivers\epfwndis.sys
2007-12-21 07:20 30,216 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2007-12-21 07:19 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-18 13:00 15360]
"eMuleAutoStart"="D:\Program Files\eMule\emule.exe" [2007-05-13 15:57 5308416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-12-21 08:21 1443072]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 11:00 49152]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-06 01:07 61440]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-06-08 12:31 29696 C:\WINDOWS\KHALMNPR.Exe]
"SoundMan"="SOUNDMAN.EXE" [2005-07-22 08:00 81920 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-18 13:00 15360]

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Hlavnˇ panel ATI CATALYST.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe [2005-08-06 01:07:30 61440]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe [2008-02-08 17:19:37 581632]

R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-18 13:00]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 23:08]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-18 13:00]
R3 usbscan;Ovladač skeneru USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys [2005-04-21 12:02]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{14de4b8d-d65d-11dc-b98a-806d6172696f}]
\Shell\AutoRun\command - E:\Setup.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-08 18:43:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.2180]
-> C:\Program Files\Logitech\SetPoint\lgscroll.dll
.
Completion time: 2008-02-08 18:43:41

BUBINO · Příspěvek od **BUBINO** » pát 8. úno 2008, 20:20

Ako sa sprava pocitac?

Nova.Niky · Příspěvek od **Nova.Niky** » pát 8. úno 2008, 20:28

ted už celkem normálně...já sem znova přeinstalovala windows jsem to měla asi zavirovaný takže ted už je normální...a doufám že dlouho bude

BUBINO · Příspěvek od **BUBINO** » pát 8. úno 2008, 20:32

To dufam aj ja.

Nova.Niky · Příspěvek od **Nova.Niky** » pát 8. úno 2008, 20:34

Dík moc za pomoc...kdyby nebylo teba asi bychs e z toho zbláznila:-D

BUBINO · Příspěvek od **BUBINO** » pát 8. úno 2008, 20:35

Nemas zac.