tady je log z avegeru:
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ujimonxw
*******************
Script file located at: \??\D:\WINDOWS\ylsghmem.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at D:\Avenger
*******************
Beginning to process script file:
Folder D:\Program Files\Helper deleted successfully.
Completed script processing.
*******************
A tady z Hijacku:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:27:58, on 19.1.2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
E:\Programy\superantispyware\SUPERAntiSpyware.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\notepad.exe
D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
D:\Documents and Settings\All Users.WINDOWS\Data aplikací\EPSON\EPW!3 SSRP\E_S40RP7.EXE
F:\Programs\Sunbelt Software\Personal Firewall\kpf4ss.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Program Files\Spyware Terminator\sp_rsser.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
D:\WINDOWS\System32\MsPMSPSv.exe
F:\Programs\Sunbelt Software\Personal Firewall\kpf4gui.exe
D:\Program Files\Mozilla Firefox\firefox.exe
F:\Programs\Sunbelt Software\Personal Firewall\kpf4gui.exe
D:\WINDOWS\System32\wuauclt.exe
D:\WINDOWS\System32\wuauclt.exe
D:\Documents and Settings\Tata.TT-HX6RDC4CT3YK\Plocha\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
F2 - REG:system.ini: UserInit=D:\WINDOWS\SYSTEM32\Userinit.exe,D:\WINDOWS\system32\rxjddnvj.exe,
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - D:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684CC} - D:\Program Files\Helper\superfindout.dll (file missing)
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - D:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [SpywareTerminator] "D:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] E:\Programy\superantispyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://F:\Programs\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - D:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - D:\Documents and Settings\All Users.WINDOWS\Data aplikací\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - F:\Programs\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - D:\Program Files\Eset\nod32krn.exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - D:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 3863 bytes
spyware mění plochu a nejde odstranit
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log, který se ti zobrazí, jinak ho najdeš zde: C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log, který se ti zobrazí, jinak ho najdeš zde: C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Log z combofixu:
ComboFix 08-01-18.5 - Tata 2008-01-19 16:55:54.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.1.1250.1.1029.18.449 [GMT 1:00]
Running from: D:\Documents and Settings\Tata.TT-HX6RDC4CT3YK\Plocha\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\Program Files\Helper
D:\Program Files\Helper\superfindout.dll
D:\Program Files\License_Manager
D:\Program Files\smss.exe
D:\WINDOWS\764.exe
D:\WINDOWS\7search.dll
D:\WINDOWS\absolute key logger.lnk
D:\WINDOWS\aconti.exe
D:\WINDOWS\aconti.ini
D:\WINDOWS\aconti.log
D:\WINDOWS\aconti.sdb
D:\WINDOWS\acontidialer.txt
D:\WINDOWS\adbar.dll
D:\WINDOWS\cbinst$.exe
D:\WINDOWS\daxtime.dll
D:\WINDOWS\default.htm
D:\WINDOWS\dp0.dll
D:\WINDOWS\eventlowg.dll
D:\WINDOWS\fhfmm-Uninstaller.exe
D:\WINDOWS\fhfmm.exe
D:\WINDOWS\flt.dll
D:\WINDOWS\hcwprn.exe
D:\WINDOWS\hotporn.exe
D:\WINDOWS\ie_32.exe
D:\WINDOWS\iexplorr23.dll
D:\WINDOWS\jd2002.dll
D:\WINDOWS\kkcomp$.exe
D:\WINDOWS\kkcomp.dll
D:\WINDOWS\kkcomp.exe
D:\WINDOWS\kvnab$.exe
D:\WINDOWS\kvnab.dll
D:\WINDOWS\kvnab.exe
D:\WINDOWS\liqad$.exe
D:\WINDOWS\liqad.dll
D:\WINDOWS\liqad.exe
D:\WINDOWS\liqui-Uninstaller.exe
D:\WINDOWS\liqui.dll
D:\WINDOWS\liqui.exe
D:\WINDOWS\ngd.dll
D:\WINDOWS\pbar.dll
D:\WINDOWS\pbsysie.dll
D:\WINDOWS\settn.dll
D:\WINDOWS\spredirect.dll
D:\WINDOWS\system32\vtspn.dll
D:\WINDOWS\system32\xpdx.sys
D:\WINDOWS\trace
D:\WINDOWS\wbeCheck.exe
D:\WINDOWS\wbeInst$.exe
D:\WINDOWS\xadbrk.dll
D:\WINDOWS\xadbrk.exe
D:\WINDOWS\xadbrk_.exe
D:\WINDOWS\xxxvideo.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_NTMLSVC
-------\NtmlSvc
-------\xpdx
((((((((((((((((((((((((( Files Created from 2007-12-19 to 2008-01-19 )))))))))))))))))))))))))))))))
.
2008-01-19 16:53 . 2000-08-31 08:00 51,200 --a------ D:\WINDOWS\NirCmd.exe
2008-01-18 01:09 . 2008-01-18 01:09 138,624 --a------ D:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-01-18 01:08 . 2008-01-18 01:08 <DIR> d-------- D:\Program Files\WinClamAVShield
2008-01-18 01:05 . 2008-01-18 01:06 <DIR> d-------- D:\Program Files\Crawler
2008-01-18 01:04 . 2008-01-19 12:42 <DIR> d-------- D:\Program Files\Spyware Terminator
2008-01-17 20:55 . 2007-10-27 20:40 <DIR> d--h----- D:\Documents and Settings\Administrator\ćablony
2008-01-17 20:55 . 2007-10-27 22:28 <DIR> d-------- D:\Documents and Settings\Administrator\Plocha
2008-01-17 20:55 . 2007-10-27 22:28 <DIR> d--h----- D:\Documents and Settings\Administrator\Okolnˇ tisk rny
2008-01-17 20:55 . 2007-10-27 22:28 <DIR> d--h----- D:\Documents and Settings\Administrator\Okolnˇ sˇś
2008-01-17 20:55 . 2007-10-27 22:28 <DIR> d-------- D:\Documents and Settings\Administrator\Oblˇben‚ polo§ky
2008-01-17 20:55 . 2007-10-27 22:28 <DIR> dr------- D:\Documents and Settings\Administrator\Nabˇdka Start
2008-01-17 20:55 . 2007-10-27 22:28 <DIR> d-------- D:\Documents and Settings\Administrator\Dokumenty
2008-01-17 20:55 . 2008-01-17 21:03 <DIR> dr-h----- D:\Documents and Settings\Administrator\Data aplikacˇ
2008-01-17 20:50 . 2008-01-17 20:50 <DIR> d-------- D:\Program Files\Lavasoft
2008-01-16 21:54 . 2008-01-18 17:00 660 --a------ D:\WINDOWS\system32\drivers\fwdrv.err
2008-01-16 11:29 . 2008-01-16 11:29 36,868 --a------ D:\WINDOWS\system32\wcbepjsq.exe
2008-01-16 11:29 . 2008-01-16 11:29 10,240 --a------ D:\WINDOWS\system32\vjmqfmgy.exe
2008-01-14 01:43 . 2008-01-14 01:43 98,304 --a------ D:\WINDOWS\system32\CmdLineExt.dll
2008-01-14 01:41 . 2006-07-28 09:30 236,824 --a------ D:\WINDOWS\system32\xactengine2_3.dll
2008-01-14 01:41 . 2006-07-28 09:30 62,744 --a------ D:\WINDOWS\system32\xinput1_2.dll
2008-01-13 19:12 . 2007-10-02 11:56 8,337,533 --------- D:\Documents and Settings\MASA\nvu-1.0-cs-CZ.win32.installer.exe
2008-01-13 17:41 . 2008-01-13 17:41 <DIR> d---s---- D:\Documents and Settings\Tata.TT-HX6RDC4CT3YK\UserData
2008-01-07 19:54 . 2008-01-12 12:26 54,156 --ah----- D:\WINDOWS\QTFont.qfn
2008-01-07 19:54 . 2008-01-07 19:54 1,409 --a------ D:\WINDOWS\QTFont.for
2008-01-06 11:34 . 2002-08-29 02:01 134,272 --a------ D:\WINDOWS\system32\drivers\portcls.sys
2008-01-06 11:34 . 2002-08-29 02:01 134,272 --a--c--- D:\WINDOWS\system32\dllcache\portcls.sys
2008-01-06 11:34 . 2002-08-29 01:32 57,856 --a------ D:\WINDOWS\system32\drivers\drmk.sys
2008-01-06 11:34 . 2002-08-29 01:32 57,856 --a--c--- D:\WINDOWS\system32\dllcache\drmk.sys
2008-01-04 18:27 . 2006-12-08 03:04 76,800 --a------ D:\WINDOWS\system32\E_FLBCAE.DLL
2008-01-04 18:27 . 2006-04-19 03:00 62,976 --a------ D:\WINDOWS\system32\E_FD4BCAE.DLL
2008-01-04 18:27 . 2004-09-10 21:12 49,152 --a------ D:\WINDOWS\system32\E_DCINST.DLL
2008-01-04 18:27 . 2002-08-29 01:32 28,160 --a------ D:\WINDOWS\system32\drivers\usbccgp.sys
2008-01-04 18:27 . 2002-08-29 01:32 28,160 --a--c--- D:\WINDOWS\system32\dllcache\usbccgp.sys
2008-01-04 18:27 . 2002-08-29 01:50 24,960 --a------ D:\WINDOWS\system32\drivers\usbprint.sys
2008-01-04 18:27 . 2002-08-29 01:50 24,960 --a--c--- D:\WINDOWS\system32\dllcache\usbprint.sys
2008-01-04 18:24 . 2006-12-28 00:00 208,896 --a------ D:\WINDOWS\system32\esint7e.dll
2008-01-04 18:24 . 2006-12-28 00:00 66,560 --a------ D:\WINDOWS\system32\eswia7e.dll
2008-01-04 18:24 . 2006-03-10 00:00 3,584 --a------ D:\WINDOWS\system32\eswiaml.dll
2008-01-04 18:23 . 2008-01-04 18:23 26 --a------ D:\WINDOWS\CDE DX4400DEFGIPS.ini
2008-01-03 22:03 . 2008-01-19 03:12 861 --a------ D:\WINDOWS\Sof.INI
2008-01-03 20:56 . 2008-01-03 20:56 <DIR> dr------- D:\Documents and Settings\MASA\Nokia Phone Browser
2008-01-03 20:22 . 2008-01-03 20:22 8,192 --a------ D:\WINDOWS\REGULOCS.OLD
2008-01-03 20:21 . 2008-01-03 20:21 <DIR> dr------- D:\Documents and Settings\Tata.TT-HX6RDC4CT3YK\Nokia Phone Browser
2008-01-03 20:16 . 2008-01-06 11:54 <DIR> d-------- D:\Program Files\Nokia
2008-01-03 20:16 . 2008-01-06 11:54 <DIR> d-------- D:\Program Files\Common Files\Nokia
2007-12-27 13:46 . 2007-12-27 13:46 <DIR> d-------- D:\Phenomedia AG
2007-12-27 13:45 . 2007-12-27 13:45 <DIR> d-------- D:\Program Files\Phenomedia AG
2007-12-27 13:45 . 1998-11-17 13:44 328,704 --a------ D:\WINDOWS\IsUn0407.exe
2007-12-27 09:57 . 2007-12-27 09:57 <DIR> d-------- D:\Documents and Settings\Tata.TT-HX6RDC4CT3YK\Phone Browser
2007-12-25 21:33 . 2007-12-25 21:33 137,344 --a------ D:\WINDOWS\system32\drivers\hwpsgt.sys
2007-12-25 21:33 . 2007-12-25 21:33 9,472 --a------ D:\WINDOWS\system32\drivers\lemsgt.sys
2007-12-25 15:34 . 2007-12-25 15:34 <DIR> d-------- D:\Program Files\Yahoo!
2007-12-24 23:01 . 2002-09-20 18:04 150,528 --a------ D:\WINDOWS\system32\ptpusd.dll
2007-12-24 23:01 . 2002-08-29 01:48 14,208 --a------ D:\WINDOWS\system32\drivers\usbscan.sys
2007-12-24 23:01 . 2002-08-29 01:48 14,208 --a--c--- D:\WINDOWS\system32\dllcache\usbscan.sys
2007-12-24 23:01 . 2001-10-24 12:25 5,632 --a------ D:\WINDOWS\system32\ptpusb.dll
2007-12-24 22:53 . 2006-10-25 14:14 5,709,824 -ra------ D:\WINDOWS\system32\NkNEFPlugin.dll
2007-12-24 22:53 . 2003-03-19 13:28 2,179,072 --a------ D:\WINDOWS\system32\mfc71d.dll
2007-12-24 22:53 . 2002-01-06 06:48 974,848 --a------ D:\WINDOWS\system32\mfc70.dll
2007-12-24 22:53 . 2003-03-19 12:04 765,952 --a------ D:\WINDOWS\system32\msvcp71d.dll
2007-12-24 22:53 . 2003-03-19 12:03 544,768 --a------ D:\WINDOWS\system32\msvcr71d.dll
2007-12-24 22:53 . 2003-03-19 13:14 499,712 --a------ D:\WINDOWS\system32\msvcp71.dll
2007-12-24 22:53 . 2002-01-05 20:40 487,424 --a------ D:\WINDOWS\system32\msvcp70.dll
2007-12-24 22:53 . 2003-02-21 21:42 348,160 --a------ D:\WINDOWS\system32\msvcr71.dll
2007-12-24 22:53 . 2002-01-06 05:37 344,064 --a------ D:\WINDOWS\system32\msvcr70.dll
2007-12-24 22:52 . 2007-12-24 22:52 <DIR> d-------- D:\Program Files\Common Files\muvee Technologies
2007-12-24 22:52 . 2005-12-05 13:21 495,616 -ra------ D:\WINDOWS\system32\DRAGNKL1.dll
2007-12-24 22:52 . 2006-08-10 15:35 180,224 -ra------ D:\WINDOWS\system32\Strato4.dll
2007-12-24 22:52 . 2005-12-05 16:13 180,224 -ra------ D:\WINDOWS\system32\picn1120.dll
2007-12-24 22:52 . 2005-12-05 16:13 155,648 -ra------ D:\WINDOWS\system32\picn1020.dll
2007-12-24 22:52 . 2005-12-05 17:24 110,592 -ra------ D:\WINDOWS\system32\RCSigProc.dll
2007-12-24 22:52 . 2005-12-05 17:24 76,800 -ra------ D:\WINDOWS\system32\RedEye.dll
2007-12-24 22:52 . 2005-12-05 16:13 48,128 -ra------ D:\WINDOWS\system32\picn20.dll
2007-12-24 22:46 . 1995-08-01 04:44 212,480 --------- D:\WINDOWS\PCDLIB32.DLL
2007-12-24 22:45 . 2007-12-24 22:53 <DIR> d-------- D:\Program Files\Common Files\Nikon
2007-12-23 18:27 . 2005-05-26 15:34 2,297,552 --a------ D:\WINDOWS\system32\d3dx9_26.dll
2007-12-23 18:10 . 2007-12-23 18:10 1 --a------ D:\WINDOWS\system32\SI.bin
2007-12-23 11:57 . 2007-12-23 11:57 <DIR> d-------- D:\Documents and Settings\Tata.TT-HX6RDC4CT3YK\Bluetooth Software
2007-12-23 11:53 . 2007-12-23 11:53 <DIR> d-------- D:\Program Files\WIDCOMM
2007-12-23 11:20 . 2008-01-19 15:32 <DIR> d--h----- D:\WINDOWS\system32\GroupPolicy
2007-12-21 03:42 . 2007-09-24 23:31 69,632 --a------ D:\WINDOWS\system32\javacpl.cpl
2007-12-19 13:16 . 2007-12-19 13:16 34 --a------ D:\WINDOWS\cdplayer.ini
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-10 11:44 300,048 ----a-w D:\WINDOWS\system32\drivers\amon.sys
2008-01-17 23:23 --------- d--h--w D:\Program Files\InstallShield Installation Information
2008-01-17 19:49 --------- d-----w D:\Program Files\Common Files\Wise Installation Wizard
2008-01-07 14:58 --------- d-----w D:\Program Files\Common Files\Ahead
2008-01-04 17:32 --------- d-----w D:\Program Files\Common Files\InstallShield
2008-01-04 17:30 --------- d-----w D:\Program Files\EPSON
2007-12-21 02:42 --------- d-----w D:\Program Files\Java
2007-12-19 19:59 --------- d-----w D:\Program Files\Zdazylyr
2007-12-19 19:59 --------- d-----w D:\Program Files\mnixcned
2007-12-17 17:45 2,542 ----a-w D:\Program Files\1010.exe
2007-12-16 19:29 --------- d-----w D:\Program Files\Common Files\soft602
2007-12-13 20:50 --------- d-----w D:\Program Files\WinFast
2007-12-13 18:12 --------- d-----w D:\Program Files\RosaSOFT
2007-12-13 17:09 --------- d-----w D:\Program Files\PC Connectivity Solution
2007-12-13 17:09 --------- d-----w D:\Program Files\DIFX
2007-12-06 19:55 --------- d-----w D:\Program Files\Common Files\Adobe
2007-11-24 19:51 --------- d-----w D:\Program Files\yzuvizyb
2007-11-24 19:49 --------- d-----w D:\Program Files\Khnidmgk
2007-11-21 01:58 52,224 ----a-w D:\WINDOWS\ipuninst.exe
2007-11-14 08:55 68,096 ----a-w D:\WINDOWS\ScUnin.exe
2007-11-11 15:19 43,520 ----a-w D:\WINDOWS\system32\CmdLineExt03.dll
2007-11-11 15:13 21,840 ----atw D:\WINDOWS\system32\SIntfNT.dll
2007-11-11 15:13 17,212 ----atw D:\WINDOWS\system32\SIntf32.dll
2007-11-11 15:13 12,067 ----atw D:\WINDOWS\system32\SIntf16.dll
2007-10-28 00:05 126,976 ----a-w D:\WINDOWS\War3Unin.exe
2007-10-27 23:24 737,280 ----a-w D:\WINDOWS\iun6002.exe
2007-10-27 19:45 558,142 ----a-w D:\WINDOWS\java\Packages\QLBLFJ7R.ZIP
2007-10-27 19:45 155,995 ----a-w D:\WINDOWS\java\Packages\YX3HB9J3.ZIP
2007-08-28 18:20 10,580 ----a-w D:\Documents and Settings\Marek\FMCodec.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="E:\Programy\superantispyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]
"Skype"="D:\Program Files\Skype\Phone\Skype.exe" [2006-12-11 20:41 25343016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminator"="D:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-01-18 01:07 2776576]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"= 0 (0x0)
"NoMovingBands"= 0 (0x0)
"NoCloseDragDropBands"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= E:\Programy\superantispyware\SASSEH.DLL [2006-12-20 13:55 77824]
R1 fwdrv;Firewall Driver;D:\WINDOWS\System32\drivers\fwdrv.sys [2007-02-20 13:34]
R1 khips;Kerio HIPS Driver;D:\WINDOWS\System32\drivers\khips.sys [2007-02-20 13:34]
R1 sp_rsdrv2;Spyware Terminator Driver 2;D:\WINDOWS\System32\drivers\sp_rsdrv2.sys [2008-01-18 01:09]
R3 PSched;Plánovač paketů technologie QoS;D:\WINDOWS\System32\DRIVERS\psched.sys [2002-08-29 00:35]
.
Contents of the 'Scheduled Tasks' folder
"2008-01-19 14:35:12 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- D:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-19 17:25:19
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: D:\WINDOWS\system32\lsass.exe [5.01.2600.1106]
-> D:\WINDOWS\system32\imon.dll
-> D:\Program Files\Eset\pr_imon.dll
.
Completion time: 2008-01-19 17:29:00 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-19 16:28:46
.
2007-11-04 10:57:04 --- E O F ---
ComboFix 08-01-18.5 - Tata 2008-01-19 16:55:54.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.1.1250.1.1029.18.449 [GMT 1:00]
Running from: D:\Documents and Settings\Tata.TT-HX6RDC4CT3YK\Plocha\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\Program Files\Helper
D:\Program Files\Helper\superfindout.dll
D:\Program Files\License_Manager
D:\Program Files\smss.exe
D:\WINDOWS\764.exe
D:\WINDOWS\7search.dll
D:\WINDOWS\absolute key logger.lnk
D:\WINDOWS\aconti.exe
D:\WINDOWS\aconti.ini
D:\WINDOWS\aconti.log
D:\WINDOWS\aconti.sdb
D:\WINDOWS\acontidialer.txt
D:\WINDOWS\adbar.dll
D:\WINDOWS\cbinst$.exe
D:\WINDOWS\daxtime.dll
D:\WINDOWS\default.htm
D:\WINDOWS\dp0.dll
D:\WINDOWS\eventlowg.dll
D:\WINDOWS\fhfmm-Uninstaller.exe
D:\WINDOWS\fhfmm.exe
D:\WINDOWS\flt.dll
D:\WINDOWS\hcwprn.exe
D:\WINDOWS\hotporn.exe
D:\WINDOWS\ie_32.exe
D:\WINDOWS\iexplorr23.dll
D:\WINDOWS\jd2002.dll
D:\WINDOWS\kkcomp$.exe
D:\WINDOWS\kkcomp.dll
D:\WINDOWS\kkcomp.exe
D:\WINDOWS\kvnab$.exe
D:\WINDOWS\kvnab.dll
D:\WINDOWS\kvnab.exe
D:\WINDOWS\liqad$.exe
D:\WINDOWS\liqad.dll
D:\WINDOWS\liqad.exe
D:\WINDOWS\liqui-Uninstaller.exe
D:\WINDOWS\liqui.dll
D:\WINDOWS\liqui.exe
D:\WINDOWS\ngd.dll
D:\WINDOWS\pbar.dll
D:\WINDOWS\pbsysie.dll
D:\WINDOWS\settn.dll
D:\WINDOWS\spredirect.dll
D:\WINDOWS\system32\vtspn.dll
D:\WINDOWS\system32\xpdx.sys
D:\WINDOWS\trace
D:\WINDOWS\wbeCheck.exe
D:\WINDOWS\wbeInst$.exe
D:\WINDOWS\xadbrk.dll
D:\WINDOWS\xadbrk.exe
D:\WINDOWS\xadbrk_.exe
D:\WINDOWS\xxxvideo.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_NTMLSVC
-------\NtmlSvc
-------\xpdx
((((((((((((((((((((((((( Files Created from 2007-12-19 to 2008-01-19 )))))))))))))))))))))))))))))))
.
2008-01-19 16:53 . 2000-08-31 08:00 51,200 --a------ D:\WINDOWS\NirCmd.exe
2008-01-18 01:09 . 2008-01-18 01:09 138,624 --a------ D:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-01-18 01:08 . 2008-01-18 01:08 <DIR> d-------- D:\Program Files\WinClamAVShield
2008-01-18 01:05 . 2008-01-18 01:06 <DIR> d-------- D:\Program Files\Crawler
2008-01-18 01:04 . 2008-01-19 12:42 <DIR> d-------- D:\Program Files\Spyware Terminator
2008-01-17 20:55 . 2007-10-27 20:40 <DIR> d--h----- D:\Documents and Settings\Administrator\ćablony
2008-01-17 20:55 . 2007-10-27 22:28 <DIR> d-------- D:\Documents and Settings\Administrator\Plocha
2008-01-17 20:55 . 2007-10-27 22:28 <DIR> d--h----- D:\Documents and Settings\Administrator\Okolnˇ tisk rny
2008-01-17 20:55 . 2007-10-27 22:28 <DIR> d--h----- D:\Documents and Settings\Administrator\Okolnˇ sˇś
2008-01-17 20:55 . 2007-10-27 22:28 <DIR> d-------- D:\Documents and Settings\Administrator\Oblˇben‚ polo§ky
2008-01-17 20:55 . 2007-10-27 22:28 <DIR> dr------- D:\Documents and Settings\Administrator\Nabˇdka Start
2008-01-17 20:55 . 2007-10-27 22:28 <DIR> d-------- D:\Documents and Settings\Administrator\Dokumenty
2008-01-17 20:55 . 2008-01-17 21:03 <DIR> dr-h----- D:\Documents and Settings\Administrator\Data aplikacˇ
2008-01-17 20:50 . 2008-01-17 20:50 <DIR> d-------- D:\Program Files\Lavasoft
2008-01-16 21:54 . 2008-01-18 17:00 660 --a------ D:\WINDOWS\system32\drivers\fwdrv.err
2008-01-16 11:29 . 2008-01-16 11:29 36,868 --a------ D:\WINDOWS\system32\wcbepjsq.exe
2008-01-16 11:29 . 2008-01-16 11:29 10,240 --a------ D:\WINDOWS\system32\vjmqfmgy.exe
2008-01-14 01:43 . 2008-01-14 01:43 98,304 --a------ D:\WINDOWS\system32\CmdLineExt.dll
2008-01-14 01:41 . 2006-07-28 09:30 236,824 --a------ D:\WINDOWS\system32\xactengine2_3.dll
2008-01-14 01:41 . 2006-07-28 09:30 62,744 --a------ D:\WINDOWS\system32\xinput1_2.dll
2008-01-13 19:12 . 2007-10-02 11:56 8,337,533 --------- D:\Documents and Settings\MASA\nvu-1.0-cs-CZ.win32.installer.exe
2008-01-13 17:41 . 2008-01-13 17:41 <DIR> d---s---- D:\Documents and Settings\Tata.TT-HX6RDC4CT3YK\UserData
2008-01-07 19:54 . 2008-01-12 12:26 54,156 --ah----- D:\WINDOWS\QTFont.qfn
2008-01-07 19:54 . 2008-01-07 19:54 1,409 --a------ D:\WINDOWS\QTFont.for
2008-01-06 11:34 . 2002-08-29 02:01 134,272 --a------ D:\WINDOWS\system32\drivers\portcls.sys
2008-01-06 11:34 . 2002-08-29 02:01 134,272 --a--c--- D:\WINDOWS\system32\dllcache\portcls.sys
2008-01-06 11:34 . 2002-08-29 01:32 57,856 --a------ D:\WINDOWS\system32\drivers\drmk.sys
2008-01-06 11:34 . 2002-08-29 01:32 57,856 --a--c--- D:\WINDOWS\system32\dllcache\drmk.sys
2008-01-04 18:27 . 2006-12-08 03:04 76,800 --a------ D:\WINDOWS\system32\E_FLBCAE.DLL
2008-01-04 18:27 . 2006-04-19 03:00 62,976 --a------ D:\WINDOWS\system32\E_FD4BCAE.DLL
2008-01-04 18:27 . 2004-09-10 21:12 49,152 --a------ D:\WINDOWS\system32\E_DCINST.DLL
2008-01-04 18:27 . 2002-08-29 01:32 28,160 --a------ D:\WINDOWS\system32\drivers\usbccgp.sys
2008-01-04 18:27 . 2002-08-29 01:32 28,160 --a--c--- D:\WINDOWS\system32\dllcache\usbccgp.sys
2008-01-04 18:27 . 2002-08-29 01:50 24,960 --a------ D:\WINDOWS\system32\drivers\usbprint.sys
2008-01-04 18:27 . 2002-08-29 01:50 24,960 --a--c--- D:\WINDOWS\system32\dllcache\usbprint.sys
2008-01-04 18:24 . 2006-12-28 00:00 208,896 --a------ D:\WINDOWS\system32\esint7e.dll
2008-01-04 18:24 . 2006-12-28 00:00 66,560 --a------ D:\WINDOWS\system32\eswia7e.dll
2008-01-04 18:24 . 2006-03-10 00:00 3,584 --a------ D:\WINDOWS\system32\eswiaml.dll
2008-01-04 18:23 . 2008-01-04 18:23 26 --a------ D:\WINDOWS\CDE DX4400DEFGIPS.ini
2008-01-03 22:03 . 2008-01-19 03:12 861 --a------ D:\WINDOWS\Sof.INI
2008-01-03 20:56 . 2008-01-03 20:56 <DIR> dr------- D:\Documents and Settings\MASA\Nokia Phone Browser
2008-01-03 20:22 . 2008-01-03 20:22 8,192 --a------ D:\WINDOWS\REGULOCS.OLD
2008-01-03 20:21 . 2008-01-03 20:21 <DIR> dr------- D:\Documents and Settings\Tata.TT-HX6RDC4CT3YK\Nokia Phone Browser
2008-01-03 20:16 . 2008-01-06 11:54 <DIR> d-------- D:\Program Files\Nokia
2008-01-03 20:16 . 2008-01-06 11:54 <DIR> d-------- D:\Program Files\Common Files\Nokia
2007-12-27 13:46 . 2007-12-27 13:46 <DIR> d-------- D:\Phenomedia AG
2007-12-27 13:45 . 2007-12-27 13:45 <DIR> d-------- D:\Program Files\Phenomedia AG
2007-12-27 13:45 . 1998-11-17 13:44 328,704 --a------ D:\WINDOWS\IsUn0407.exe
2007-12-27 09:57 . 2007-12-27 09:57 <DIR> d-------- D:\Documents and Settings\Tata.TT-HX6RDC4CT3YK\Phone Browser
2007-12-25 21:33 . 2007-12-25 21:33 137,344 --a------ D:\WINDOWS\system32\drivers\hwpsgt.sys
2007-12-25 21:33 . 2007-12-25 21:33 9,472 --a------ D:\WINDOWS\system32\drivers\lemsgt.sys
2007-12-25 15:34 . 2007-12-25 15:34 <DIR> d-------- D:\Program Files\Yahoo!
2007-12-24 23:01 . 2002-09-20 18:04 150,528 --a------ D:\WINDOWS\system32\ptpusd.dll
2007-12-24 23:01 . 2002-08-29 01:48 14,208 --a------ D:\WINDOWS\system32\drivers\usbscan.sys
2007-12-24 23:01 . 2002-08-29 01:48 14,208 --a--c--- D:\WINDOWS\system32\dllcache\usbscan.sys
2007-12-24 23:01 . 2001-10-24 12:25 5,632 --a------ D:\WINDOWS\system32\ptpusb.dll
2007-12-24 22:53 . 2006-10-25 14:14 5,709,824 -ra------ D:\WINDOWS\system32\NkNEFPlugin.dll
2007-12-24 22:53 . 2003-03-19 13:28 2,179,072 --a------ D:\WINDOWS\system32\mfc71d.dll
2007-12-24 22:53 . 2002-01-06 06:48 974,848 --a------ D:\WINDOWS\system32\mfc70.dll
2007-12-24 22:53 . 2003-03-19 12:04 765,952 --a------ D:\WINDOWS\system32\msvcp71d.dll
2007-12-24 22:53 . 2003-03-19 12:03 544,768 --a------ D:\WINDOWS\system32\msvcr71d.dll
2007-12-24 22:53 . 2003-03-19 13:14 499,712 --a------ D:\WINDOWS\system32\msvcp71.dll
2007-12-24 22:53 . 2002-01-05 20:40 487,424 --a------ D:\WINDOWS\system32\msvcp70.dll
2007-12-24 22:53 . 2003-02-21 21:42 348,160 --a------ D:\WINDOWS\system32\msvcr71.dll
2007-12-24 22:53 . 2002-01-06 05:37 344,064 --a------ D:\WINDOWS\system32\msvcr70.dll
2007-12-24 22:52 . 2007-12-24 22:52 <DIR> d-------- D:\Program Files\Common Files\muvee Technologies
2007-12-24 22:52 . 2005-12-05 13:21 495,616 -ra------ D:\WINDOWS\system32\DRAGNKL1.dll
2007-12-24 22:52 . 2006-08-10 15:35 180,224 -ra------ D:\WINDOWS\system32\Strato4.dll
2007-12-24 22:52 . 2005-12-05 16:13 180,224 -ra------ D:\WINDOWS\system32\picn1120.dll
2007-12-24 22:52 . 2005-12-05 16:13 155,648 -ra------ D:\WINDOWS\system32\picn1020.dll
2007-12-24 22:52 . 2005-12-05 17:24 110,592 -ra------ D:\WINDOWS\system32\RCSigProc.dll
2007-12-24 22:52 . 2005-12-05 17:24 76,800 -ra------ D:\WINDOWS\system32\RedEye.dll
2007-12-24 22:52 . 2005-12-05 16:13 48,128 -ra------ D:\WINDOWS\system32\picn20.dll
2007-12-24 22:46 . 1995-08-01 04:44 212,480 --------- D:\WINDOWS\PCDLIB32.DLL
2007-12-24 22:45 . 2007-12-24 22:53 <DIR> d-------- D:\Program Files\Common Files\Nikon
2007-12-23 18:27 . 2005-05-26 15:34 2,297,552 --a------ D:\WINDOWS\system32\d3dx9_26.dll
2007-12-23 18:10 . 2007-12-23 18:10 1 --a------ D:\WINDOWS\system32\SI.bin
2007-12-23 11:57 . 2007-12-23 11:57 <DIR> d-------- D:\Documents and Settings\Tata.TT-HX6RDC4CT3YK\Bluetooth Software
2007-12-23 11:53 . 2007-12-23 11:53 <DIR> d-------- D:\Program Files\WIDCOMM
2007-12-23 11:20 . 2008-01-19 15:32 <DIR> d--h----- D:\WINDOWS\system32\GroupPolicy
2007-12-21 03:42 . 2007-09-24 23:31 69,632 --a------ D:\WINDOWS\system32\javacpl.cpl
2007-12-19 13:16 . 2007-12-19 13:16 34 --a------ D:\WINDOWS\cdplayer.ini
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-10 11:44 300,048 ----a-w D:\WINDOWS\system32\drivers\amon.sys
2008-01-17 23:23 --------- d--h--w D:\Program Files\InstallShield Installation Information
2008-01-17 19:49 --------- d-----w D:\Program Files\Common Files\Wise Installation Wizard
2008-01-07 14:58 --------- d-----w D:\Program Files\Common Files\Ahead
2008-01-04 17:32 --------- d-----w D:\Program Files\Common Files\InstallShield
2008-01-04 17:30 --------- d-----w D:\Program Files\EPSON
2007-12-21 02:42 --------- d-----w D:\Program Files\Java
2007-12-19 19:59 --------- d-----w D:\Program Files\Zdazylyr
2007-12-19 19:59 --------- d-----w D:\Program Files\mnixcned
2007-12-17 17:45 2,542 ----a-w D:\Program Files\1010.exe
2007-12-16 19:29 --------- d-----w D:\Program Files\Common Files\soft602
2007-12-13 20:50 --------- d-----w D:\Program Files\WinFast
2007-12-13 18:12 --------- d-----w D:\Program Files\RosaSOFT
2007-12-13 17:09 --------- d-----w D:\Program Files\PC Connectivity Solution
2007-12-13 17:09 --------- d-----w D:\Program Files\DIFX
2007-12-06 19:55 --------- d-----w D:\Program Files\Common Files\Adobe
2007-11-24 19:51 --------- d-----w D:\Program Files\yzuvizyb
2007-11-24 19:49 --------- d-----w D:\Program Files\Khnidmgk
2007-11-21 01:58 52,224 ----a-w D:\WINDOWS\ipuninst.exe
2007-11-14 08:55 68,096 ----a-w D:\WINDOWS\ScUnin.exe
2007-11-11 15:19 43,520 ----a-w D:\WINDOWS\system32\CmdLineExt03.dll
2007-11-11 15:13 21,840 ----atw D:\WINDOWS\system32\SIntfNT.dll
2007-11-11 15:13 17,212 ----atw D:\WINDOWS\system32\SIntf32.dll
2007-11-11 15:13 12,067 ----atw D:\WINDOWS\system32\SIntf16.dll
2007-10-28 00:05 126,976 ----a-w D:\WINDOWS\War3Unin.exe
2007-10-27 23:24 737,280 ----a-w D:\WINDOWS\iun6002.exe
2007-10-27 19:45 558,142 ----a-w D:\WINDOWS\java\Packages\QLBLFJ7R.ZIP
2007-10-27 19:45 155,995 ----a-w D:\WINDOWS\java\Packages\YX3HB9J3.ZIP
2007-08-28 18:20 10,580 ----a-w D:\Documents and Settings\Marek\FMCodec.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="E:\Programy\superantispyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]
"Skype"="D:\Program Files\Skype\Phone\Skype.exe" [2006-12-11 20:41 25343016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminator"="D:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-01-18 01:07 2776576]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"= 0 (0x0)
"NoMovingBands"= 0 (0x0)
"NoCloseDragDropBands"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= E:\Programy\superantispyware\SASSEH.DLL [2006-12-20 13:55 77824]
R1 fwdrv;Firewall Driver;D:\WINDOWS\System32\drivers\fwdrv.sys [2007-02-20 13:34]
R1 khips;Kerio HIPS Driver;D:\WINDOWS\System32\drivers\khips.sys [2007-02-20 13:34]
R1 sp_rsdrv2;Spyware Terminator Driver 2;D:\WINDOWS\System32\drivers\sp_rsdrv2.sys [2008-01-18 01:09]
R3 PSched;Plánovač paketů technologie QoS;D:\WINDOWS\System32\DRIVERS\psched.sys [2002-08-29 00:35]
.
Contents of the 'Scheduled Tasks' folder
"2008-01-19 14:35:12 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- D:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-19 17:25:19
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: D:\WINDOWS\system32\lsass.exe [5.01.2600.1106]
-> D:\WINDOWS\system32\imon.dll
-> D:\Program Files\Eset\pr_imon.dll
.
Completion time: 2008-01-19 17:29:00 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-19 16:28:46
.
2007-11-04 10:57:04 --- E O F ---
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
stáhni a použij Avenger http://www.spyware.cz/go.php?p=spyware&t=aplikace&id=35
a tento skript
povol restart,po něm pošli log z avengeru a novej log z hijackthis
a tento skript
Kód: Vybrat vše
Files to delete:
D:\WINDOWS\system32\wcbepjsq.exe
D:\WINDOWS\system32\vjmqfmgy.exe povol restart,po něm pošli log z avengeru a novej log z hijackthis
avenger:
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\awrrltmu
*******************
Script file located at: \??\D:\Documents and Settings\kmwwltpd.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at D:\Avenger
*******************
Beginning to process script file:
File D:\WINDOWS\system32\wcbepjsq.exe deleted successfully.
File D:\WINDOWS\system32\vjmqfmgy.exe deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:58:35, on 19.1.2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
E:\Programy\superantispyware\SUPERAntiSpyware.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\WINDOWS\system32\notepad.exe
D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
D:\Documents and Settings\All Users.WINDOWS\Data aplikací\EPSON\EPW!3 SSRP\E_S40RP7.EXE
F:\Programs\Sunbelt Software\Personal Firewall\kpf4ss.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Program Files\Spyware Terminator\sp_rsser.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
D:\WINDOWS\System32\MsPMSPSv.exe
F:\Programs\Sunbelt Software\Personal Firewall\kpf4gui.exe
F:\Programs\Sunbelt Software\Personal Firewall\kpf4gui.exe
D:\Documents and Settings\Tata.TT-HX6RDC4CT3YK\Plocha\HiJackThis.exe
D:\WINDOWS\System32\wuauclt.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - D:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - D:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [SpywareTerminator] "D:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] E:\Programy\superantispyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://F:\Programs\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - D:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - D:\Documents and Settings\All Users.WINDOWS\Data aplikací\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - F:\Programs\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - D:\Program Files\Eset\nod32krn.exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - D:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 3564 bytes
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\awrrltmu
*******************
Script file located at: \??\D:\Documents and Settings\kmwwltpd.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at D:\Avenger
*******************
Beginning to process script file:
File D:\WINDOWS\system32\wcbepjsq.exe deleted successfully.
File D:\WINDOWS\system32\vjmqfmgy.exe deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:58:35, on 19.1.2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
E:\Programy\superantispyware\SUPERAntiSpyware.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\WINDOWS\system32\notepad.exe
D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
D:\Documents and Settings\All Users.WINDOWS\Data aplikací\EPSON\EPW!3 SSRP\E_S40RP7.EXE
F:\Programs\Sunbelt Software\Personal Firewall\kpf4ss.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Program Files\Spyware Terminator\sp_rsser.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
D:\WINDOWS\System32\MsPMSPSv.exe
F:\Programs\Sunbelt Software\Personal Firewall\kpf4gui.exe
F:\Programs\Sunbelt Software\Personal Firewall\kpf4gui.exe
D:\Documents and Settings\Tata.TT-HX6RDC4CT3YK\Plocha\HiJackThis.exe
D:\WINDOWS\System32\wuauclt.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - D:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - D:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [SpywareTerminator] "D:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] E:\Programy\superantispyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://F:\Programs\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - D:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - D:\Documents and Settings\All Users.WINDOWS\Data aplikací\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - F:\Programs\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - D:\Program Files\Eset\nod32krn.exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - D:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 3564 bytes
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
a za všechny:neni zač Zpět na “Viry, antiviry, firewally…”
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 3 hosti