Nemoho smazat viry

[Walker]

Avast mi nic nenajde ale programek ad-aware 2007 mi nasel 2 a to: Win32.TrojanSpy.Peed a Win32.Backdoor.agent
napise mi to ze pro odstraneni musim restartovat comp..restartuju comp ted ej tam podobna obazovka jako kdxz se dela scandisk..napise to tam ze to smazalo 2 soubory a spusti se windows....ale furt mi je to zase nalejza a nemuzu se jich zbavit..... a musel sem je nejak natahnout neska pac kdyz spoustim Half.life 2 tak mi to napise ze program neodpovida..a to sem to neska jeste v 4 hodiny odpoledne hral v pohode...tak myslim ze to je taky tima virama..pochybuju to je jentak...

[Walker]

Tady je log z HiJack:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:11:46, on 13.12.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
E:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
E:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ICQ Lite] "E:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [WinampAgent] "E:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "E:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] E:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = E:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download Using &BitSpirit - E:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 7587 bytes


a ty z Combofixu:

ComboFix 07-12-12.3 - Honza 2007-12-13 9:12:56.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.1599 [GMT 1:00]
Running from: E:\Downloads\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-11-13 to 2007-12-13 )))))))))))))))))))))))))))))))
.

2007-12-12 22:06 . 2007-12-12 22:25 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2007-12-08 20:44 . 2007-12-08 20:44 <DIR> d-------- C:\Program Files\CyberLink
2007-12-08 20:44 . 2007-12-08 20:44 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\CyberLink
2007-12-08 13:05 . 2007-12-08 13:05 <DIR> d-------- C:\WINDOWS\system32\Lang
2007-12-08 13:05 . 2007-12-08 13:05 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2007-12-08 13:05 . 2007-12-08 13:05 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2007-12-08 12:59 . 2004-11-18 10:42 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-12-08 12:33 . 2005-05-03 11:43 69,632 -r------- C:\WINDOWS\Alcmtr.exe
2007-12-07 23:27 . 2007-12-08 12:04 315 --a------ C:\WINDOWS\WININIT.INI
2007-12-03 21:19 . 1997-01-16 00:00 71,680 --a------ C:\WINDOWS\ST5UNST.EXE
2007-11-15 17:25 . 2007-11-15 17:27 <DIR> d-------- C:\WINDOWS\NV39643968.TMP
2007-11-15 17:20 . 2007-11-15 17:22 <DIR> d-------- C:\WINDOWS\NV24482516.TMP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-12 22:30 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-12 22:29 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-12-12 18:59 --------- d-----w C:\Documents and Settings\Honza\Data aplikací\Azureus
2007-12-08 19:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-08 19:42 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-08 11:59 15,600 ----a-w C:\WINDOWS\gdrv.sys
2007-12-08 11:33 --------- d-----w C:\Program Files\Realtek
2007-12-08 11:13 315,392 ----a-w C:\WINDOWS\HideWin.exe
2007-12-07 15:47 --------- d---a-w C:\Documents and Settings\All Users\Data aplikací\TEMP
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-12-02 21:51 --------- d-----w C:\Program Files\Lexmark X1100 Series
2007-11-30 22:32 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Test Drive Unlimited
2007-11-12 20:48 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe
2007-11-12 20:48 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-11-12 20:48 22,328 ----a-w C:\Documents and Settings\Honza\Data aplikací\PnkBstrK.sys
2007-11-12 07:03 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2007-11-12 05:51 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-11-12 05:51 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-11-12 05:51 8,523,776 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-11-12 05:51 757,760 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-11-12 05:51 7,433,504 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-11-12 05:51 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-11-12 05:51 6,537,216 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-11-12 05:51 5,770,880 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-11-12 05:51 5,611,520 ----a-w C:\WINDOWS\system32\nvdispsr.dll
2007-11-12 05:51 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-11-12 05:51 458,752 ----a-w C:\WINDOWS\system32\nvmccssr.dll

[BUBINO]

Pekny den!

Vypnete vsetky rezidentne stity (ak ich mate zapnute) , stiahnite nastroj OTMoveIt http://download.bleepingcomputer.com/ol ... MoveIt.exe .
Na ploche ho otvorte , do laveho okna programu skopirujte tuto cestu :

C:\WINDOWS\system32\ntos.exe

Nasledne pokracujte kliknutim na ikonu MOVE IT!
Na pravej strane , sa vam objavia informacie o zmaznuti .Tie skopirujte sem.

Toto v hijackthis fixnite :
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
O4 - HKLM\..\Run: [WinampAgent] "E:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = E:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

Doinstalujte firewal!! Potrebujem log z combofix , ale ten , co ste tu dal vy , nie je konpletny. Druha cast chyba a bez nej nemozeme ist dalej .Urobte aj novy log z hijackthis

[Walker]

v OTMoveIt to hodilo chybu a na prave strane to hodilo toto: File/Folder C:\WINDOWS\system32\ntos.exe not found.
File/Folder not found.

Created on 12.13.2007 17:32:29

[BUBINO]

Mohol by ste ten combofix ?

[Walker]

Zda se ze viry sou pryc
tady je teen log:

ComboFix 07-12-12.3 - Honza 2007-12-13 9:12:56.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.1599 [GMT 1:00]
Running from: E:\Downloads\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-11-13 to 2007-12-13 )))))))))))))))))))))))))))))))
.

2007-12-12 22:06 . 2007-12-12 22:25 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2007-12-08 20:44 . 2007-12-08 20:44 <DIR> d-------- C:\Program Files\CyberLink
2007-12-08 20:44 . 2007-12-08 20:44 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\CyberLink
2007-12-08 13:05 . 2007-12-08 13:05 <DIR> d-------- C:\WINDOWS\system32\Lang
2007-12-08 13:05 . 2007-12-08 13:05 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2007-12-08 13:05 . 2007-12-08 13:05 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2007-12-08 12:59 . 2004-11-18 10:42 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-12-08 12:33 . 2005-05-03 11:43 69,632 -r------- C:\WINDOWS\Alcmtr.exe
2007-12-07 23:27 . 2007-12-08 12:04 315 --a------ C:\WINDOWS\WININIT.INI
2007-12-03 21:19 . 1997-01-16 00:00 71,680 --a------ C:\WINDOWS\ST5UNST.EXE
2007-11-15 17:25 . 2007-11-15 17:27 <DIR> d-------- C:\WINDOWS\NV39643968.TMP
2007-11-15 17:20 . 2007-11-15 17:22 <DIR> d-------- C:\WINDOWS\NV24482516.TMP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-12 22:30 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-12 22:29 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-12-12 18:59 --------- d-----w C:\Documents and Settings\Honza\Data aplikací\Azureus
2007-12-08 19:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-08 19:42 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-08 11:59 15,600 ----a-w C:\WINDOWS\gdrv.sys
2007-12-08 11:33 --------- d-----w C:\Program Files\Realtek
2007-12-08 11:13 315,392 ----a-w C:\WINDOWS\HideWin.exe
2007-12-07 15:47 --------- d---a-w C:\Documents and Settings\All Users\Data aplikací\TEMP
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-12-02 21:51 --------- d-----w C:\Program Files\Lexmark X1100 Series
2007-11-30 22:32 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Test Drive Unlimited
2007-11-12 20:48 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe
2007-11-12 20:48 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-11-12 20:48 22,328 ----a-w C:\Documents and Settings\Honza\Data aplikací\PnkBstrK.sys
2007-11-12 07:03 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2007-11-12 05:51 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-11-12 05:51 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-11-12 05:51 8,523,776 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-11-12 05:51 757,760 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-11-12 05:51 7,433,504 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-11-12 05:51 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-11-12 05:51 6,537,216 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-11-12 05:51 5,770,880 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-11-12 05:51 5,611,520 ----a-w C:\WINDOWS\system32\nvdispsr.dll
2007-11-12 05:51 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-11-12 05:51 458,752 ----a-w C:\WINDOWS\system32\nvmccssr.dll
2007-11-12 05:51 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-11-12 05:51 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-11-12 05:51 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-11-12 05:51 385,024 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-11-12 05:51 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe
2007-11-12 05:51 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-11-12 05:51 35,328 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-11-12 05:51 335,872 ----a-w C:\WINDOWS\system32\nvwrses.dll
2007-11-12 05:51 335,872 ----a-w C:\WINDOWS\system32\nvwrsel.dll
2007-11-12 05:51 327,680 ----a-w C:\WINDOWS\system32\nvwrsfr.dll
2007-11-12 05:51 327,680 ----a-w C:\WINDOWS\system32\nvwrsesm.dll
2007-11-12 05:51 327,680 ----a-w C:\WINDOWS\system32\nvrshe.dll
2007-11-12 05:51 327,680 ----a-w C:\WINDOWS\system32\nvrsar.dll
2007-11-12 05:51 323,584 ----a-w C:\WINDOWS\system32\nvwrspt.dll
2007-11-12 05:51 323,584 ----a-w C:\WINDOWS\system32\nvwrsit.dll
2007-11-12 05:51 319,488 ----a-w C:\WINDOWS\system32\nvwrsptb.dll
2007-11-12 05:51 319,488 ----a-w C:\WINDOWS\system32\nvwrsnl.dll
2007-11-12 05:51 315,392 ----a-w C:\WINDOWS\system32\nvwrsru.dll
2007-11-12 05:51 315,392 ----a-w C:\WINDOWS\system32\nvwrshu.dll
2007-11-12 05:51 311,296 ----a-w C:\WINDOWS\system32\nvwrsde.dll
2007-11-12 05:51 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-11-12 05:51 303,104 ----a-w C:\WINDOWS\system32\nvwrstr.dll
2007-11-12 05:51 303,104 ----a-w C:\WINDOWS\system32\nvwrssl.dll
2007-11-12 05:51 303,104 ----a-w C:\WINDOWS\system32\nvwrsfi.dll
2007-11-12 05:51 3,715,072 ----a-w C:\WINDOWS\system32\nvvitvsr.dll
2007-11-12 05:51 3,698,688 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-11-12 05:51 3,407,872 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-11-12 05:51 3,330,048 ----a-w C:\WINDOWS\system32\nvgamesr.dll
2007-11-12 05:51 299,008 ----a-w C:\WINDOWS\system32\nvwrssk.dll
2007-11-12 05:51 299,008 ----a-w C:\WINDOWS\system32\nvwrsno.dll
2007-11-12 05:51 294,912 ----a-w C:\WINDOWS\system32\nvwrssv.dll
2007-11-12 05:51 294,912 ----a-w C:\WINDOWS\system32\nvwrspl.dll
2007-11-12 05:51 294,912 ----a-w C:\WINDOWS\system32\nvwrsda.dll
2007-11-12 05:51 290,816 ----a-w C:\WINDOWS\system32\nvwrsth.dll
2007-11-12 05:51 286,720 ----a-w C:\WINDOWS\system32\nvwrseng.dll
2007-11-12 05:51 286,720 ----a-w C:\WINDOWS\system32\nvwrscs.dll
2007-11-12 05:51 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-11-12 05:51 282,624 ----a-w C:\WINDOWS\system32\nvwrsar.dll
2007-11-12 05:51 282,624 ----a-w C:\WINDOWS\system32\nvrsfr.dll
2007-11-12 05:51 282,624 ----a-w C:\WINDOWS\system32\nvrses.dll
2007-11-12 05:51 282,624 ----a-w C:\WINDOWS\system32\nvrsel.dll
2007-11-12 05:51 278,528 ----a-w C:\WINDOWS\system32\nvwrshe.dll
2007-11-12 05:51 278,528 ----a-w C:\WINDOWS\system32\nvrsit.dll
2007-11-12 05:51 278,528 ----a-w C:\WINDOWS\system32\nvrsde.dll
2007-11-12 05:51 274,432 ----a-w C:\WINDOWS\system32\nvrspt.dll
2007-11-12 05:51 274,432 ----a-w C:\WINDOWS\system32\nvrsnl.dll
2007-11-12 05:51 274,432 ----a-w C:\WINDOWS\system32\nvrsesm.dll
2007-11-12 05:51 270,336 ----a-w C:\WINDOWS\system32\nvrsru.dll
2007-11-12 05:51 266,240 ----a-w C:\WINDOWS\system32\nvrsptb.dll
2007-11-12 05:51 266,240 ----a-w C:\WINDOWS\system32\nvrsja.dll
2007-11-12 05:51 258,048 ----a-w C:\WINDOWS\system32\nvrstr.dll
2007-11-12 05:51 258,048 ----a-w C:\WINDOWS\system32\nvrssl.dll
2007-11-12 05:51 258,048 ----a-w C:\WINDOWS\system32\nvrssk.dll
2007-11-12 05:51 258,048 ----a-w C:\WINDOWS\system32\nvrsko.dll
2007-11-12 05:51 258,048 ----a-w C:\WINDOWS\system32\nvrshu.dll
2007-11-12 05:51 253,952 ----a-w C:\WINDOWS\system32\nvrsth.dll
2007-11-12 05:51 253,952 ----a-w C:\WINDOWS\system32\nvrssv.dll
2007-11-12 05:51 253,952 ----a-w C:\WINDOWS\system32\nvrspl.dll
2007-11-12 05:51 253,952 ----a-w C:\WINDOWS\system32\nvrsno.dll
2007-11-12 05:51 253,952 ----a-w C:\WINDOWS\system32\nvrsda.dll
2007-11-12 05:51 249,856 ----a-w C:\WINDOWS\system32\nvrsfi.dll
2007-11-12 05:51 249,856 ----a-w C:\WINDOWS\system32\nvrscs.dll
2007-11-12 05:51 245,760 ----a-w C:\WINDOWS\system32\nvrseng.dll
2007-11-12 05:51 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-11-12 05:51 225,280 ----a-w C:\WINDOWS\system32\nvrszhc.dll
2007-11-12 05:51 212,992 ----a-w C:\WINDOWS\system32\nvwrsja.dll
2007-11-12 05:51 2,854,912 ----a-w C:\WINDOWS\system32\nvmoblsr.dll
.

((((((((((((((((((((((((((((( snapshot@2007-12-13_ 9.05.10,40 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-13 08:03:08 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2007-12-13 08:06:38 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2007-12-13 08:03:08 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-12-13 08:06:38 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-12-13 08:03:08 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-12-13 08:06:38 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-12-13 08:11:28 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_610.dat
+ 2007-12-13 08:06:44 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_6f4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 14:49]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 17:05]
"DAEMON Tools"="E:\Program Files\DAEMON Tools\daemon.exe" [2007-08-29 16:09]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-17 14:58]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ICQ Lite"="E:\Program Files\ICQLite\ICQLite.exe" [2006-07-11 11:06]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 12:00]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-17 14:49 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-11-12 06:51 C:\WINDOWS\system32\nwiz.exe]
"avast!"="E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]
"ICQ Lite"="E:\Program Files\ICQLite\ICQLite.exe" [2006-07-11 11:06]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 09:36]
"WinampAgent"="E:\Program Files\Winamp\winampa.exe" []
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 14:40]
"QuickTime Task"="E:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-17 14:49 C:\WINDOWS\system32\rundll32.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 10:33 C:\WINDOWS\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 14:49]

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - E:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:00]
Adobe Reader Synchronizer.lnk - E:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:00]
Microsoft Office.lnk - E:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04]

R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
S3 gdrv;gdrv;\??\C:\WINDOWS\gdrv.sys

*Newly Created Service* - PROCEXP90
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-13 09:14:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\wsnpoem
C:\WINDOWS\system32\ntos.exe 467456 bytes executable

scan completed successfully
hidden files: 2

**************************************************************************
.
Completion time: 2007-12-13 9:14:28

[BUBINO]

Musim vam oponovat , viry nie su prec.

Na virustotal.com otestujte nasledovne subory. Uploadnite ich a vysledky z nich hodte sem. :

C:\WINDOWS\system32\LoopyMusic.wav
C:\WINDOWS\system32\BuzzingBee.wav
C:\WINDOWS\WININIT.INI
C:\WINDOWS\HideWin.exe

Do poznamkoveho bloku skopirujte toto :

File::
C:\WINDOWS\system32\wsnpoem
C:\WINDOWS\system32\ntos.exe
C:\WINDOWS\NV39643968.TMP
C:\WINDOWS\NV24482516.TMP


Ten , ulozte na plochu ako CFScript.txt (vsetky subory) , chytte mysou a preneste nad combofix ako na obrazku dole. Ten sa spusti a na konci vyhodi log. Ten skopirujte sem + urobte novy HijackThis a tie testy z virustotal.

[Walker]

Výsledky
C:\WINDOWS\system32\LoopyMusic.wav 0/32
C:\WINDOWS\system32\BuzzingBee.wav 0/32
C:\WINDOWS\WININIT.INI 0/32
C:\WINDOWS\HideWin.exe 0/32

ale u toho Hidewin mito napsalo ze uz to nekdy v cervnu nebo v unoru bylo testovany a naslo to jeden vir (nebo co) a kdyz sem dal rescan tak to nenaslo nic...... tohle to co to naslo v tom unoru: Win32.Vulnerable.gen!High (suspicious)

Combofix:
ComboFix 07-12-12.3 - Honza 2007-12-13 22:49:01.4 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.1663 [GMT 1:00]
Running from: E:\Downloads\ComboFix.exe
Command switches used :: C:\Documents and Settings\Honza\Plocha\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\NV24482516.TMP
C:\WINDOWS\NV39643968.TMP
C:\WINDOWS\system32\ntos.exe
C:\WINDOWS\system32\wsnpoem
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\wsnpoem
C:\WINDOWS\system32\wsnpoem\audio.dll
C:\WINDOWS\system32\wsnpoem\audio.dll.cla
C:\WINDOWS\system32\wsnpoem\video.dll

.
((((((((((((((((((((((((( Files Created from 2007-11-13 to 2007-12-13 )))))))))))))))))))))))))))))))
.

2007-12-12 22:06 . 2007-12-12 22:25 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2007-12-08 20:44 . 2007-12-08 20:44 <DIR> d-------- C:\Program Files\CyberLink
2007-12-08 20:44 . 2007-12-08 20:44 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\CyberLink
2007-12-08 13:05 . 2007-12-08 13:05 <DIR> d-------- C:\WINDOWS\system32\Lang
2007-12-08 13:05 . 2007-12-08 13:05 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2007-12-08 13:05 . 2007-12-08 13:05 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2007-12-08 12:59 . 2004-11-18 10:42 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-12-08 12:33 . 2005-05-03 11:43 69,632 -r------- C:\WINDOWS\Alcmtr.exe
2007-12-07 23:27 . 2007-12-08 12:04 315 --a------ C:\WINDOWS\WININIT.INI
2007-12-03 21:19 . 1997-01-16 00:00 71,680 --a------ C:\WINDOWS\ST5UNST.EXE
2007-11-15 17:25 . 2007-11-15 17:27 <DIR> d-------- C:\WINDOWS\NV39643968.TMP
2007-11-15 17:20 . 2007-11-15 17:22 <DIR> d-------- C:\WINDOWS\NV24482516.TMP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-13 19:16 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-13 19:15 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-12-13 16:19 --------- d-----w C:\Documents and Settings\Honza\Data aplikací\Azureus
2007-12-08 19:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-08 19:42 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-08 11:59 15,600 ----a-w C:\WINDOWS\gdrv.sys
2007-12-08 11:33 --------- d-----w C:\Program Files\Realtek
2007-12-08 11:13 315,392 ----a-w C:\WINDOWS\HideWin.exe
2007-12-07 15:47 --------- d---a-w C:\Documents and Settings\All Users\Data aplikací\TEMP
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-12-02 21:51 --------- d-----w C:\Program Files\Lexmark X1100 Series
2007-11-30 22:32 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Test Drive Unlimited
2007-11-12 20:48 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe
2007-11-12 20:48 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-11-12 20:48 22,328 ----a-w C:\Documents and Settings\Honza\Data aplikací\PnkBstrK.sys
2007-11-12 07:03 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2007-11-12 05:51 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-11-12 05:51 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-11-12 05:51 8,523,776 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-11-12 05:51 757,760 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-11-12 05:51 7,433,504 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-11-12 05:51 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-11-12 05:51 6,537,216 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-11-12 05:51 5,770,880 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-11-12 05:51 5,611,520 ----a-w C:\WINDOWS\system32\nvdispsr.dll
2007-11-12 05:51 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-11-12 05:51 458,752 ----a-w C:\WINDOWS\system32\nvmccssr.dll
2007-11-12 05:51 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-11-12 05:51 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-11-12 05:51 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-11-12 05:51 385,024 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-11-12 05:51 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe
2007-11-12 05:51 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-11-12 05:51 35,328 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-11-12 05:51 335,872 ----a-w C:\WINDOWS\system32\nvwrses.dll
2007-11-12 05:51 335,872 ----a-w C:\WINDOWS\system32\nvwrsel.dll
2007-11-12 05:51 327,680 ----a-w C:\WINDOWS\system32\nvwrsfr.dll
2007-11-12 05:51 327,680 ----a-w C:\WINDOWS\system32\nvwrsesm.dll
2007-11-12 05:51 327,680 ----a-w C:\WINDOWS\system32\nvrshe.dll
2007-11-12 05:51 327,680 ----a-w C:\WINDOWS\system32\nvrsar.dll
2007-11-12 05:51 323,584 ----a-w C:\WINDOWS\system32\nvwrspt.dll
2007-11-12 05:51 323,584 ----a-w C:\WINDOWS\system32\nvwrsit.dll
2007-11-12 05:51 319,488 ----a-w C:\WINDOWS\system32\nvwrsptb.dll
2007-11-12 05:51 319,488 ----a-w C:\WINDOWS\system32\nvwrsnl.dll
2007-11-12 05:51 315,392 ----a-w C:\WINDOWS\system32\nvwrsru.dll
2007-11-12 05:51 315,392 ----a-w C:\WINDOWS\system32\nvwrshu.dll
2007-11-12 05:51 311,296 ----a-w C:\WINDOWS\system32\nvwrsde.dll
2007-11-12 05:51 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-11-12 05:51 303,104 ----a-w C:\WINDOWS\system32\nvwrstr.dll
2007-11-12 05:51 303,104 ----a-w C:\WINDOWS\system32\nvwrssl.dll
2007-11-12 05:51 303,104 ----a-w C:\WINDOWS\system32\nvwrsfi.dll
2007-11-12 05:51 3,715,072 ----a-w C:\WINDOWS\system32\nvvitvsr.dll
2007-11-12 05:51 3,698,688 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-11-12 05:51 3,407,872 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-11-12 05:51 3,330,048 ----a-w C:\WINDOWS\system32\nvgamesr.dll
2007-11-12 05:51 299,008 ----a-w C:\WINDOWS\system32\nvwrssk.dll
2007-11-12 05:51 299,008 ----a-w C:\WINDOWS\system32\nvwrsno.dll
2007-11-12 05:51 294,912 ----a-w C:\WINDOWS\system32\nvwrssv.dll
2007-11-12 05:51 294,912 ----a-w C:\WINDOWS\system32\nvwrspl.dll
2007-11-12 05:51 294,912 ----a-w C:\WINDOWS\system32\nvwrsda.dll
2007-11-12 05:51 290,816 ----a-w C:\WINDOWS\system32\nvwrsth.dll
2007-11-12 05:51 286,720 ----a-w C:\WINDOWS\system32\nvwrseng.dll
2007-11-12 05:51 286,720 ----a-w C:\WINDOWS\system32\nvwrscs.dll
2007-11-12 05:51 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-11-12 05:51 282,624 ----a-w C:\WINDOWS\system32\nvwrsar.dll
2007-11-12 05:51 282,624 ----a-w C:\WINDOWS\system32\nvrsfr.dll
2007-11-12 05:51 282,624 ----a-w C:\WINDOWS\system32\nvrses.dll
2007-11-12 05:51 282,624 ----a-w C:\WINDOWS\system32\nvrsel.dll
2007-11-12 05:51 278,528 ----a-w C:\WINDOWS\system32\nvwrshe.dll
2007-11-12 05:51 278,528 ----a-w C:\WINDOWS\system32\nvrsit.dll
2007-11-12 05:51 278,528 ----a-w C:\WINDOWS\system32\nvrsde.dll
2007-11-12 05:51 274,432 ----a-w C:\WINDOWS\system32\nvrspt.dll
2007-11-12 05:51 274,432 ----a-w C:\WINDOWS\system32\nvrsnl.dll
2007-11-12 05:51 274,432 ----a-w C:\WINDOWS\system32\nvrsesm.dll
2007-11-12 05:51 270,336 ----a-w C:\WINDOWS\system32\nvrsru.dll
2007-11-12 05:51 266,240 ----a-w C:\WINDOWS\system32\nvrsptb.dll
2007-11-12 05:51 266,240 ----a-w C:\WINDOWS\system32\nvrsja.dll
2007-11-12 05:51 258,048 ----a-w C:\WINDOWS\system32\nvrstr.dll
2007-11-12 05:51 258,048 ----a-w C:\WINDOWS\system32\nvrssl.dll
2007-11-12 05:51 258,048 ----a-w C:\WINDOWS\system32\nvrssk.dll
2007-11-12 05:51 258,048 ----a-w C:\WINDOWS\system32\nvrsko.dll
2007-11-12 05:51 258,048 ----a-w C:\WINDOWS\system32\nvrshu.dll
2007-11-12 05:51 253,952 ----a-w C:\WINDOWS\system32\nvrsth.dll
2007-11-12 05:51 253,952 ----a-w C:\WINDOWS\system32\nvrssv.dll
2007-11-12 05:51 253,952 ----a-w C:\WINDOWS\system32\nvrspl.dll
2007-11-12 05:51 253,952 ----a-w C:\WINDOWS\system32\nvrsno.dll
2007-11-12 05:51 253,952 ----a-w C:\WINDOWS\system32\nvrsda.dll
2007-11-12 05:51 249,856 ----a-w C:\WINDOWS\system32\nvrsfi.dll
2007-11-12 05:51 249,856 ----a-w C:\WINDOWS\system32\nvrscs.dll
2007-11-12 05:51 245,760 ----a-w C:\WINDOWS\system32\nvrseng.dll
2007-11-12 05:51 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-11-12 05:51 225,280 ----a-w C:\WINDOWS\system32\nvrszhc.dll
2007-11-12 05:51 212,992 ----a-w C:\WINDOWS\system32\nvwrsja.dll
2007-11-12 05:51 2,854,912 ----a-w C:\WINDOWS\system32\nvmoblsr.dll
.

((((((((((((((((((((((((((((( snapshot@2007-12-13_ 9.05.10,40 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-13 08:03:08 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2007-12-13 16:37:19 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2007-12-13 08:03:08 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-12-13 16:37:19 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-12-13 08:03:08 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-12-13 16:37:19 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-12-13 16:51:41 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_6d0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 14:49]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 17:05]
"DAEMON Tools"="E:\Program Files\DAEMON Tools\daemon.exe" [2007-08-29 16:09]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-17 14:58]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ICQ Lite"="E:\Program Files\ICQLite\ICQLite.exe" [2006-07-11 11:06]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 12:00]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-17 14:49 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-11-12 06:51 C:\WINDOWS\system32\nwiz.exe]
"avast!"="E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]
"ICQ Lite"="E:\Program Files\ICQLite\ICQLite.exe" [2006-07-11 11:06]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 09:36]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-17 14:49 C:\WINDOWS\system32\rundll32.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 10:33 C:\WINDOWS\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 14:49]

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Microsoft Office.lnk - E:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04]

R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
S3 gdrv;gdrv;\??\C:\WINDOWS\gdrv.sys

*Newly Created Service* - PNKBSTRK
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-13 22:49:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-13 22:49:55
C:\ComboFix2.txt ... 2007-12-13 09:14


HiJack:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:51:01, on 13.12.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
E:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
E:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ICQ Lite] "E:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "E:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] E:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download Using &BitSpirit - E:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 6691 bytes

[BUBINO]

Skontrolujte , ci mate vo windows tieto subory :
C:\WINDOWS\NV39643968.TMP
C:\WINDOWS\NV24482516.TMP
Ak ano , tak ich zmaznite. Pokial by neslo , tak v nudzovom rezime.


Pouzite ccleaner . : http://www.viry.cz/forum/viewtopic.php? ... ce6fe5d48f

Doinstalujte neaky firewall : http://www.viry.cz/forum/viewforum.php?f=3

Ako sa chova pocitac?

[Walker]

soubory smazany.......pocitac se chova v poradku.....zadne divne chovani zatim nepozoruji....jedine ze mi vcera nesla spustit jedna aplikace (Half Life 2) a jakmile sme zacali pracovat na cisteni tak uz sem ho dnes spustil...tot asi vse....

[BUBINO]

J , tak to som rad