Nakažené PC

[DAveDOG]

Zdravím, nechal jsem sestru na pár hodin samotnou u počítače a teď tam mám nějakou potvoru. Výpis z Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 10:31:55, on 14.10.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Windows folder: C:\WINDOWS
System folder: C:\WINDOWS\SYSTEM32
Hosts file: C:\WINDOWS\System32\drivers\etc\hosts

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\oodtray.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Hamachi\hamachi.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe
C:\Program Files\Nero\Nero 7\Core\nero.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (filesize 62080 bytes, MD5 C11F6A1F61481E24BE3FDC06EA6F7D2A)
O2 - BHO: (no name) - {15272B08-F6FE-4E71-B2BD-A59AD23EBE3C} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O3 - Toolbar: The netadv - {D1413F77-5B69-4562-84E1-78F997794E9D} - C:\WINDOWS\netadv.dll (filesize 81920 bytes, MD5 AFF451CC1B0B0719D665758FABA748B8)
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" (filesize 131072 bytes, MD5 46EE79E42E5E056E91EA4EB07E7B807A)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (filesize 33280 bytes, MD5 69B5CE8A9D8446C9CD0390276123BE3A)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exeC:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE (filesize 949376 bytes, MD5 66BC5F3AD50FE6225D3FD1964A749D38)
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exeC:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide (filesize 756248 bytes, MD5 DCAB9AADAAE920B851491120D9EBD196)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE (filesize 577536 bytes, MD5 FB1BC9A15A3DF6CFD446E1B3BD0B5099)
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (filesize 33280 bytes, MD5 69B5CE8A9D8446C9CD0390276123BE3A)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent (filesize 33280 bytes, MD5 69B5CE8A9D8446C9CD0390276123BE3A)
O4 - HKLM\..\Run: [Config] C:\Program Files\Microsoft Games\Age Of Empires ii\Config.exeC:\Program Files\Microsoft Games\Age Of Empires ii\Config.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exeC:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exeC:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [Bandwidth Monitor Pro] "C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe" /minimized (filesize 224768 bytes, MD5 3B24C45693C9553ED6F5E647A9F898F8)
O4 - HKCU\..\Run: [365dni] C:\Program Files\365dní\365dniNET.exeC:\Program Files\365dní\365dniNET.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe" (filesize 219952 bytes, MD5 8DF7F16F3DA69893CEF9F74DDDB767FD)
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" (filesize 405583 bytes, MD5 A4CE7E9913893E1B59E303CF2A43D5D6)
O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\utorrent.exe" (filesize 219952 bytes, MD5 8DF7F16F3DA69893CEF9F74DDDB767FD)
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (filesize 22880040 bytes, MD5 72F095A18223E1072F242EA25D1C6E8E)
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" (filesize 133576 bytes, MD5 8AC1F2F94F005CF332BC8749399DA498)
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe (filesize 619048 bytes, MD5 0E6F1EBF4B106FCC5357C8BABD751184)
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe (filesize 40048 bytes, MD5 54C88BFBD055621E2306534F445C0C8D)
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe (filesize 734872 bytes, MD5 169C293CE9460A05646D17DC6AA2FB2C)
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll (filesize 131151 bytes, MD5 D6FF6AA6A2C353CB9CDA91F3EC6D0400)
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll (filesize 131151 bytes, MD5 D6FF6AA6A2C353CB9CDA91F3EC6D0400)
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll (filesize 131151 bytes, MD5 D6FF6AA6A2C353CB9CDA91F3EC6D0400)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (filesize 40424 bytes, MD5 7FC19DA1DC70C78D2FBD7A1D10942051)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll (filesize 1495040 bytes, MD5 DEF7BF535EEEE99F226DF4D34907DF45)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll (filesize 1495040 bytes, MD5 DEF7BF535EEEE99F226DF4D34907DF45)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (filesize 1694208 bytes, MD5 74E6E96C6F0E2ECA4EDBB7F7A468F259)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (filesize 1694208 bytes, MD5 74E6E96C6F0E2ECA4EDBB7F7A468F259)
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (filesize 873216 bytes, MD5 9E7370CC3D6A43942433F85D0E2BBDD8)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (filesize 1828176 bytes, MD5 CB211D1B0EC6E334EADE510156FCBAC5)
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (filesize 44344 bytes, MD5 1264F787E46DC572FA274CA09B446E01)
O21 - SSODL: sysdx - {C77558AA-9E22-424F-8F66-1E504B599115} - C:\WINDOWS\sysdx.dll (filesize 315392 bytes, MD5 EF20BB1C65450817F174C6A30772C802)
O21 - SSODL: msvb - {B032998B-09B7-436D-98FE-D5CFB35C54F2} - C:\WINDOWS\msvb.dll (filesize 254976 bytes, MD5 656E83DF7B1376C33F90B824624A823A)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeC:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exeC:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exeC:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exec:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exeC:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exeC:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exeC:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exeC:\WINDOWS\system32\oodag.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exeC:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

[rary]

Použij SmitfraudFix ale stáhni si ho z toho alternativního odkazu.

Vlož sem jeho log - C:\rapport.txt

A poprosím tě aby jsi sem dal log z nového HijackThisu.
Odkaz zde

Předtím než stáhneš novou verzi HijackThisu tak smaž tu starou.

[DAveDOG]

Takže po mnoha hodinách boje s tím šmejdem jsem to vzdal :-/ a Windows přeinstaloval. Takže to může někdo z modů locknout a smazat.