Log z HJT a Combofixu - neviem najst virus

[kingpin99]

Zdravim vas, mohol by mi niekto pozriet log z HJT a Combofixu?
Mal som trojana Zlob.BUU ale podarilo sa mi ho odstranit (aspon si mylsim) avsak asi sa do PC zase nieco dostalo lebo mi to vypisuje nejaky virus. Budem rad ked mi to niekto skontroluje a pomoze odstranit


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:52:33, on 15. 5. 2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINNT\System32\nvsvc32.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINNT\system32\wuauclt.exe
C:\Documents and Settings\User1\Plocha\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [internat.exe] internat.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [internat.exe] internat.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [internat.exe] internat.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe

--
End of file - 5126 bytes

-----COMBOFIX-----

ComboFix 08-05-12.1 - User1 2008-05-15 20:56:07.3 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.78 [GMT 2:00]
Running from: C:\Documents and Settings\User1\Plocha\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINNT\system32\kmd.exe

.
((((((((((((((((((((((((( Files Created from 2008-04-15 to 2008-05-15 )))))))))))))))))))))))))))))))
.

2008-05-09 20:33 . 2008-05-09 20:33 <DIR> d-------- C:\Program Files\Skype
2008-05-09 20:33 . 2008-05-09 20:33 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-05-09 20:33 . 2008-05-15 20:58 <DIR> d-------- C:\Documents and Settings\User1\Data aplikací\Skype
2008-05-09 20:25 . 2008-05-09 20:25 56 --ah----- C:\WINNT\system32\ezsidmv.dat
2008-05-09 18:43 . 2008-05-09 18:43 <DIR> d-------- C:\Program Files\DNA
2008-05-09 18:43 . 2008-05-09 18:43 <DIR> d-------- C:\Program Files\BitTorrent
2008-05-09 18:43 . 2008-05-15 20:55 <DIR> d-------- C:\Documents and Settings\User1\Data aplikací\DNA
2008-05-09 18:43 . 2008-05-13 23:48 <DIR> d-------- C:\Documents and Settings\User1\Data aplikací\BitTorrent
2008-05-09 18:24 . 2008-05-09 18:24 169 --a------ C:\WINNT\RtlRack.ini
2008-05-09 18:21 . 2008-05-09 18:21 <DIR> d-------- C:\Program Files\Realtek Sound Manager
2008-05-09 18:21 . 2008-05-09 18:21 <DIR> d-------- C:\Program Files\AvRack
2008-05-09 18:21 . 2001-07-06 00:19 164 --a------ C:\WINNT\avrack.ini
2008-05-09 18:17 . 2008-05-09 18:17 <DIR> d-------- C:\Program Files\Realtek AC97
2008-04-16 21:46 . 2004-03-09 16:45 224,016 --a------ C:\WINNT\system32\TABCTL32.OCX
2008-04-16 21:46 . 1998-06-26 21:22 205,848 --a------ C:\WINNT\system32\threed32.ocx
2008-04-16 21:46 . 1999-08-11 14:21 129,024 --a------ C:\WINNT\system32\VDGT.ocx
2008-04-16 21:46 . 1998-06-23 20:57 67,376 --a------ C:\WINNT\system32\SYSINFO.OCX
2008-04-16 21:46 . 1998-06-26 21:22 57,880 --a------ C:\WINNT\system32\spin32.ocx
2008-04-16 21:41 . 2008-04-16 21:41 <DIR> d-------- C:\Program Files\Terasoft
2008-04-16 20:34 . 2008-04-16 20:34 <DIR> d-------- C:\Program Files\Lingea

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-15 15:29 --------- d-----w C:\Documents and Settings\User1\Data aplikací\skypePM
2008-05-12 17:12 --------- d-----w C:\Documents and Settings\User1\Data aplikací\MSN6
2008-05-10 17:13 --------- d-----w C:\Program Files\Google
2008-05-09 18:33 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Skype
2008-05-09 18:11 --------- d-----w C:\Program Files\C-Media 3D Audio
2008-05-09 16:13 --------- d-----w C:\Program Files\ICQ
2008-04-20 21:22 --------- d-----w C:\Documents and Settings\User1\Data aplikací\Ahead
2008-04-11 17:36 32 ----a-w C:\Documents and Settings\All Users\Data aplikací\ezsid.dat
2008-03-21 18:41 439 ----a-w C:\Program Files\INSTALL.LOG
2008-03-21 18:41 --------- d-----w C:\Documents and Settings\User1\Data aplikací\ICQ
2008-03-20 08:09 1,845,248 ----a-w C:\WINNT\system32\win32k.sys
2008-03-05 19:15 219,648 ----a-w C:\WINNT\wmpdxm.dll
2008-03-01 18:03 34,308 ----a-w C:\WINNT\system32\Chip.dll
2008-03-01 18:02 737,280 ----a-w C:\WINNT\iun6002.exe
2008-03-01 13:02 826,368 ----a-w C:\WINNT\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINNT\system32\gdi32.dll
2008-02-20 05:38 45,568 ----a-w C:\WINNT\system32\dnsrslvr.dll
2007-12-21 09:27 271 --sh--w C:\Program Files\desktop.ini
2007-12-21 09:27 22,034 ---ha-w C:\Program Files\folder.htt
2001-11-23 11:08 712,704 ----a-w C:\WINNT\inf\OTHER\AUDIO3D.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINNT\system32\ctfmon.exe" [2004-08-17 16:49 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 19:05 143360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-09 18:43 289088]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-04-23 17:45 22058792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [2004-08-17 16:49 143872 C:\WINNT\system32\mobsync.exe]
"NvCplDaemon"="C:\WINNT\System32\NvCpl.dll" [2006-10-22 13:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 13:22 1622016 C:\WINNT\system32\nwiz.exe]
"NvMediaCenter"="C:\WINNT\System32\NvMcTray.dll" [2006-10-22 13:22 86016]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"Cmaudio"="cmicnfg.cpl" []
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-12-21 09:21 1443072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [2000-03-20 02:00 20752 C:\WINNT\system32\internat.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe" [2004-08-17 16:49 215552]
"tscuninstall"="C:\WINNT\system32\tscupgrd.exe" [2004-08-17 16:42 44544]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009


.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-15 20:58:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-15 20:59:49
ComboFix-quarantined-files.txt 2008-05-15 18:59:47

Adresářů: 6, Volných bajtů: 7,144,423,424
Adresářů: 8, Volných bajtů: 7,424,106,496

113 --- E O F --- 2008-05-14 19:57:08

//Nemoze to byt tymi subormi v logu z combofixu?
2008-03-01 13:02 826,368 ----a-w C:\WINNT\system32\wininet.dll
2007-12-21 09:27 271 --sh--w C:\Program Files\desktop.ini
2007-12-21 09:27 22,034 ---ha-w C:\Program Files\folder.htt

[BUBINO]

Uz mate problem vyrieseny, alebo ho mam doriesit?

[kingpin99]

Uz som preinstaloval widle takze netreba, ale vdaka.