NA PC nelze nic nainstalovat

[milosh]

Mam doma ted jedno pc na vycisteni, ale ani antivirak tam neni a kdyz se ho pokousim nahrat vzdy to jakoby vypadne a nelze tam nahrat ani zadny antispyware programy, poradite nekdo prosim zda se to da vycist z tohoto?


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:54:18, on 9.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\windows\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\windows\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\windows\Explorer.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
C:\windows\mgrs.exe
C:\windows\avp.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe
C:\windows\system32\rundll32.exe
C:\windows\system32\mmc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://s2.thezirius.com/?pid=1014&dt=2008-01-28&v=9
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: Lexmark Panel nástroju - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: :-)mojelogo SMS ToolBar - {CFBC2741-0C1F-11D6-9224-004F490BED09} - C:\Program Files\Mojelogo\SMS ToolBar\smsbar.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [avp] C:\windows\avp.exe
O4 - HKLM\..\Run: [182e45d5] rundll32.exe "C:\WINDOWS\system32\epksybfs.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Eurotran - {572BF76C-9EFF-4e1e-93DE-72EF1E91B3DF} - C:\Program Files\Eurotran2002i\e11.dll
O9 - Extra 'Tools' menuitem: Eurotran - {572BF76C-9EFF-4e1e-93DE-72EF1E91B3DF} - C:\Program Files\Eurotran2002i\e11.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0DA910BC-6919-489E-B584-D9A4AAC7B8DE} - http://scripts.downloadv3.com/binaries/ ... IV4_XP.cab
O16 - DPF: {17BFC8DA-B4D6-4DB9-AA40-1CD32EDA9845} - http://scripts.downloadv3.com/binaries/ ... IV4_XP.cab
O16 - DPF: {87C1805D-C5AE-4455-AB39-E245BB516136} - http://scripts.dlv4.com/binaries/egacce ... 059_XP.cab
O16 - DPF: {E19AB99F-AEC4-4B40-A5CA-F69D22522D77} - http://scripts.downloadv3.com/binaries/ ... IV4_XP.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\guyqsqfv.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\windows\system32\windows (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

--
End of file - 8456 bytes

[Geeker]

Zkus na tom pod ucetm admina a v nouzovem rezimu pustit combofix. Je to automaticky cistic. Pro jistotu si ale udelej bod obnoveni nebo zalohu.

[BUBINO]

Caf.
Toto v programe fixni:

O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [avp] C:\windows\avp.exe
O4 - HKLM\..\Run: [182e45d5] rundll32.exe "C:\WINDOWS\system32\epksybfs.dll",b
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O16 - DPF: {0DA910BC-6919-489E-B584-D9A4AAC7B8DE} - http://scripts.downloadv3.com/binaries/ ... IV4_XP.cab
O16 - DPF: {17BFC8DA-B4D6-4DB9-AA40-1CD32EDA9845} - http://scripts.downloadv3.com/binaries/ ... IV4_XP.cab
O16 - DPF: {87C1805D-C5AE-4455-AB39-E245BB516136} - http://scripts.dlv4.com/binaries/egacce ... 059_XP.cab
O16 - DPF: {E19AB99F-AEC4-4B40-A5CA-F69D22522D77} - http://scripts.downloadv3.com/binaries/ ... IV4_XP.cab

Start >> soustit >> napis services.msc a v zozname pohladaj tieto sluzby :
DomainService
Microsoft cache control
Poklikaj, a kazdu sluzbu zastav, alebo vypni.

Stiahni si avenger:
http://www.viry.cz/forum/viewtopic.php?t=19832
Podla navodu sa dopracuj k tomu okne.Do neho napis toto:

Files to delete:
C:\windows\mgrs.exe
C:\windows\avp.exe
C:\WINDOWS\system32\epksybfs.dll

Done >> semafor >> ok
Po restarte pocitaca daj sem log z avengera, ktory naskoci po vstupu do win. Je aj v c:\avenger.txt a urob aj novy log z hjt.

[milosh]

Dik moc, hnedle zitra se na to vrhnu

[milosh]

Tak se mi povedlo konecne diky Spybot S&D smazat par spionu a konecne pak i nahrat avasta, takze jsem to mirne vycistil ale stejne se mi zda ze tam porad naky balast je

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\onnrgmbw

*******************

Script file located at: \??\C:\Documents and Settings\ateynbxs.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\windows\mgrs.exe not found!
Deletion of file C:\windows\mgrs.exe failed!

Could not process line:
C:\windows\mgrs.exe
Status: 0xc0000034



File C:\windows\avp.exe not found!
Deletion of file C:\windows\avp.exe failed!

Could not process line:
C:\windows\avp.exe
Status: 0xc0000034



File C:\WINDOWS\system32\epksybfs.dll not found!
Deletion of file C:\WINDOWS\system32\epksybfs.dll failed!

Could not process line:
C:\WINDOWS\system32\epksybfs.dll
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.


-----------------------------------------------------------------


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:04:23, on 11.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\windows\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\windows\system32\wuauclt.exe
C:\windows\Explorer.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\windows\system32\wscntfy.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://s2.thezirius.com/?pid=1014&dt=2008-01-28&v=9
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: Lexmark Panel nástroju - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: :-)mojelogo SMS ToolBar - {CFBC2741-0C1F-11D6-9224-004F490BED09} - C:\Program Files\Mojelogo\SMS ToolBar\smsbar.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Eurotran - {572BF76C-9EFF-4e1e-93DE-72EF1E91B3DF} - C:\Program Files\Eurotran2002i\e11.dll
O9 - Extra 'Tools' menuitem: Eurotran - {572BF76C-9EFF-4e1e-93DE-72EF1E91B3DF} - C:\Program Files\Eurotran2002i\e11.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{7EB272E9-9003-4F48-A2B5-4A58F2B2375B}: NameServer = 192.168.3.1
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\windows\system32\windows (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 8830 bytes

[BUBINO]

Tuto sluzbu zastav :
Microsoft cache control

Start >> spusti (services.msc)

Poznas url v tejto hodnote? Hm, ak nie, tak fix.
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://s2.thezirius.com/?pid=1014&dt=2008-01-28&v=9


Nevidim firewall.

Preskenuj pocitac s combofixom:

stahnete a ulozte na plochu [http://download.bleepingcomputer.com/sUBs/ComboFix.exe]ComboFix[/url]

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, stisknete klavesu 1 pro pokracovani

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), postupujte dle pokynu na obrazovce, behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate Spyware Terminator, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze se pri skenu Combofix pokousi infikovane soubory smazat a Spyware Terminator tomu muze branit


po restartu aplikace vytvori log, ulozeny na C:/Combofix.txt (pri opakovanem pouziti jsou logy oznaceny Combofix2.txt atd.), jeho obsah vlozte sem

[milosh]

firewall mi ani nesel spustit , zkusim ho ted.

ComboFix 08-02-12.1 - David 2008-02-11 20:59:12.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.303 [GMT 1:00]
Running from: C:\Temp\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\windows\system32\ddaya.dll
C:\WINDOWS\Downloaded Program Files\sysnetsvc32.inf
C:\windows\system32\ayadd.ini
C:\WINDOWS\system32\ayadd.ini2
C:\windows\system32\backgrd.jpg
C:\windows\system32\ddaya.dll
C:\windows\system32\isymbqdz.dllbox
C:\windows\system32\mcrh.tmp
C:\WINDOWS\system32\stvwa.ini
C:\WINDOWS\system32\stvwa.ini2
C:\windows\system32\vybeg.ini
C:\WINDOWS\system32\vybeg.ini2
C:\windows\system32\xkiebaqsv.dat
C:\windows\system32\xkiebaqsv_nav.dat
C:\windows\system32\xkiebaqsv_navps.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE


((((((((((((((((((((((((( Files Created from 2008-01-12 to 2008-02-12 )))))))))))))))))))))))))))))))
.

2008-02-11 20:56 . 2008-02-11 20:11 14,113,576 --a------ C:\Temp\avgas-setup-7.5.1.43-3339.exe
2008-02-11 20:56 . 2008-02-11 20:51 1,597,142 --a------ C:\Temp\ComboFix.exe
2008-02-11 20:56 . 2008-02-11 19:47 130,048 --a------ C:\Temp\avenger.exe
2008-02-10 23:18 . 2008-02-10 23:15 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-10 23:18 . 2008-02-10 23:18 3,448 --a------ C:\WINDOWS\unins000.dat
2008-02-10 19:53 . 2008-02-10 19:53 0 --a------ C:\WINDOWS\nsreg.dat
2008-02-10 19:46 . 2008-02-10 19:46 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-02-10 19:36 . 2008-02-10 19:36 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-02-10 19:34 . 2008-02-10 19:35 <DIR> d----c--- C:\Install
2008-02-10 09:46 . 2008-02-12 21:02 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-02-10 09:37 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-02-10 09:37 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-02-10 09:37 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-02-10 09:37 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-02-10 09:37 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-02-10 09:37 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-02-10 09:37 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-02-10 09:37 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-02-09 22:42 . 2008-02-10 23:19 <DIR> d-a------ C:\Program Files\Spybot - Search & Destroy
2008-02-09 22:42 . 2008-02-09 22:47 <DIR> d-a------ C:\Program Files\Ad-Aware 2007
2008-02-09 22:41 . 2008-02-09 22:41 <DIR> d-------- C:\Temp\Spybot - Search & Destroy
2008-02-09 22:09 . 2008-02-09 22:02 8,920,032 --a------ C:\Temp\SpywareTerminator.exe
2008-02-09 22:07 . 2008-02-09 22:08 <DIR> d----c--- C:\SDFix
2008-02-09 21:53 . 2008-02-09 21:53 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-09 21:38 . 2008-02-03 14:19 18,721,336 --a------ C:\Temp\setupcze.exe
2008-02-09 21:38 . 2008-01-24 21:23 5,037,072 --a------ C:\Temp\spybotsd14.exe
2008-02-09 20:49 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\000001_.tmp
2008-02-08 23:03 . 2007-07-09 10:50 <DIR> d-------- C:\Program Files\Alwil Software
2008-02-08 21:44 . 2008-02-08 21:44 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-08 21:43 . 2008-02-08 21:43 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-08 21:43 . 2008-02-08 21:43 <DIR> d-------- C:\Program Files\CCleaner
2008-01-29 16:34 . 2008-02-10 19:32 466 --ahs---- C:\WINDOWS\system32\sfbyskpe.ini
2008-01-29 16:13 . 2008-01-29 16:13 65,088 --a------ C:\WINDOWS\system32\qfwneyvj.dll
2008-01-28 21:15 . 2004-08-17 23:49 294,400 --a------ C:\WINDOWS\system32\nusrmgr.cpl.zottel
2008-01-28 21:14 . 2004-08-17 23:49 178,688 --a------ C:\WINDOWS\system32\ivfsrc.ax.zottel
2008-01-28 21:07 . 2008-01-29 15:55 <DIR> d-------- C:\WINDOWS\VistaMizer
2008-01-28 20:33 . 2008-02-12 21:01 <DIR> dr------- C:\Documents and Settings\David\Dokumenty
2008-01-28 20:33 . 2008-02-09 22:41 <DIR> d-------- C:\Documents and Settings\David\Data aplikacˇ
2008-01-28 20:32 . 2002-12-17 18:25 <DIR> d--h----- C:\Documents and Settings\David\ćablony
2008-01-28 20:32 . 2008-02-12 21:17 <DIR> d-------- C:\Documents and Settings\David\Plocha
2008-01-28 20:32 . 2002-12-17 19:19 <DIR> d--h----- C:\Documents and Settings\David\Okolnˇ tisk rny
2008-01-28 20:32 . 2002-12-17 19:19 <DIR> d--h----- C:\Documents and Settings\David\Okolnˇ sˇś
2008-01-28 20:32 . 2008-01-28 20:34 <DIR> dr------- C:\Documents and Settings\David\Oblˇben‚ polo§ky
2008-01-28 20:32 . 2002-12-17 19:19 <DIR> dr------- C:\Documents and Settings\David\Nabˇdka Start
2008-01-28 17:49 . 2008-01-28 18:12 58,368 --a--c--- C:\evvr.exe
2008-01-28 17:49 . 2008-01-28 17:49 54,764 --a------ C:\WINDOWS\system32\drivers\retx2.sys
2008-01-26 18:45 . 2007-03-14 10:52 127,034 -r------- C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2008-01-22 21:13 . 2008-01-22 21:13 <DIR> d-------- C:\Program Files\sounds
2008-01-16 13:14 . 2008-01-16 13:17 <DIR> d-------- C:\Program Files\ICQ6
2008-01-15 22:23 . 2008-01-23 17:54 <DIR> d-------- C:\Program Files\SMS posˇlaź Treca
2008-01-15 22:09 . 2008-01-15 22:09 <DIR> d-------- C:\Program Files\Mojelogo
2008-01-15 22:09 . 2008-02-11 17:57 551 --a------ C:\WINDOWS\Wininit.ini
2008-01-13 13:27 . 2008-01-17 17:45 <DIR> d-------- C:\Program Files\SMS Zdarma
2008-01-12 01:29 . 2008-01-12 01:29 <DIR> d-------- C:\Program Files\Audacity

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-08 21:35 --------- d-----w C:\Program Files\ICQToolbar
2008-01-24 14:39 --------- d-----w C:\Program Files\KRON20
2008-01-24 14:38 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-23 17:15 --------- d-----w C:\Program Files\Thai Language
2008-01-23 17:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-23 16:54 --------- d-----w C:\Program Files\SMS posílač Treca
2008-01-23 16:36 715,248 ----a-w C:\windows\system32\drivers\sptd.sys
2008-01-22 19:05 --------- d-----w C:\Program Files\Mafia
2008-01-13 12:49 --------- d-----w C:\Program Files\EA GAMES
2008-01-12 07:06 --------- d-----w C:\Program Files\DAEMON Tools
2008-01-12 01:32 --------- d-----w C:\Program Files\GameSpy Arcade
2008-01-08 17:25 --------- d-----w C:\Program Files\Google
2008-01-08 17:19 --------- d-----w C:\Program Files\NASA
2008-01-02 14:26 --------- d-----w C:\Program Files\City Life Deluxe
2008-01-01 23:58 --------- d-----w C:\Program Files\Common Files\Nero
2008-01-01 23:54 --------- d-----w C:\Program Files\Nero
2008-01-01 23:37 --------- d-----w C:\Program Files\Common Files\Ahead
2008-01-01 23:37 --------- d-----w C:\Program Files\ahead
2008-01-01 23:14 --------- d-----w C:\Program Files\Electronic Arts
2007-12-29 22:58 22,328 ----a-w C:\windows\system32\drivers\PnkBstrK.sys
2007-12-29 14:12 --------- d-----w C:\Program Files\HighMAT CD Writing Wizard
2007-12-29 02:51 --------- d-----w C:\Program Files\EA SPORTS
2007-12-22 17:47 --------- d-----w C:\Program Files\MSBuild
2007-12-22 17:47 --------- d-----w C:\Program Files\Microsoft Works
2007-12-22 17:43 --------- d-----w C:\Program Files\Microsoft.NET
2007-12-22 17:35 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2007-12-21 15:42 --------- d-----w C:\Program Files\KONAMI
2007-12-17 17:05 --------- d-----w C:\Program Files\Lexmark 3400 Series
2007-12-17 17:04 --------- d-----w C:\Program Files\Lexmark Toolbar
2007-12-16 12:58 --------- d-----w C:\Program Files\Creative
2007-12-13 18:09 972,072 ----a-w C:\windows\UNNeroMediaHome.exe
2007-12-04 08:59 972,072 ----a-w C:\windows\UNRecode.exe
2007-11-12 15:17 1,320 -c--a-w C:\WINDOWS\Fonts\ALE.FOT
2006-08-30 21:53 16 ----a-w C:\Documents and Settings\Petr\pTYB33.dll
2004-07-22 16:41 16 ----a-w C:\Documents and Settings\Petr\pTYB23.dll
2004-04-07 08:08 485,765 ----a-w C:\Program Files\world-final.xcf
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2B0B59B4-55A3-4737-9FD5-B93C6430BF75}]
2008-01-29 16:13 65088 --a------ C:\WINDOWS\system32\qfwneyvj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{34AE5195-4C43-42D5-B7FD-0FD08228A237}]
C:\WINDOWS\system32\gebyv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{56F62756-52F5-43C0-B7D6-B04183ABD518}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5e47eae6-862c-47a6-9f34-cd90852d3e47}]
C:\WINDOWS\system32\cvicvtok.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7848FBA5-A934-42B3-A76C-A43127343C64}]
C:\windows\system32\awvts.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{89A1E40D-0254-4F99-B9AE-B60A2D8754A9}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\windows\system32\ctfmon.exe" [2004-08-17 23:49 15360]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 19:10 1688872]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-28 20:22 68856]
"Spyware Doctor"="C:\PROGRA~1\SPYWAR~1\swdoctor.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-02-10 19:42 2834432]
"WMedia32"="wmedia32.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 23:49 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="LogonUI.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\isymbqdz]
isymbqdz.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtuvvwx]
vtuvvwx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrkq32]
winrkq32.dll

R0 sonyhcb;Sony Digital Imaging Base;C:\windows\system32\DRIVERS\sonyhcb.sys [2001-11-05 09:23]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\windows\system32\drivers\sp_rsdrv2.sys [2008-02-10 19:46]
R2 nvcap;nVidia WDM Video Capture (universal);C:\windows\system32\DRIVERS\nvcap.sys [2002-06-07 03:12]
R2 nvTUNEP;nVidia WDM TVTuner;C:\windows\system32\DRIVERS\nvtunep.sys [2002-06-07 03:12]
R2 nvtvSND;nVidia WDM TVAudio Crossbar;C:\windows\system32\DRIVERS\nvtvsnd.sys [2002-06-07 03:12]
R2 NVXBAR;nVidia WDM A/V Crossbar;C:\windows\system32\DRIVERS\NVxbar.sys [2002-06-07 03:12]
R3 itchfltr;iTouch Keyboard Filter;C:\windows\system32\DRIVERS\itchfltr.sys [2004-03-10 12:42]
R3 PSched;Plánovač paketů technologie QoS;C:\windows\system32\DRIVERS\psched.sys [2004-08-04 07:04]
S3 lxcy_device;lxcy_device;C:\WINDOWS\system32\lxcycoms.exe [2006-02-20 20:23]
S3 MaRdPnp;MaRdPnp;C:\windows\system32\DRIVERS\MaRdP2K.sys [2004-09-13 10:11]
S3 MSControlService;Microsoft cache control;C:\windows\system32\windows []
S3 PLCMPR5;PLCMPR5 NDIS Protocol Driver;C:\WINDOWS\system32\PLCMPR5.SYS []
S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\PLCNDIS5.SYS []
S3 SER120;OTI Serial port driver;C:\windows\system32\DRIVERS\SER120.sys [2004-12-08 17:24]
S3 sonyhcs;Sony Digital Imaging Video;C:\windows\system32\DRIVERS\sonyhcs.sys [2001-11-05 09:23]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-12 21:17:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
.
**************************************************************************
.
Completion time: 2008-02-12 21:21:51 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-12 20:21:46
.
2008-02-10 22:15:18 --- E O F ---

[BUBINO]

Nieco zmazalo, nieco ostalo.

Do poznamkoveho bloku skopiruj toto cele dole :

KillAll::

Rootkit::
C:\WINDOWS\system32\drivers\retx2.sys

File::
C:\WINDOWS\000001_.tmp
C:\WINDOWS\system32\sfbyskpe.ini
C:\WINDOWS\system32\qfwneyvj.dll
C:\WINDOWS\system32\nusrmgr.cpl.zottel
C:\WINDOWS\system32\ivfsrc.ax.zottel
C:\evvr.exe
C:\WINDOWS\system32\drivers\retx2.sys
C:\Documents and Settings\Petr\pTYB33.dll
C:\Documents and Settings\Petr\pTYB23.dll
C:\Program Files\world-final.xcf
C:\WINDOWS\system32\qfwneyvj.dll
C:\WINDOWS\system32\gebyv.dll
C:\WINDOWS\system32\cvicvtok.dll
C:\windows\system32\awvts.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2B0B59B4-55A3-4737-9FD5-B93C6430BF75}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{34AE5195-4C43-42D5-B7FD-0FD08228A237}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{56F62756-52F5-43C0-B7D6-B04183ABD518}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5e47eae6-862c-47a6-9f34-cd90852d3e47}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7848FBA5-A934-42B3-A76C-A43127343C64}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{89A1E40D-0254-4F99-B9AE-B60A2D8754A9}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\isymbqdz]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtuvvwx]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrkq32]

Uloz na plochu dokument ako CFScript.txt , chyt mysou a presun nad combofix a nasledne pusti ako na obrazku. Zacne skenovania. Po nom naskoci log ktory je aj v c:\

[milosh]

tak hotovo

Running from: C:\Temp\ComboFix.exe
Command switches used :: C:\Temp\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\Documents and Settings\Petr\pTYB23.dll
C:\Documents and Settings\Petr\pTYB33.dll
C:\evvr.exe
C:\Program Files\world-final.xcf
C:\WINDOWS\000001_.tmp
C:\windows\system32\awvts.dll
C:\WINDOWS\system32\cvicvtok.dll
C:\WINDOWS\system32\drivers\retx2.sys
C:\WINDOWS\system32\gebyv.dll
C:\WINDOWS\system32\ivfsrc.ax.zottel
C:\WINDOWS\system32\nusrmgr.cpl.zottel
C:\WINDOWS\system32\qfwneyvj.dll
C:\WINDOWS\system32\sfbyskpe.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\retx2.sys
C:\Documents and Settings\Petr\pTYB23.dll
C:\Documents and Settings\Petr\pTYB33.dll
C:\evvr.exe
C:\Program Files\world-final.xcf
C:\WINDOWS\000001_.tmp
C:\WINDOWS\system32\drivers\retx2.sys
C:\WINDOWS\system32\ivfsrc.ax.zottel
C:\WINDOWS\system32\nusrmgr.cpl.zottel
C:\WINDOWS\system32\qfwneyvj.dll
C:\WINDOWS\system32\sfbyskpe.ini

.
((((((((((((((((((((((((( Files Created from 2008-01-13 to 2008-02-13 )))))))))))))))))))))))))))))))
.

2008-02-12 21:54 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-11 20:56 . 2008-02-11 20:11 14,113,576 --a------ C:\Temp\avgas-setup-7.5.1.43-3339.exe
2008-02-11 20:56 . 2008-02-11 20:51 1,597,142 --a------ C:\Temp\ComboFix.exe
2008-02-11 20:56 . 2008-02-11 19:47 130,048 --a------ C:\Temp\avenger.exe
2008-02-10 23:18 . 2008-02-10 23:15 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-10 23:18 . 2008-02-10 23:18 3,448 --a------ C:\WINDOWS\unins000.dat
2008-02-10 19:53 . 2008-02-10 19:53 0 --a------ C:\WINDOWS\nsreg.dat
2008-02-10 19:46 . 2008-02-10 19:46 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-02-10 19:36 . 2008-02-10 19:36 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-02-10 19:34 . 2008-02-10 19:35 <DIR> d----c--- C:\Install
2008-02-10 09:46 . 2008-02-12 21:02 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-02-10 09:37 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-02-10 09:37 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-02-10 09:37 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-02-10 09:37 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-02-10 09:37 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-02-10 09:37 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-02-10 09:37 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-02-10 09:37 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-02-09 22:42 . 2008-02-10 23:19 <DIR> d-a------ C:\Program Files\Spybot - Search & Destroy
2008-02-09 22:42 . 2008-02-09 22:47 <DIR> d-a------ C:\Program Files\Ad-Aware 2007
2008-02-09 22:41 . 2008-02-09 22:41 <DIR> d-------- C:\Temp\Spybot - Search & Destroy
2008-02-09 22:09 . 2008-02-09 22:02 8,920,032 --a------ C:\Temp\SpywareTerminator.exe
2008-02-09 22:07 . 2008-02-09 22:08 <DIR> d----c--- C:\SDFix
2008-02-09 21:53 . 2008-02-09 21:53 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-09 21:38 . 2008-02-03 14:19 18,721,336 --a------ C:\Temp\setupcze.exe
2008-02-09 21:38 . 2008-01-24 21:23 5,037,072 --a------ C:\Temp\spybotsd14.exe
2008-02-08 23:03 . 2007-07-09 10:50 <DIR> d-------- C:\Program Files\Alwil Software
2008-02-08 21:44 . 2008-02-08 21:44 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-08 21:43 . 2008-02-08 21:43 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-08 21:43 . 2008-02-08 21:43 <DIR> d-------- C:\Program Files\CCleaner
2008-01-28 21:07 . 2008-01-29 15:55 <DIR> d-------- C:\WINDOWS\VistaMizer
2008-01-28 20:33 . 2008-02-12 21:01 <DIR> dr------- C:\Documents and Settings\David\Dokumenty
2008-01-28 20:33 . 2008-02-12 22:26 <DIR> d-------- C:\Documents and Settings\David\Data aplikacˇ
2008-01-28 20:32 . 2002-12-17 18:25 <DIR> d--h----- C:\Documents and Settings\David\ćablony
2008-01-28 20:32 . 2008-02-13 08:08 <DIR> d-------- C:\Documents and Settings\David\Plocha
2008-01-28 20:32 . 2002-12-17 19:19 <DIR> d--h----- C:\Documents and Settings\David\Okolnˇ tisk rny
2008-01-28 20:32 . 2002-12-17 19:19 <DIR> d--h----- C:\Documents and Settings\David\Okolnˇ sˇś
2008-01-28 20:32 . 2008-01-28 20:34 <DIR> dr------- C:\Documents and Settings\David\Oblˇben‚ polo§ky
2008-01-28 20:32 . 2002-12-17 19:19 <DIR> dr------- C:\Documents and Settings\David\Nabˇdka Start
2008-01-26 18:45 . 2007-03-14 10:52 127,034 -r------- C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2008-01-22 21:13 . 2008-01-22 21:13 <DIR> d-------- C:\Program Files\sounds
2008-01-16 13:14 . 2008-01-16 13:17 <DIR> d-------- C:\Program Files\ICQ6
2008-01-15 22:23 . 2008-01-23 17:54 <DIR> d-------- C:\Program Files\SMS posˇlaź Treca
2008-01-15 22:09 . 2008-01-15 22:09 <DIR> d-------- C:\Program Files\Mojelogo
2008-01-15 22:09 . 2008-02-11 17:57 551 --a------ C:\WINDOWS\Wininit.ini
2008-01-13 13:27 . 2008-01-17 17:45 <DIR> d-------- C:\Program Files\SMS Zdarma

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-08 21:35 --------- d-----w C:\Program Files\ICQToolbar
2008-01-24 14:39 --------- d-----w C:\Program Files\KRON20
2008-01-24 14:38 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-23 17:15 --------- d-----w C:\Program Files\Thai Language
2008-01-23 17:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-23 16:54 --------- d-----w C:\Program Files\SMS posílač Treca
2008-01-23 16:36 715,248 ----a-w C:\windows\system32\drivers\sptd.sys
2008-01-22 19:05 --------- d-----w C:\Program Files\Mafia
2008-01-13 12:49 --------- d-----w C:\Program Files\EA GAMES
2008-01-12 07:06 --------- d-----w C:\Program Files\DAEMON Tools
2008-01-12 01:32 --------- d-----w C:\Program Files\GameSpy Arcade
2008-01-12 00:29 --------- d-----w C:\Program Files\Audacity
2008-01-08 17:25 --------- d-----w C:\Program Files\Google
2008-01-08 17:19 --------- d-----w C:\Program Files\NASA
2008-01-02 14:26 --------- d-----w C:\Program Files\City Life Deluxe
2008-01-01 23:58 --------- d-----w C:\Program Files\Common Files\Nero
2008-01-01 23:54 --------- d-----w C:\Program Files\Nero
2008-01-01 23:37 --------- d-----w C:\Program Files\Common Files\Ahead
2008-01-01 23:37 --------- d-----w C:\Program Files\ahead
2008-01-01 23:14 --------- d-----w C:\Program Files\Electronic Arts
2007-12-29 22:58 22,328 ----a-w C:\windows\system32\drivers\PnkBstrK.sys
2007-12-29 14:12 --------- d-----w C:\Program Files\HighMAT CD Writing Wizard
2007-12-29 02:51 --------- d-----w C:\Program Files\EA SPORTS
2007-12-22 17:47 --------- d-----w C:\Program Files\MSBuild
2007-12-22 17:47 --------- d-----w C:\Program Files\Microsoft Works
2007-12-22 17:43 --------- d-----w C:\Program Files\Microsoft.NET
2007-12-22 17:35 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2007-12-21 15:42 --------- d-----w C:\Program Files\KONAMI
2007-12-17 17:05 --------- d-----w C:\Program Files\Lexmark 3400 Series
2007-12-17 17:04 --------- d-----w C:\Program Files\Lexmark Toolbar
2007-12-16 12:58 --------- d-----w C:\Program Files\Creative
2007-12-13 18:09 972,072 ----a-w C:\windows\UNNeroMediaHome.exe
2007-12-04 08:59 972,072 ----a-w C:\windows\UNRecode.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\windows\system32\ctfmon.exe" [2004-08-17 23:49 15360]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 19:10 1688872]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-28 20:22 68856]
"Spyware Doctor"="C:\PROGRA~1\SPYWAR~1\swdoctor.exe" [ ]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-02-10 19:42 2834432]
"WMedia32"="wmedia32.exe" []
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 23:49 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="LogonUI.EXE"

R0 sonyhcb;Sony Digital Imaging Base;C:\windows\system32\DRIVERS\sonyhcb.sys [2001-11-05 09:23]
R1 retx2;retx2;C:\WINDOWS\system32\drivers\retx2.sys []
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\windows\system32\drivers\sp_rsdrv2.sys [2008-02-10 19:46]
R2 nvcap;nVidia WDM Video Capture (universal);C:\windows\system32\DRIVERS\nvcap.sys [2002-06-07 03:12]
R2 nvTUNEP;nVidia WDM TVTuner;C:\windows\system32\DRIVERS\nvtunep.sys [2002-06-07 03:12]
R2 nvtvSND;nVidia WDM TVAudio Crossbar;C:\windows\system32\DRIVERS\nvtvsnd.sys [2002-06-07 03:12]
R2 NVXBAR;nVidia WDM A/V Crossbar;C:\windows\system32\DRIVERS\NVxbar.sys [2002-06-07 03:12]
R3 itchfltr;iTouch Keyboard Filter;C:\windows\system32\DRIVERS\itchfltr.sys [2004-03-10 12:42]
R3 PSched;Plánovač paketů technologie QoS;C:\windows\system32\DRIVERS\psched.sys [2004-08-04 07:04]
S3 lxcy_device;lxcy_device;C:\WINDOWS\system32\lxcycoms.exe [2006-02-20 20:23]
S3 MaRdPnp;MaRdPnp;C:\windows\system32\DRIVERS\MaRdP2K.sys [2004-09-13 10:11]
S3 MSControlService;Microsoft cache control;C:\windows\system32\windows []
S3 PLCMPR5;PLCMPR5 NDIS Protocol Driver;C:\WINDOWS\system32\PLCMPR5.SYS []
S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\PLCNDIS5.SYS []
S3 SER120;OTI Serial port driver;C:\windows\system32\DRIVERS\SER120.sys [2004-12-08 17:24]
S3 sonyhcs;Sony Digital Imaging Video;C:\windows\system32\DRIVERS\sonyhcs.sys [2001-11-05 09:23]

*Newly Created Service* - RETX2
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-13 08:09:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2008-02-13 8:16:14 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-13 07:16:08
ComboFix2.txt 2008-02-12 20:21:51
.
2008-02-10 22:15:18 --- E O F ---

[BUBINO]

Zmazal si to super .

Mas 2 antiviry. Jeden (AVG), odinstaluj.

Toto otestuj na virustotal.com:
C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe

Tam ho uploadni a vysledky daj sem.


Ako sa sprava pocitac?

[milosh]

Mel jsem pocit ze ten avg je jen proti spywaru a ne kompletni antivirak? PC uz nemam na netu jinak to asi nezkusim co?

pc uz jede v pohode proti tomu jak se choval kdyz jsem ho doma poprve spustil

Diky vsem za rady

[BUBINO]

AVG je konpletny antivirak s firewallom, antispamom, antirootkitom,....

Nemaz zac, rado sa stalo

[Baron Prášil]

AVG je konpletny antivirak s firewallom, antispamom, antirootkitom,....

jenom,upřesním-od AVG můžeš mít kompetní zabezpečení nebo jen AV nebo AS nebo antirootkit-tady vidím jenom antispyware od AVG.