žádný anti spyware program mi nic nenašel (spyware terminator,spybot,spyware doctor,pest patrol a ani mcafee antispyware) ale přesto mi hlásí mwav spyware gain.gator a downloader trojan:( přikládám log z hijackthis.prosím pokud to půjde pošlete mi odpověď na můj problém na meil:memphisto@centrum.cz
děkuju všem
Logfile of HijackThis v1.99.1
Scan saved at 11:54:22, on 11.9.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\EurotelSMS\EurotelSMS2.exe
C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Marián\Plocha\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [Outpost Firewall] "C:\Program Files\Agnitum\Outpost Firewall\outpost.exe" /waitservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall\feedback.exe" /dump:os_startup
O4 - HKLM\..\Run: [eTrust PestPatrol Active Protection] none
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -trayboot
O4 - HKCU\..\RunOnce: [SpySweeperUninstallSurvey] http://products.webroot.com/disp0201.ph ... omn=1&rsc=
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download &Flash Movies - C:\Program Files\Flash2X\Flash Hunter\save.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Snadné nastavení firewallu - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall\Plugins\BrowserBar\ie_bar.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash2X Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O9 - Extra 'Tools' menuitem: &Launch Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/online2/bejeweled ... der_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B8EFEDCD-1999-49A3-9F2B-4CA653F2DE3D}: NameServer = 172.28.1.1
O20 - AppInit_DLLs: C:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program files\mcafee.com\agent\mcdetect.exe (file missing)
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - Unknown owner - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
problém s pc:(
Nejsem rádce takže ti s logem moc neporadím. Nějakýho gain.gatora jsem ale měl ve stroji taky a tady: http://www.trendmicro.com/spyware-scan/ mě ho to zbavilo. Je to on-line vysavač breberek. Má tu nevýhodu že funguje jen přes Internet Explorer. A trvá to asi 10-15 minut. Když se to povede tak vyčisti stroj CCleaner-em a pro jistotu sem dej novej log pro kontrolu těm,co se v něm vyznají. 
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Zeptám se tě nepoužíváš náhodou program SpywareBlaster? Vlož sem ten log z programu Mwav! Běží ti tam zároveň rezidentně dva antiviry tak jeden by bylo dobré vypnout (zastavit jeho služby).
V logu HJT fixni:
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
Můžeš aji fixnout zbytečnosti
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
Tutu službu znáš?
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
jestli ne zastav ji ve Službách a nastav na Zakázáno:
Start -> Spustit... -> (napsat) services.msc>OK. V záložce služby ji najděte a ve vlastnostech nastavte typ spouštění na zakázáno.
V logu HJT fixni:
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
Můžeš aji fixnout zbytečnosti
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
Tutu službu znáš?
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
jestli ne zastav ji ve Službách a nastav na Zakázáno:
Start -> Spustit... -> (napsat) services.msc>OK. V záložce služby ji najděte a ve vlastnostech nastavte typ spouštění na zakázáno.
-
memphisto
- Guru Level 13
- Příspěvky: 21113
- Registrován: září 06
- Bydliště: Zlín - České Budějovice
- Pohlaví:
- Stav:
Offline
tady je alespoň log z virus information:
Object "gain.gator Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "conducent flexpak Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "downloader-ak Trojan-Downloader" found in File System! Action Taken: No Action Taken.
Object "websearch Toolbar" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\aupdate.dll" refers to invalid object "". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\ABBYY\FineReader 5.0 Sprint\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\ABBYY\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\ABBYY\FineReader 5.0 Sprint\Support\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\ABBYY\FineReader 5.0 Sprint\Demo\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\ABBYY\FineReader 5.0 Sprint\Scan\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\ABBYY\FineReader 5.0 Sprint\Scan\TWAIN\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Generic Game Trainer\". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".$$$". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ARY". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".cfi". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".csm". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".cz". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".dft". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".dmp". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".GAF". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".gsf". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".gsn". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".jad". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".lst". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".map". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".nc". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".nmx". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".old". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pak". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rb". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sav". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sce". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".srt". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sub". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".svc". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sve". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".tab". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".tkl". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".wfo". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "BearShare". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "eMule". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "HF_ASISTENT". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "McAfee Personal Firewall Plus". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Mozilla Firefox (1.5)". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "mpegable X4 live". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "SpywareGuard_is1". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{156BA4E7-F524-4C97-88CD-2E7D4B51779F}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{5BDAA2F7-8E48-4AFF-AA92-B559D0CDF1AD}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{69638220-1041-4B1F-953D-093C8282A144}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{8B43D18F-DC74-4D44-814E-9BD3420B8E44}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{A3B4A467-2DA6-404B-9F66-6C6B8DC6DC82}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{C6F1E87D-F3E1-4874-97EC-F87DAB6D6878}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{D1696920-9794-4BBC-8A30-7A88763DE5A2}". Action Taken: No Action Taken.
Object "gain.gator Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "conducent flexpak Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "downloader-ak Trojan-Downloader" found in File System! Action Taken: No Action Taken.
Object "websearch Toolbar" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\aupdate.dll" refers to invalid object "". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\ABBYY\FineReader 5.0 Sprint\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\ABBYY\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\ABBYY\FineReader 5.0 Sprint\Support\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\ABBYY\FineReader 5.0 Sprint\Demo\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\ABBYY\FineReader 5.0 Sprint\Scan\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\ABBYY\FineReader 5.0 Sprint\Scan\TWAIN\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Generic Game Trainer\". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".$$$". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ARY". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".cfi". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".csm". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".cz". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".dft". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".dmp". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".GAF". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".gsf". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".gsn". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".jad". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".lst". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".map". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".nc". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".nmx". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".old". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pak". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rb". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sav". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sce". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".srt". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sub". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".svc". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sve". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".tab". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".tkl". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".wfo". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "BearShare". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "eMule". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "HF_ASISTENT". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "McAfee Personal Firewall Plus". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Mozilla Firefox (1.5)". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "mpegable X4 live". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "SpywareGuard_is1". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{156BA4E7-F524-4C97-88CD-2E7D4B51779F}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{5BDAA2F7-8E48-4AFF-AA92-B559D0CDF1AD}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{69638220-1041-4B1F-953D-093C8282A144}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{8B43D18F-DC74-4D44-814E-9BD3420B8E44}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{A3B4A467-2DA6-404B-9F66-6C6B8DC6DC82}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{C6F1E87D-F3E1-4874-97EC-F87DAB6D6878}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{D1696920-9794-4BBC-8A30-7A88763DE5A2}". Action Taken: No Action Taken.
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Když se podíváš na návod jak používat Mwav tak je popsané co je potřeba vložit.
Na ty pložky refers to invalid object to sou jen chybné zánamy v registrech s tím by ti mohl pomocí program CCleaner máš tam i návod na použití (Čistič a Problémy).
Položky found in File System! sou jen zbytky po infekci v registrech.
Jinak ten log z mwav je v pořádku.
Kde ti hláší toho downloader trojana?
Na ty pložky refers to invalid object to sou jen chybné zánamy v registrech s tím by ti mohl pomocí program CCleaner máš tam i návod na použití (Čistič a Problémy).
Položky found in File System! sou jen zbytky po infekci v registrech.
Jinak ten log z mwav je v pořádku.
Kde ti hláší toho downloader trojana?
-
memphisto
- Guru Level 13
- Příspěvky: 21113
- Registrován: září 06
- Bydliště: Zlín - České Budějovice
- Pohlaví:
- Stav:
Offline
Sun Sep 10 17:59:11 2006 => Offending Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\p3p\history\gator.com !!!
Sun Sep 10 18:02:12 2006 => Object "gain.gator Spyware/Adware" found in File System! Action Taken: No Action Taken.
Sun Sep 10 18:02:16 2006 => Offending file found: C:\WINDOWS\gpinstall.exe
Sun Sep 10 18:02:16 2006 => System found infected with conducent flexpak Spyware/Adware (gpinstall.exe)! Action taken: No Action Taken.
Sun Sep 10 18:02:17 2006 => Offending file found: C:\WINDOWS\DOWNLO~1\popcaploader.dll
Sun Sep 10 18:02:17 2006 => System found infected with downloader-ak Trojan-Downloader (popcaploader.dll)! Action taken: No Action Taken.
Mon Sep 11 13:18:07 2006 => ***** Scanning complete. *****
Mon Sep 11 13:18:07 2006 => Total Objects Scanned: 23041
Mon Sep 11 13:18:07 2006 => Total Critical Objects: 4
Mon Sep 11 13:18:07 2006 => Total Disinfected Objects: 0
Mon Sep 11 13:18:07 2006 => Total Objects Renamed: 0
Mon Sep 11 13:18:07 2006 => Total Deleted Objects: 0
Mon Sep 11 13:18:07 2006 => Total Errors: 57
Mon Sep 11 13:18:07 2006 => Time Elapsed: 00:08:23
Mon Sep 11 13:18:07 2006 => Virus Database Date: 9/4/2006
Mon Sep 11 13:18:07 2006 => Virus Database Count: 220699
Mon Sep 11 13:18:07 2006 => Scan Completed.
Sun Sep 10 18:02:12 2006 => Object "gain.gator Spyware/Adware" found in File System! Action Taken: No Action Taken.
Sun Sep 10 18:02:16 2006 => Offending file found: C:\WINDOWS\gpinstall.exe
Sun Sep 10 18:02:16 2006 => System found infected with conducent flexpak Spyware/Adware (gpinstall.exe)! Action taken: No Action Taken.
Sun Sep 10 18:02:17 2006 => Offending file found: C:\WINDOWS\DOWNLO~1\popcaploader.dll
Sun Sep 10 18:02:17 2006 => System found infected with downloader-ak Trojan-Downloader (popcaploader.dll)! Action taken: No Action Taken.
Mon Sep 11 13:18:07 2006 => ***** Scanning complete. *****
Mon Sep 11 13:18:07 2006 => Total Objects Scanned: 23041
Mon Sep 11 13:18:07 2006 => Total Critical Objects: 4
Mon Sep 11 13:18:07 2006 => Total Disinfected Objects: 0
Mon Sep 11 13:18:07 2006 => Total Objects Renamed: 0
Mon Sep 11 13:18:07 2006 => Total Deleted Objects: 0
Mon Sep 11 13:18:07 2006 => Total Errors: 57
Mon Sep 11 13:18:07 2006 => Time Elapsed: 00:08:23
Mon Sep 11 13:18:07 2006 => Virus Database Date: 9/4/2006
Mon Sep 11 13:18:07 2006 => Virus Database Count: 220699
Mon Sep 11 13:18:07 2006 => Scan Completed.
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Zkus tyto soubory otestovat na Virustotal možná si budeš muset zobrazit skryté soubory aby si je našel.
C:\WINDOWS\gpinstall.exe
C:\WINDOWS\DOWNLO~1\popcaploader.dll -> provděpodobně je to adresář C:\WINDOWS\Downloaded Program Files\
Pak sem vlož výsledek.
C:\WINDOWS\gpinstall.exe
C:\WINDOWS\DOWNLO~1\popcaploader.dll -> provděpodobně je to adresář C:\WINDOWS\Downloaded Program Files\
Pak sem vlož výsledek.
-
memphisto
- Guru Level 13
- Příspěvky: 21113
- Registrován: září 06
- Bydliště: Zlín - České Budějovice
- Pohlaví:
- Stav:
Offline
ten popcaploader.dll v pc není.ani vyhledávání ho nenašlo i když sem dal vyhledávat ve skrytých.
výsledek druhého:
Complete scanning result of "GPInstall.exe", received in VirusTotal at 09.11.2006, 14:45:01 (CET).
Antivirus Version Update Result
AntiVir 7.1.1.16 09.11.2006 no virus found
Authentium 4.93.8 09.11.2006 no virus found
Avast 4.7.844.0 09.08.2006 no virus found
AVG 386 09.11.2006 no virus found
BitDefender 7.2 09.11.2006 no virus found
CAT-QuickHeal 8.00 09.11.2006 no virus found
ClamAV devel-20060426 09.11.2006 no virus found
DrWeb 4.33 09.11.2006 no virus found
eTrust-InoculateIT 23.72.121 09.10.2006 no virus found
eTrust-Vet 30.3.3071 09.11.2006 no virus found
Ewido 4.0 09.11.2006 no virus found
Fortinet 2.77.0.0 09.10.2006 no virus found
F-Prot 3.16f 09.11.2006 no virus found
F-Prot4 4.2.1.29 09.11.2006 no virus found
Ikarus 0.2.65.0 09.08.2006 no virus found
Kaspersky 4.0.2.24 09.11.2006 no virus found
McAfee 4848 09.08.2006 no virus found
Microsoft 1.1560 09.11.2006 no virus found
NOD32v2 1.1749 09.11.2006 no virus found
Norman 5.90.23 09.08.2006 no virus found
Panda 9.0.0.4 09.10.2006 no virus found
Sophos 4.09.0 09.11.2006 no virus found
Symantec 8.0 09.11.2006 no virus found
TheHacker 5.9.8.209 09.11.2006 no virus found
UNA 1.83 09.11.2006 no virus found
VBA32 3.11.1 09.11.2006 no virus found
VirusBuster 4.3.7:9 09.10.2006 no virus found
Aditional Information
File size: 796672 bytes
MD5: a75a03e2fe261297c3cbb128c32be3d8
SHA1: 196db9c736a5b07fe053cc9f4bce600080ec8cb7
výsledek druhého:
Complete scanning result of "GPInstall.exe", received in VirusTotal at 09.11.2006, 14:45:01 (CET).
Antivirus Version Update Result
AntiVir 7.1.1.16 09.11.2006 no virus found
Authentium 4.93.8 09.11.2006 no virus found
Avast 4.7.844.0 09.08.2006 no virus found
AVG 386 09.11.2006 no virus found
BitDefender 7.2 09.11.2006 no virus found
CAT-QuickHeal 8.00 09.11.2006 no virus found
ClamAV devel-20060426 09.11.2006 no virus found
DrWeb 4.33 09.11.2006 no virus found
eTrust-InoculateIT 23.72.121 09.10.2006 no virus found
eTrust-Vet 30.3.3071 09.11.2006 no virus found
Ewido 4.0 09.11.2006 no virus found
Fortinet 2.77.0.0 09.10.2006 no virus found
F-Prot 3.16f 09.11.2006 no virus found
F-Prot4 4.2.1.29 09.11.2006 no virus found
Ikarus 0.2.65.0 09.08.2006 no virus found
Kaspersky 4.0.2.24 09.11.2006 no virus found
McAfee 4848 09.08.2006 no virus found
Microsoft 1.1560 09.11.2006 no virus found
NOD32v2 1.1749 09.11.2006 no virus found
Norman 5.90.23 09.08.2006 no virus found
Panda 9.0.0.4 09.10.2006 no virus found
Sophos 4.09.0 09.11.2006 no virus found
Symantec 8.0 09.11.2006 no virus found
TheHacker 5.9.8.209 09.11.2006 no virus found
UNA 1.83 09.11.2006 no virus found
VBA32 3.11.1 09.11.2006 no virus found
VirusBuster 4.3.7:9 09.10.2006 no virus found
Aditional Information
File size: 796672 bytes
MD5: a75a03e2fe261297c3cbb128c32be3d8
SHA1: 196db9c736a5b07fe053cc9f4bce600080ec8cb7
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Smaž soubory:
C:\WINDOWS\gpinstall.exe
mušíš mít zobrazený skryté soubory jinak adresář Downloaded Program Files neuvidíš.
C:\WINDOWS\Downloaded Program Files\popcaploader.dll
pak už by to mělo být ok.
Ještě můžeš fixnout v HJT
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/online2/bejeweled ... der_v6.cab onlajn hry
C:\WINDOWS\gpinstall.exe
mušíš mít zobrazený skryté soubory jinak adresář Downloaded Program Files neuvidíš.
C:\WINDOWS\Downloaded Program Files\popcaploader.dll
pak už by to mělo být ok.
Ještě můžeš fixnout v HJT
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/online2/bejeweled ... der_v6.cab onlajn hry
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 13 hostů