mám stejný problém jako koleka výše, prosím poraďte
Vypis z HiJackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:21:47, on 25.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\CtrlVol.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Dokumenty\log\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: ADSTechnology module - {831CBAC0-8283-4653-9D81-FEB9F3F6E47C} - C:\Program Files\ADSTechnology\ADSTechnology.dll (file missing)
O2 - BHO: ActivationManager module - {86A44EF7-78FC-4e18-A564-B18F806F7F56} - C:\Program Files\ActivationManager\ActivationManager.dll (file missing)
O2 - BHO: MSVPS System - {A477EBE4-ABE9-4A9D-B1B4-0EB1D0D025CE} - C:\WINDOWS\werbetdqw.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [LaunchApp] LaunApp
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {8FD07749-EFFA-48C6-947C-45A8D7BF422F} (CLVistaGenie Control) - http://www.cyberlink.com/vista/prog/CLVistaGenie.cab
O21 - SSODL: gormet - {05406277-C73D-499F-8C8B-385A7C9994BA} - C:\WINDOWS\gormet.dll
O21 - SSODL: pmkret - {2F4823C4-21E3-49E9-89C6-56A865FC3403} - C:\WINDOWS\pmkret.dll
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
--
End of file - 6165 bytes
luciper - Zlob trojan
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Vítej na fóru
Stáhni si SUPERAntiSpyware
Nainstaluj a spusť ho a klikni na tlačítko Check for Updates...
Po provedení Update klikni na tlačítko: Scan your computer
Zvol možnost: Perform Complete Scan a klikni na tlačítko Další >
Proběhne kontrola, po skončení vypíše vše co našel.
Ujisti se že všechny položko jsou zaškrtnuty a pak zvol tlačítko Další
Pak klikni na tlačítko Finish a měl by ses dostat na úvodní obrazovku.
Tam klikni na tlačítko: Preferences... a tam zvol záložku Statistics/Logs
Tam klikni na log s dnešním datem který tam bude a dej tlačítko: View Log...
Otevře se ti Okno s logem tak jeho obsah sem zkopíruj.
Dej sem pak taky i nový log z HijackThis
PS: platí to co už zmínil Pic, je lepší si založit příště vlastní téma, i kdyby se jednalo o stejný problém jako máš ty.
Stáhni si SUPERAntiSpyware
Nainstaluj a spusť ho a klikni na tlačítko Check for Updates...
Po provedení Update klikni na tlačítko: Scan your computer
Zvol možnost: Perform Complete Scan a klikni na tlačítko Další >
Proběhne kontrola, po skončení vypíše vše co našel.
Ujisti se že všechny položko jsou zaškrtnuty a pak zvol tlačítko Další
Pak klikni na tlačítko Finish a měl by ses dostat na úvodní obrazovku.
Tam klikni na tlačítko: Preferences... a tam zvol záložku Statistics/Logs
Tam klikni na log s dnešním datem který tam bude a dej tlačítko: View Log...
Otevře se ti Okno s logem tak jeho obsah sem zkopíruj.
Dej sem pak taky i nový log z HijackThis
PS: platí to co už zmínil Pic, je lepší si založit příště vlastní téma, i kdyby se jednalo o stejný problém jako máš ty.
Tak zatim to nevypadá, že by to pomohlo
log z Superantispyware:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 11/26/2007 at 03:13 PM
Application Version : 3.9.1008
Core Rules Database Version : 3350
Trace Rules Database Version: 1349
Scan type : Complete Scan
Total Scan Time : 04:10:43
Memory items scanned : 413
Memory threats detected : 0
Registry items scanned : 5186
Registry threats detected : 21
File items scanned : 48812
File threats detected : 397
Trojan.Net-AM/NoGood
HKLM\Software\Classes\CLSID\{86A44EF7-78FC-4e18-A564-B18F806F7F56}
HKCR\CLSID\{86A44EF7-78FC-4E18-A564-B18F806F7F56}
HKCR\CLSID\{86A44EF7-78FC-4E18-A564-B18F806F7F56}
HKCR\CLSID\{86A44EF7-78FC-4E18-A564-B18F806F7F56}\InprocServer32
HKCR\CLSID\{86A44EF7-78FC-4E18-A564-B18F806F7F56}\InprocServer32#ThreadingModel
HKCR\CLSID\{86A44EF7-78FC-4E18-A564-B18F806F7F56}\ProgID
HKCR\CLSID\{86A44EF7-78FC-4E18-A564-B18F806F7F56}\Programmable
HKCR\CLSID\{86A44EF7-78FC-4E18-A564-B18F806F7F56}\TypeLib
HKCR\CLSID\{86A44EF7-78FC-4E18-A564-B18F806F7F56}\VersionIndependentProgID
C:\PROGRAM FILES\ACTIVATIONMANAGER\ACTIVATIONMANAGER.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{86A44EF7-78FC-4e18-A564-B18F806F7F56}
Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{A477EBE4-ABE9-4A9D-B1B4-0EB1D0D025CE}
HKCR\CLSID\{A477EBE4-ABE9-4A9D-B1B4-0EB1D0D025CE}
HKCR\CLSID\{A477EBE4-ABE9-4A9D-B1B4-0EB1D0D025CE}
HKCR\CLSID\{A477EBE4-ABE9-4A9D-B1B4-0EB1D0D025CE}\InprocServer32
HKCR\CLSID\{A477EBE4-ABE9-4A9D-B1B4-0EB1D0D025CE}\InprocServer32#ThreadingModel
HKCR\CLSID\{A477EBE4-ABE9-4A9D-B1B4-0EB1D0D025CE}\ProgID
HKCR\CLSID\{A477EBE4-ABE9-4A9D-B1B4-0EB1D0D025CE}\Programmable
HKCR\CLSID\{A477EBE4-ABE9-4A9D-B1B4-0EB1D0D025CE}\TypeLib
HKCR\CLSID\{A477EBE4-ABE9-4A9D-B1B4-0EB1D0D025CE}\VersionIndependentProgID
C:\WINDOWS\WERBETDQW.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A477EBE4-ABE9-4A9D-B1B4-0EB1D0D025CE}
Adware.Tracking Cookie
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.sexshop[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@fan.soundtrack[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adtech[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@nike.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@partypoker[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@cgi-bin[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@please[15].txt
C:\Documents and Settings\Administrator\Cookies\administrator@vyhledavac.aaa-sex[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.incentaclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@eroticke-povidky.sexytela[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@xiti[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@counter.cnw[4].txt
C:\Documents and Settings\Administrator\Cookies\administrator@buycom.122.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adbrite[4].txt
C:\Documents and Settings\Administrator\Cookies\administrator@stat-counter.fabrica.net[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@komtrack[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@kanoodle[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.allstar[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@cbs.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@shop.soundtrack[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@revsci[4].txt
C:\Documents and Settings\Administrator\Cookies\administrator@sex-doma[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@perf.overture[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@2o7[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@yadro[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@stat.onestat[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adverticum[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@please[16].txt
C:\Documents and Settings\Administrator\Cookies\administrator@please[14].txt
C:\Documents and Settings\Administrator\Cookies\administrator@qnsr[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@bs.serving-sys[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@cgi-bin[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@k.iinfo[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad3.bannerbank[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@atwola[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.wz[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@sexshop[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@toplist[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@as1.falkag[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.100.tbn[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@audit.median[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads1.partnerlogic[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@avsmedia[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adrenaline[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@mystat.synch[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.stileproject[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@revenue[4].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ekonomika.idnes[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@xxxcounter[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@phg.hitbox[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.adition[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@serving-sys[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@statcounter[4].txt
C:\Documents and Settings\Administrator\Cookies\administrator@cz.search.etargetnet[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.wedoo[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@fastclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@as-eu.falkag[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad9.bannerbank[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@showit[4].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adserver.adreactor[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@advertising[4].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad1.clickhype[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@please[9].txt
C:\Documents and Settings\Administrator\Cookies\administrator@mediaonenetwork[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@counter.hitslink[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.pointroll[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.macromedia[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@keywordmax[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@toplist[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@testdrive.adbrite[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@targetnet[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@eroticke-povidky.aaa-sex[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@247realmedia[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@hitbox[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.text.tbn[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@acvs.mediaonenetwork[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@rambler[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@casalemedia[4].txt
C:\Documents and Settings\Administrator\Cookies\administrator@apmebf[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@stilemedia[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@mdlfr[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@euros4click[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tradedoubler[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@megamediamagazine[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.allrealitypass[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@list[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@microsoftwga.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@paypal.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ehg-warnerbrothers.hitbox[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adstat.4u[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@sexus[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@please[10].txt
C:\Documents and Settings\Administrator\Cookies\administrator@partners.webmasterplan[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@counter11.sextracker[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@cgi[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.planetactive[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@traffic.buyservices[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.zanox[4].txt
C:\Documents and Settings\Administrator\Cookies\administrator@eurosport-praha.takeit.idnes[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@search.etargetnet[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tds[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@counter.glacier-hejda[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.ent.tbn[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.adbrite[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@linksynergy[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@hotlog[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@overture[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@takeit.idnes[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.addynamix[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ehg-gmi.hitbox[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@edge.ru4[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@phorum[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@sixapart.adbureau[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adbrite.122.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.stilemedia[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@topfun.idnes[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@image.masterstats[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@4.adbrite[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@please[8].txt
C:\Documents and Settings\Administrator\Cookies\administrator@zabava.aaa-sex[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@cs.sexcounter[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@questionmarket[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@fortunecity[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.sexmaxx[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@abb[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@banner.webcz[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ehg-ads.hitbox[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.lesbianteenhunter[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@cgi[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@counter7.sextracker[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@partygaming.122.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@click.zoopartners[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@zedo[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@hentaicounter[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adserver.easyad[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@sexx[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@nejdelsi-penis.u-tube-tv[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.us.e-planning[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@mb[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adserver.a1media[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@wlw.122.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@new-pcp[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@clickaider[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@internet[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@altastat[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@pacificpoker[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@specificclick[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.play[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@sexytela[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@sextracker[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@kunraticke-jahody-ing-vaclav-ja.takeit.idnes[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@msnportal.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@gynekologicka-ordinace.takeit.idnes[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@vysledky.idnes[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.fullreleases[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@please[7].txt
C:\Documents and Settings\Administrator\Cookies\administrator@earla.rajce.idnes[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@stat.cluso[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@soundtrack.estranky[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adrenalinesk[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@myhornycartoons[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@kreid.rajce.idnes[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@interclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@franceguide[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@158-OS[4].txt
C:\Documents and Settings\Administrator\Cookies\administrator@indextools[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@pornoblog[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tracking.weinwelt[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@stats.channel4[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.adnet[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ajax_interface[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@animalsex-planet[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@toplist[4].txt
C:\Documents and Settings\Administrator\Cookies\administrator@nielsen.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.netrealit[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@paycounter[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ehg-hollywood.hitbox[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@fuckphent[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adultdvdmovies[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@sport.idnes[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tacoda[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@click4sky[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ehg-salomon.hitbox[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@metacafe.122.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@manazerska-akademie-jakosti.takeit.idnes[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@uzivatele.rajce.idnes[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@s[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@azjmp[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@m1.webstats.motigo[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.etracker[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ajax_interface[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@videoklipy.live-jasmin-sex-cams[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@hit[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ehg-youtube.hitbox[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@statsweb.bnpparibas[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@warezblog[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.sexshopik[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@pornozpravy[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@rajce.idnes[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@musicmedia[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.primeinteractive[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adfarm1.adition[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@xos.adbureau[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@counter4.sextracker[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@philips.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@protect.trustedantivirus[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tvserialy[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@sexlist[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@dealclick.co[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@1072707600[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@nextag[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.prolidi[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@weborama[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@trustedantivirus[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@windowsmedia[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@sexonline[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@jobdnes.idnes[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@track.websitetrafficreport[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@xxxpower[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@media.adrevolver[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@v-usa-se-narodil-trojoky-kocour-se-dvema-tvaremi-fui-[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.burstnet[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adopt.specificclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adopt.euroclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@secure.click4sky[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@edsa.122.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@kvazar-micro.takeit.idnes[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@sale.trustedantivirus[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.sexonline[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@sexshopik[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@pornokomix[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@clickbank[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ochranari-chteji-koupit-a-zbourat-labskou-boudu-fto-[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@estat[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@top.porn-comics[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@jizdnirady.idnes[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.iqsys[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@opilec-vjel-v-centru-prahy-autem-mezi-lidi-na-chodniku-pf1-[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@vyskar-janku-zpevem-zastinil-i-karla-gotta-f2u-[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@treti-pokus-samprasovi-vysel-federer-padl-fj3-[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@shop.pcprivacytool[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@gomyhit[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@counter.studentagency[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@security-center[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ehg-foxmovies.hitbox[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@pcprivacytool[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@magnat-chrenek-klidne-si-dam-i-pivo-z-kelimku-fm0-[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adclickstats[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@zheltaya_hernya[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@158-OS[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@mobilnihry.idnes[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@forum.cz-warez[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@mediainfo[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@counter.cnw[2].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@doubleclick[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@statcounter[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@ad.allstar[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@2o7[2].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@eroticke-povidky.aaa-sex[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@mediaplex[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@ad.wz[2].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@clickaider[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@adtech[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@adbrite[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@stat.onestat[2].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@ad.zanox[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@advertising[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@partners.webmasterplan[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@tradedoubler[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@fastclick[2].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@ads.adbrite[2].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@spylog[2].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@atwola[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@atdmt[2].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@elektromedia[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@toplist[2].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@soundtrack.estranky[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@fan.soundtrack[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@counter.cnw[3].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@ad.yieldmanager[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@nike.112.2o7[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@komtrack[2].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@counter[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@questionmarket[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@2o7[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@ads.pointroll[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@rainbowmedia.122.2o7[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@hitbox[2].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@ad.wz[3].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@indextools[2].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@toplist[3].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@counter.cnw[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@tribalfusion[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@advertising[3].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@atwola[2].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@adtech[2].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@ehg-youtube.hitbox[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@revenue[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adrevolver[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adtech[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@komtrack[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@toplist[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@bs.serving-sys[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.zanox[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adrevolver[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@yadro[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@spylog[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adultfriendfinder[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.stileproject[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@hentaicounter[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@atwola[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.wz[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@casalemedia[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.adbrite[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.allstar[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@counter.cnw[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@stat.onestat[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adbrite[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@hentaicounter[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.wz[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.zanox[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@yadro[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@stats[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@i-stats[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.adbrite[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adbrite[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@specificclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@revenue[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adopt.specificclick[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@atwola[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@indextools[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.etracker[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@casalemedia[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@stats[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@klik.klikadvertising[1].txt
Browser Hijacker.Internet Explorer Settings Hijack
HKU\S-1-5-21-3079058028-503765614-3036146093-500\Software\Microsoft\Internet Explorer\Main#Start Page [ http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2 ]
Desktop Hijacker.AboutYourPrivacy
C:\Documents and Settings\Administrator\Plocha\Error Cleaner.url
C:\Documents and Settings\Administrator\Plocha\Privacy Protector.url
C:\Documents and Settings\Administrator\Plocha\Spyware&Malware Protection.url
C:\Documents and Settings\Administrator\Oblíbené položky\Error Cleaner.url
C:\Documents and Settings\Administrator\Oblíbené položky\Privacy Protector.url
C:\Documents and Settings\Administrator\Oblíbené položky\Spyware&Malware Protection.url
Trojan.Downloader-Zlob/HDTIP
C:\WINDOWS\HDTIP.DLL
Trojan.MSSecure/System
D:\_ACER C\WINDOWS\SYSTEM32\MSSECURE.EXE
Trojan.NewExe
D:\_ACER C\WINDOWS\SYSTEM32\NEWEXE.EXE
Trojan.Microsoft Application Viewer
D:\_ACER C\WINDOWS\SYSTEM32\MSAPPVIEW32.EXE
Worm.SODABOT
D:\_ACER C\WINDOWS\SYSTEM32\LEXPLORE.EXE
Dialer.VacPro
D:\_ACER C\WINDOWS\DOWNLOADED PROGRAM FILES\INT_VER34.INF
Trojan.Unknown Origin
D:\_ACER C\WINDOWS\UMFKB23TCG\OAI4VZAQW0.VBS
D:\_ACER C\WINDOWS\ELITEUNSTALL.EXE
D:\_ACER C\WINDOWS\UNINSTALL_NMON.VBS
Trojan.SmartLoad
D:\_ACER C\WINDOWS\DRSMARTLOAD2.DAT
Trace.Known Threat Sources
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OP8R1KCD\in[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KXUZS5UN\cut1[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OP8R1KCD\shadow_bottom[1].png
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\27841RNQ\main_top[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8XE7KTYV\load_img1[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5HVGDUHF\con1[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\FN1VRL4W\bord_bttm[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KXUZS5UN\con2[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8XE7KTYV\load_txt[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KXUZS5UN\cut3_4[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\FN1VRL4W\cut3[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\JLX2VMRY\03[1].swf
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\FN1VRL4W\shadow_con_right[1].png
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\JLX2VMRY\cut2_4[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\27841RNQ\bord_lr2[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\FN1VRL4W\load_txt2[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\GD0PAFOT\cut4_4[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\JLX2VMRY\cut3_2[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\27841RNQ\shadow_con_left[1].png
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KXUZS5UN\main[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\GD0PAFOT\cut1_2[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KXUZS5UN\cut2[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\FN1VRL4W\cut2_2[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\GD0PAFOT\down_n[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8XE7KTYV\home_s[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\27841RNQ\load_pointer[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\FN1VRL4W\con4[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\GD0PAFOT\con3[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\27841RNQ\buy_n[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8XE7KTYV\load_flash_bg[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\JLX2VMRY\cut4[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\27841RNQ\load_txt3[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8XE7KTYV\main_top2[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5HVGDUHF\cut1_4[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KXUZS5UN\load_bttn[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\27841RNQ\spacer[2].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\JLX2VMRY\load_bg[1].gif
z Hijack This:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:30:42, on 26.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\CtrlVol.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Dokumenty\log\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ADSTechnology module - {831CBAC0-8283-4653-9D81-FEB9F3F6E47C} - C:\Program Files\ADSTechnology\ADSTechnology.dll (file missing)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [LaunchApp] LaunApp
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {8FD07749-EFFA-48C6-947C-45A8D7BF422F} (CLVistaGenie Control) - http://www.cyberlink.com/vista/prog/CLVistaGenie.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: gormet - {05406277-C73D-499F-8C8B-385A7C9994BA} - C:\WINDOWS\gormet.dll
O21 - SSODL: pmkret - {2F4823C4-21E3-49E9-89C6-56A865FC3403} - C:\WINDOWS\pmkret.dll
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
--
End of file - 6334 bytes
log z Superantispyware:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 11/26/2007 at 03:13 PM
Application Version : 3.9.1008
Core Rules Database Version : 3350
Trace Rules Database Version: 1349
Scan type : Complete Scan
Total Scan Time : 04:10:43
Memory items scanned : 413
Memory threats detected : 0
Registry items scanned : 5186
Registry threats detected : 21
File items scanned : 48812
File threats detected : 397
Trojan.Net-AM/NoGood
HKLM\Software\Classes\CLSID\{86A44EF7-78FC-4e18-A564-B18F806F7F56}
HKCR\CLSID\{86A44EF7-78FC-4E18-A564-B18F806F7F56}
HKCR\CLSID\{86A44EF7-78FC-4E18-A564-B18F806F7F56}
HKCR\CLSID\{86A44EF7-78FC-4E18-A564-B18F806F7F56}\InprocServer32
HKCR\CLSID\{86A44EF7-78FC-4E18-A564-B18F806F7F56}\InprocServer32#ThreadingModel
HKCR\CLSID\{86A44EF7-78FC-4E18-A564-B18F806F7F56}\ProgID
HKCR\CLSID\{86A44EF7-78FC-4E18-A564-B18F806F7F56}\Programmable
HKCR\CLSID\{86A44EF7-78FC-4E18-A564-B18F806F7F56}\TypeLib
HKCR\CLSID\{86A44EF7-78FC-4E18-A564-B18F806F7F56}\VersionIndependentProgID
C:\PROGRAM FILES\ACTIVATIONMANAGER\ACTIVATIONMANAGER.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{86A44EF7-78FC-4e18-A564-B18F806F7F56}
Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{A477EBE4-ABE9-4A9D-B1B4-0EB1D0D025CE}
HKCR\CLSID\{A477EBE4-ABE9-4A9D-B1B4-0EB1D0D025CE}
HKCR\CLSID\{A477EBE4-ABE9-4A9D-B1B4-0EB1D0D025CE}
HKCR\CLSID\{A477EBE4-ABE9-4A9D-B1B4-0EB1D0D025CE}\InprocServer32
HKCR\CLSID\{A477EBE4-ABE9-4A9D-B1B4-0EB1D0D025CE}\InprocServer32#ThreadingModel
HKCR\CLSID\{A477EBE4-ABE9-4A9D-B1B4-0EB1D0D025CE}\ProgID
HKCR\CLSID\{A477EBE4-ABE9-4A9D-B1B4-0EB1D0D025CE}\Programmable
HKCR\CLSID\{A477EBE4-ABE9-4A9D-B1B4-0EB1D0D025CE}\TypeLib
HKCR\CLSID\{A477EBE4-ABE9-4A9D-B1B4-0EB1D0D025CE}\VersionIndependentProgID
C:\WINDOWS\WERBETDQW.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A477EBE4-ABE9-4A9D-B1B4-0EB1D0D025CE}
Adware.Tracking Cookie
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.sexshop[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@fan.soundtrack[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adtech[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@nike.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@partypoker[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@cgi-bin[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@please[15].txt
C:\Documents and Settings\Administrator\Cookies\administrator@vyhledavac.aaa-sex[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.incentaclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@eroticke-povidky.sexytela[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@xiti[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@counter.cnw[4].txt
C:\Documents and Settings\Administrator\Cookies\administrator@buycom.122.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adbrite[4].txt
C:\Documents and Settings\Administrator\Cookies\administrator@stat-counter.fabrica.net[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@komtrack[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@kanoodle[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.allstar[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@cbs.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@shop.soundtrack[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@revsci[4].txt
C:\Documents and Settings\Administrator\Cookies\administrator@sex-doma[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@perf.overture[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@2o7[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@yadro[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@stat.onestat[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adverticum[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@please[16].txt
C:\Documents and Settings\Administrator\Cookies\administrator@please[14].txt
C:\Documents and Settings\Administrator\Cookies\administrator@qnsr[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@bs.serving-sys[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@cgi-bin[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@k.iinfo[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad3.bannerbank[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@atwola[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.wz[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@sexshop[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@toplist[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@as1.falkag[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.100.tbn[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@audit.median[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads1.partnerlogic[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@avsmedia[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adrenaline[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@mystat.synch[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.stileproject[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@revenue[4].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ekonomika.idnes[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@xxxcounter[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@phg.hitbox[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.adition[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@serving-sys[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@statcounter[4].txt
C:\Documents and Settings\Administrator\Cookies\administrator@cz.search.etargetnet[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.wedoo[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@fastclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@as-eu.falkag[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad9.bannerbank[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@showit[4].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adserver.adreactor[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@advertising[4].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad1.clickhype[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@please[9].txt
C:\Documents and Settings\Administrator\Cookies\administrator@mediaonenetwork[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@counter.hitslink[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.pointroll[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.macromedia[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@keywordmax[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@toplist[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@testdrive.adbrite[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@targetnet[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@eroticke-povidky.aaa-sex[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@247realmedia[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@hitbox[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.text.tbn[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@acvs.mediaonenetwork[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@rambler[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@casalemedia[4].txt
C:\Documents and Settings\Administrator\Cookies\administrator@apmebf[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@stilemedia[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@mdlfr[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@euros4click[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tradedoubler[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@megamediamagazine[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.allrealitypass[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@list[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@microsoftwga.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@paypal.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ehg-warnerbrothers.hitbox[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adstat.4u[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@sexus[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@please[10].txt
C:\Documents and Settings\Administrator\Cookies\administrator@partners.webmasterplan[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@counter11.sextracker[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@cgi[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.planetactive[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@traffic.buyservices[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.zanox[4].txt
C:\Documents and Settings\Administrator\Cookies\administrator@eurosport-praha.takeit.idnes[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@search.etargetnet[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tds[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@counter.glacier-hejda[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.ent.tbn[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.adbrite[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@linksynergy[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@hotlog[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@overture[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@takeit.idnes[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.addynamix[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ehg-gmi.hitbox[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@edge.ru4[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@phorum[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@sixapart.adbureau[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adbrite.122.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.stilemedia[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@topfun.idnes[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@image.masterstats[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@4.adbrite[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@please[8].txt
C:\Documents and Settings\Administrator\Cookies\administrator@zabava.aaa-sex[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@cs.sexcounter[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@questionmarket[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@fortunecity[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.sexmaxx[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@abb[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@banner.webcz[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ehg-ads.hitbox[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.lesbianteenhunter[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@cgi[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@counter7.sextracker[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@partygaming.122.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@click.zoopartners[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@zedo[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@hentaicounter[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adserver.easyad[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@sexx[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@nejdelsi-penis.u-tube-tv[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.us.e-planning[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@mb[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adserver.a1media[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@wlw.122.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@new-pcp[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@clickaider[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@internet[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@altastat[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@pacificpoker[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@specificclick[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.play[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@sexytela[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@sextracker[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@kunraticke-jahody-ing-vaclav-ja.takeit.idnes[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@msnportal.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@gynekologicka-ordinace.takeit.idnes[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@vysledky.idnes[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.fullreleases[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@please[7].txt
C:\Documents and Settings\Administrator\Cookies\administrator@earla.rajce.idnes[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@stat.cluso[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@soundtrack.estranky[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adrenalinesk[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@myhornycartoons[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@kreid.rajce.idnes[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@interclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@franceguide[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@158-OS[4].txt
C:\Documents and Settings\Administrator\Cookies\administrator@indextools[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@pornoblog[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tracking.weinwelt[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@stats.channel4[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.adnet[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ajax_interface[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@animalsex-planet[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@toplist[4].txt
C:\Documents and Settings\Administrator\Cookies\administrator@nielsen.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.netrealit[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@paycounter[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ehg-hollywood.hitbox[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@fuckphent[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adultdvdmovies[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@sport.idnes[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tacoda[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@click4sky[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ehg-salomon.hitbox[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@metacafe.122.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@manazerska-akademie-jakosti.takeit.idnes[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@uzivatele.rajce.idnes[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@s[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@azjmp[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@m1.webstats.motigo[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.etracker[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ajax_interface[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@videoklipy.live-jasmin-sex-cams[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@hit[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ehg-youtube.hitbox[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@statsweb.bnpparibas[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@warezblog[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.sexshopik[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@pornozpravy[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@rajce.idnes[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@musicmedia[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.primeinteractive[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adfarm1.adition[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@xos.adbureau[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@counter4.sextracker[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@philips.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@protect.trustedantivirus[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tvserialy[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@sexlist[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@dealclick.co[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@1072707600[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@nextag[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.prolidi[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@weborama[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@trustedantivirus[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@windowsmedia[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@sexonline[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@jobdnes.idnes[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@track.websitetrafficreport[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@xxxpower[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@media.adrevolver[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@v-usa-se-narodil-trojoky-kocour-se-dvema-tvaremi-fui-[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.burstnet[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adopt.specificclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adopt.euroclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@secure.click4sky[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@edsa.122.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@kvazar-micro.takeit.idnes[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@sale.trustedantivirus[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.sexonline[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@sexshopik[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@pornokomix[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@clickbank[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ochranari-chteji-koupit-a-zbourat-labskou-boudu-fto-[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@estat[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@top.porn-comics[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@jizdnirady.idnes[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.iqsys[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@opilec-vjel-v-centru-prahy-autem-mezi-lidi-na-chodniku-pf1-[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@vyskar-janku-zpevem-zastinil-i-karla-gotta-f2u-[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@treti-pokus-samprasovi-vysel-federer-padl-fj3-[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@shop.pcprivacytool[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@gomyhit[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@counter.studentagency[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@security-center[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ehg-foxmovies.hitbox[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@pcprivacytool[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@magnat-chrenek-klidne-si-dam-i-pivo-z-kelimku-fm0-[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adclickstats[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@zheltaya_hernya[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@158-OS[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@mobilnihry.idnes[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@forum.cz-warez[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@mediainfo[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@counter.cnw[2].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@doubleclick[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@statcounter[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@ad.allstar[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@2o7[2].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@eroticke-povidky.aaa-sex[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@mediaplex[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@ad.wz[2].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@clickaider[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@adtech[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@adbrite[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@stat.onestat[2].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@ad.zanox[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@advertising[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@partners.webmasterplan[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@tradedoubler[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@fastclick[2].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@ads.adbrite[2].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@spylog[2].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@atwola[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@atdmt[2].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@elektromedia[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@toplist[2].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@soundtrack.estranky[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@fan.soundtrack[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@counter.cnw[3].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@ad.yieldmanager[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@nike.112.2o7[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@komtrack[2].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@counter[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@questionmarket[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@2o7[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@ads.pointroll[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@rainbowmedia.122.2o7[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@hitbox[2].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@ad.wz[3].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@indextools[2].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@toplist[3].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@counter.cnw[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@tribalfusion[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@advertising[3].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@atwola[2].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@adtech[2].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@ehg-youtube.hitbox[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@revenue[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adrevolver[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adtech[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@komtrack[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@toplist[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@bs.serving-sys[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.zanox[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adrevolver[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@yadro[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@spylog[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adultfriendfinder[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.stileproject[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@hentaicounter[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@atwola[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.wz[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@casalemedia[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.adbrite[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.allstar[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@counter.cnw[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@stat.onestat[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adbrite[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@hentaicounter[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.wz[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.zanox[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@yadro[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@stats[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@i-stats[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.adbrite[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adbrite[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@specificclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@revenue[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adopt.specificclick[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@atwola[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@indextools[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.etracker[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@casalemedia[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@stats[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@klik.klikadvertising[1].txt
Browser Hijacker.Internet Explorer Settings Hijack
HKU\S-1-5-21-3079058028-503765614-3036146093-500\Software\Microsoft\Internet Explorer\Main#Start Page [ http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2 ]
Desktop Hijacker.AboutYourPrivacy
C:\Documents and Settings\Administrator\Plocha\Error Cleaner.url
C:\Documents and Settings\Administrator\Plocha\Privacy Protector.url
C:\Documents and Settings\Administrator\Plocha\Spyware&Malware Protection.url
C:\Documents and Settings\Administrator\Oblíbené položky\Error Cleaner.url
C:\Documents and Settings\Administrator\Oblíbené položky\Privacy Protector.url
C:\Documents and Settings\Administrator\Oblíbené položky\Spyware&Malware Protection.url
Trojan.Downloader-Zlob/HDTIP
C:\WINDOWS\HDTIP.DLL
Trojan.MSSecure/System
D:\_ACER C\WINDOWS\SYSTEM32\MSSECURE.EXE
Trojan.NewExe
D:\_ACER C\WINDOWS\SYSTEM32\NEWEXE.EXE
Trojan.Microsoft Application Viewer
D:\_ACER C\WINDOWS\SYSTEM32\MSAPPVIEW32.EXE
Worm.SODABOT
D:\_ACER C\WINDOWS\SYSTEM32\LEXPLORE.EXE
Dialer.VacPro
D:\_ACER C\WINDOWS\DOWNLOADED PROGRAM FILES\INT_VER34.INF
Trojan.Unknown Origin
D:\_ACER C\WINDOWS\UMFKB23TCG\OAI4VZAQW0.VBS
D:\_ACER C\WINDOWS\ELITEUNSTALL.EXE
D:\_ACER C\WINDOWS\UNINSTALL_NMON.VBS
Trojan.SmartLoad
D:\_ACER C\WINDOWS\DRSMARTLOAD2.DAT
Trace.Known Threat Sources
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OP8R1KCD\in[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KXUZS5UN\cut1[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OP8R1KCD\shadow_bottom[1].png
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\27841RNQ\main_top[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8XE7KTYV\load_img1[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5HVGDUHF\con1[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\FN1VRL4W\bord_bttm[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KXUZS5UN\con2[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8XE7KTYV\load_txt[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KXUZS5UN\cut3_4[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\FN1VRL4W\cut3[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\JLX2VMRY\03[1].swf
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\FN1VRL4W\shadow_con_right[1].png
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\JLX2VMRY\cut2_4[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\27841RNQ\bord_lr2[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\FN1VRL4W\load_txt2[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\GD0PAFOT\cut4_4[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\JLX2VMRY\cut3_2[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\27841RNQ\shadow_con_left[1].png
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KXUZS5UN\main[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\GD0PAFOT\cut1_2[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KXUZS5UN\cut2[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\FN1VRL4W\cut2_2[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\GD0PAFOT\down_n[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8XE7KTYV\home_s[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\27841RNQ\load_pointer[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\FN1VRL4W\con4[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\GD0PAFOT\con3[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\27841RNQ\buy_n[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8XE7KTYV\load_flash_bg[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\JLX2VMRY\cut4[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\27841RNQ\load_txt3[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8XE7KTYV\main_top2[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5HVGDUHF\cut1_4[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KXUZS5UN\load_bttn[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\27841RNQ\spacer[2].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\JLX2VMRY\load_bg[1].gif
z Hijack This:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:30:42, on 26.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\CtrlVol.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Dokumenty\log\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ADSTechnology module - {831CBAC0-8283-4653-9D81-FEB9F3F6E47C} - C:\Program Files\ADSTechnology\ADSTechnology.dll (file missing)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [LaunchApp] LaunApp
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {8FD07749-EFFA-48C6-947C-45A8D7BF422F} (CLVistaGenie Control) - http://www.cyberlink.com/vista/prog/CLVistaGenie.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: gormet - {05406277-C73D-499F-8C8B-385A7C9994BA} - C:\WINDOWS\gormet.dll
O21 - SSODL: pmkret - {2F4823C4-21E3-49E9-89C6-56A865FC3403} - C:\WINDOWS\pmkret.dll
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
--
End of file - 6334 bytes
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Stáhni si SmitFraudFix (by S!Ri)
Restartuj PC do nouzového režimu:
Spustíš SmitFraudFix - objeví se modrá obrazovka aplikace a stiskni libovolnou klávesu, tím se dostaneš do menu.
Zde zvol volbu číslo 2
Nechej proskenovat počítač.
Pokud budeš dotázán, zda povolíš čištění registrů (Do you want to clean the registry ?), stiskni klávesu Y (pozor na záměnu Y a Z na klávesnici)
Pokud budeš dotázán na odstranění zavirovaných souborů z počítače (Replace infected file ?), stiskneš opět klávesu Y.
Pak restartuj PC do normálního režimu, vlož sem z něho log který najdeš v souboru na C:\rapport.txt a udělej nový log z HijackThis a dej ho taky sem.
Restartuj PC do nouzového režimu:
Spustíš SmitFraudFix - objeví se modrá obrazovka aplikace a stiskni libovolnou klávesu, tím se dostaneš do menu.
Zde zvol volbu číslo 2
Nechej proskenovat počítač.
Pokud budeš dotázán, zda povolíš čištění registrů (Do you want to clean the registry ?), stiskni klávesu Y (pozor na záměnu Y a Z na klávesnici)
Pokud budeš dotázán na odstranění zavirovaných souborů z počítače (Replace infected file ?), stiskneš opět klávesu Y.
Pak restartuj PC do normálního režimu, vlož sem z něho log který najdeš v souboru na C:\rapport.txt a udělej nový log z HijackThis a dej ho taky sem.
tak teď to vypadá líp, už jsem to jednou zkoušela, ale vrátilo se to, tak to snad vydrží
Log ze SmitFraudFix:
SmitFraudFix v2.254
Scan done at 19:33:16,50, po 26.11.2007
Run from C:\Documents and Settings\Administrator\Dokumenty\log\SmitfraudFix
OS: Microsoft Windows XP [Verze 5.1.2600] - Windows_NT
The filesystem type is FAT32
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\WINDOWS\privacy_danger\ Deleted
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{974BD03B-D376-40F7-93AF-E8ADDCAC2BF7}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{974BD03B-D376-40F7-93AF-E8ADDCAC2BF7}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{974BD03B-D376-40F7-93AF-E8ADDCAC2BF7}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
log z HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:43:45, on 26.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\CtrlVol.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Dokumenty\log\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ADSTechnology module - {831CBAC0-8283-4653-9D81-FEB9F3F6E47C} - C:\Program Files\ADSTechnology\ADSTechnology.dll (file missing)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [LaunchApp] LaunApp
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {8FD07749-EFFA-48C6-947C-45A8D7BF422F} (CLVistaGenie Control) - http://www.cyberlink.com/vista/prog/CLVistaGenie.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: gormet - {05406277-C73D-499F-8C8B-385A7C9994BA} - C:\WINDOWS\gormet.dll
O21 - SSODL: pmkret - {2F4823C4-21E3-49E9-89C6-56A865FC3403} - C:\WINDOWS\pmkret.dll
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
--
End of file - 6196 bytes
[/b]
Log ze SmitFraudFix:
SmitFraudFix v2.254
Scan done at 19:33:16,50, po 26.11.2007
Run from C:\Documents and Settings\Administrator\Dokumenty\log\SmitfraudFix
OS: Microsoft Windows XP [Verze 5.1.2600] - Windows_NT
The filesystem type is FAT32
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\WINDOWS\privacy_danger\ Deleted
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{974BD03B-D376-40F7-93AF-E8ADDCAC2BF7}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{974BD03B-D376-40F7-93AF-E8ADDCAC2BF7}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{974BD03B-D376-40F7-93AF-E8ADDCAC2BF7}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
log z HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:43:45, on 26.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\CtrlVol.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Dokumenty\log\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ADSTechnology module - {831CBAC0-8283-4653-9D81-FEB9F3F6E47C} - C:\Program Files\ADSTechnology\ADSTechnology.dll (file missing)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [LaunchApp] LaunApp
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {8FD07749-EFFA-48C6-947C-45A8D7BF422F} (CLVistaGenie Control) - http://www.cyberlink.com/vista/prog/CLVistaGenie.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: gormet - {05406277-C73D-499F-8C8B-385A7C9994BA} - C:\WINDOWS\gormet.dll
O21 - SSODL: pmkret - {2F4823C4-21E3-49E9-89C6-56A865FC3403} - C:\WINDOWS\pmkret.dll
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
--
End of file - 6196 bytes
[/b]
tak znovu, zatim to vypadá fakt dobře
SmitFraudFix v2.255
Scan done at 21:44:24,82, po 26.11.2007
Run from C:\Documents and Settings\Administrator\Plocha\SmitfraudFix
OS: Microsoft Windows XP [Verze 5.1.2600] - Windows_NT
The filesystem type is FAT32
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\WINDOWS\gormet.dll Deleted
Deleting [HKEY_CLASSES_ROOT\CLSID\{05406277-C73D-499F-8C8B-385A7C9994BA}]
Deleting [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{05406277-C73D-499F-8C8B-385A7C9994BA}]
C:\WINDOWS\monhop.exe Deleted
C:\WINDOWS\pmkret.dll Deleted
Deleting [HKEY_CLASSES_ROOT\CLSID\{2F4823C4-21E3-49E9-89C6-56A865FC3403}]
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{974BD03B-D376-40F7-93AF-E8ADDCAC2BF7}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{974BD03B-D376-40F7-93AF-E8ADDCAC2BF7}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{974BD03B-D376-40F7-93AF-E8ADDCAC2BF7}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
z HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:07:25, on 26.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\CtrlVol.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Dokumenty\log\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ADSTechnology module - {831CBAC0-8283-4653-9D81-FEB9F3F6E47C} - C:\Program Files\ADSTechnology\ADSTechnology.dll (file missing)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [LaunchApp] LaunApp
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {8FD07749-EFFA-48C6-947C-45A8D7BF422F} (CLVistaGenie Control) - http://www.cyberlink.com/vista/prog/CLVistaGenie.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
--
End of file - 5943 bytes
SmitFraudFix v2.255
Scan done at 21:44:24,82, po 26.11.2007
Run from C:\Documents and Settings\Administrator\Plocha\SmitfraudFix
OS: Microsoft Windows XP [Verze 5.1.2600] - Windows_NT
The filesystem type is FAT32
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\WINDOWS\gormet.dll Deleted
Deleting [HKEY_CLASSES_ROOT\CLSID\{05406277-C73D-499F-8C8B-385A7C9994BA}]
Deleting [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{05406277-C73D-499F-8C8B-385A7C9994BA}]
C:\WINDOWS\monhop.exe Deleted
C:\WINDOWS\pmkret.dll Deleted
Deleting [HKEY_CLASSES_ROOT\CLSID\{2F4823C4-21E3-49E9-89C6-56A865FC3403}]
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{974BD03B-D376-40F7-93AF-E8ADDCAC2BF7}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{974BD03B-D376-40F7-93AF-E8ADDCAC2BF7}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{974BD03B-D376-40F7-93AF-E8ADDCAC2BF7}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
z HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:07:25, on 26.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\CtrlVol.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Dokumenty\log\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ADSTechnology module - {831CBAC0-8283-4653-9D81-FEB9F3F6E47C} - C:\Program Files\ADSTechnology\ADSTechnology.dll (file missing)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [LaunchApp] LaunApp
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {8FD07749-EFFA-48C6-947C-45A8D7BF422F} (CLVistaGenie Control) - http://www.cyberlink.com/vista/prog/CLVistaGenie.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
--
End of file - 5943 bytes
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Spusť znovu HijackThis a zaškrtni v něm okénka před řádky:
O2 - BHO: ADSTechnology module - {831CBAC0-8283-4653-9D81-FEB9F3F6E47C} - C:\Program Files\ADSTechnology\ADSTechnology.dll (file missing)
po zaškrtnutí klikni na tlačítko Fix Checked
Pro lepší zabezpečení by bylo dobré si doinstalovat firewall, můžeš si vybrat některý zde uvedený nebo některý jiný z odkazu: Přehled osobních firewallů
Firewally zdarma:
Comodo - kvalitní, pokročilý, s mnoha funkcemi, originálně v angličtině, čeština by měla být asi až od verze 3 která by se měl objevit v brzké době
Kerio - přehledný, větší možnosti nastavení, náročnější na systémové prostředky, v češtině
ZoneAlarm - jednoduchý, kompatibilní, nenáročný na systémové prostředky, málo možností nastavení, v angličtině
Stáhni si a spusť T-cleaner
Pokud nemáš další problémy tak by to bylo vše.
O2 - BHO: ADSTechnology module - {831CBAC0-8283-4653-9D81-FEB9F3F6E47C} - C:\Program Files\ADSTechnology\ADSTechnology.dll (file missing)
po zaškrtnutí klikni na tlačítko Fix Checked
Pro lepší zabezpečení by bylo dobré si doinstalovat firewall, můžeš si vybrat některý zde uvedený nebo některý jiný z odkazu: Přehled osobních firewallů
Firewally zdarma:
Comodo - kvalitní, pokročilý, s mnoha funkcemi, originálně v angličtině, čeština by měla být asi až od verze 3 která by se měl objevit v brzké době
Kerio - přehledný, větší možnosti nastavení, náročnější na systémové prostředky, v češtině
ZoneAlarm - jednoduchý, kompatibilní, nenáročný na systémové prostředky, málo možností nastavení, v angličtině
Stáhni si a spusť T-cleaner
Pokud nemáš další problémy tak by to bylo vše.
Zpět na “Viry, antiviry, firewally…”
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 4 hosti