Prosim vas nemohli by ste mi poradit.
Mam tento isty problem.
Urobila som ako radili predtym.
Tvůj dotaz oddělen a vložen jako samostatný s úpravou názvu. Na původním místě by jej nikdo nenašel. Pic
Tu je
SDFix: Version 1.183
Run by jaroslav zelenak on ne 18.05.2008 at 12:03
Microsoft Windows XP [Verze 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\Documents and Settings\jaroslav zelenak\Oblˇben‚ polo§ky\Error Cleaner.url - Deleted
C:\Documents and Settings\jaroslav zelenak\Plocha\Error Cleaner.url - Deleted
C:\Documents and Settings\jaroslav zelenak\Oblˇben‚ polo§ky\Privacy Protector.url - Deleted
C:\Documents and Settings\jaroslav zelenak\Plocha\Privacy Protector.url - Deleted
C:\Documents and Settings\jaroslav zelenak\Oblˇben‚ polo§ky\Spyware&Malware Protection.url - Deleted
C:\Documents and Settings\jaroslav zelenak\Plocha\Spyware&Malware Protection.url - Deleted
C:\WINDOWS\privacy_danger\index.htm - Deleted
C:\WINDOWS\privacy_danger\images\capt.gif - Deleted
C:\WINDOWS\privacy_danger\images\danger.jpg - Deleted
C:\WINDOWS\privacy_danger\images\down.gif - Deleted
C:\WINDOWS\privacy_danger\images\spacer.gif - Deleted
C:\WINDOWS\rs.txt - Deleted
Folder C:\WINDOWS\privacy_danger - Removed
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1359.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-18 13:48:06
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?é?)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1í?)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Finished!
a tiez
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:56:05, on 18.5.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\CFusionMX\runtime\bin\jrunsvc.exe
C:\CFusionMX\db\slserver52\bin\swagent.exe
C:\CFusionMX\db\slserver52\bin\swstrtr.exe
C:\CFusionMX\runtime\bin\jrun.exe
C:\CFusionMX\db\slserver52\bin\swsoc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Lexmark 3300 Series\lxccmon.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\lxcccoms.exe
C:\Documents and Settings\All Users\Data aplikací\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe
C:\Program Files\Dreamweaver Interface Improver\MdImpr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O3 - Toolbar: gktxaspm - {10B9E92F-421E-44B2-A093-9DE0F3FAB2BC} - C:\WINDOWS\gktxaspm.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [64d3023d] rundll32.exe "C:\WINDOWS\system32\ortmxkdv.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WinSpywareProtect (ver. 5.1)] "C:\Documents and Settings\All Users\Data aplikací\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe" /autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Dreamweaver Interface Improver.lnk = C:\Program Files\Dreamweaver Interface Improver\MdImpr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O21 - SSODL: pxgdslro - {BD3B3058-4AC9-474C-BFED-1E4813AEB25B} - C:\WINDOWS\pxgdslro.dll
O21 - SSODL: gnowmebk - {20FD79DC-38C1-459D-96DD-012C0FF9421E} - C:\WINDOWS\gnowmebk.dll
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ColdFusion MX Application Server - Macromedia Inc. - C:\CFusionMX\runtime\bin\jrunsvc.exe
O23 - Service: ColdFusion MX ODBC Agent - Unknown owner - C:\CFusionMX\db\slserver52\bin\swagent.exe
O23 - Service: ColdFusion MX ODBC Server - Unknown owner - C:\CFusionMX\db\slserver52\bin\swstrtr.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
--
End of file - 4772 bytes
Budem Vam velmi vdacna za kazdu radu.
Prosím pomoc - YOUR PRIVACY IS IN DANGER
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Re: Prosím pomoc - YOUR PRIVACY IS IN DANGER
Vítej na fóru
Stáhni ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Stáhni ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
It may take a while to get a response, because the "HJT Team" are very busy. Please, be patient, these people are volunteers. They will help you out, as soon as possible.
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Re: Prosím pomoc - YOUR PRIVACY IS IN DANGER
ComboFix 08-05-15.3 - jaroslav zelenak 2008-05-18 15:14:46.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.88 [GMT 2:00]
Running from: C:\Documents and Settings\jaroslav zelenak\Plocha\ComboFix.exe
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\jaroslav zelenak\Oblíbené položky\Error Cleaner.url
C:\Documents and Settings\jaroslav zelenak\Oblíbené položky\Privacy Protector.url
C:\Documents and Settings\jaroslav zelenak\Oblíbené položky\Spyware&Malware Protection.url
C:\Documents and Settings\jaroslav zelenak\Plocha\Error Cleaner.url
C:\Documents and Settings\jaroslav zelenak\Plocha\Privacy Protector.url
C:\Documents and Settings\jaroslav zelenak\Plocha\Spyware&Malware Protection.url
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\rs.txt
C:\WINDOWS\system32\fccdbBUL.dll
C:\WINDOWS\system32\LUBbdccf.ini
C:\WINDOWS\system32\LUBbdccf.ini2
C:\WINDOWS\system32\pknudjke.ini
C:\WINDOWS\system32\vdkxmtro.ini
G:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-04-18 to 2008-05-18 )))))))))))))))))))))))))))))))
.
2008-05-18 15:22 . 2008-05-18 15:22 74 ---hs---- C:\WINDOWS\system32\vdkxmtro.ini
2008-05-18 10:17 . 2008-05-18 10:17 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-18 10:14 . 2004-10-07 14:39 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2008-05-18 10:13 . 2008-05-18 11:56 <DIR> d-------- C:\Program Files\SystemErrorFixer
2008-05-18 09:31 . 2008-05-18 09:31 91,264 --a------ C:\WINDOWS\system32\ortmxkdv.dll
2008-05-17 22:54 . 2008-05-17 22:54 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-17 22:37 . 2008-05-18 13:49 <DIR> d-------- C:\SDFix
2008-05-17 22:20 . 2008-05-17 22:41 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-05-17 18:29 . 2008-05-17 18:29 91,264 --------- C:\WINDOWS\system32\ekjdunkp.dll
2008-05-17 18:23 . 2008-05-17 18:23 29,824 --a------ C:\WINDOWS\system32\byXRjjKC.dll
2008-05-17 18:22 . 2008-05-17 13:59 217,088 --a------ C:\WINDOWS\nldfmtapgpv.dll
2008-05-17 18:22 . 2008-05-17 13:59 212,992 --a------ C:\WINDOWS\pxgdslro.dll
2008-05-17 18:22 . 2008-05-17 13:59 176,128 --a------ C:\WINDOWS\gnowmebk.dll
2008-05-17 18:22 . 2008-05-17 13:59 155,648 --a------ C:\WINDOWS\gktxaspm.dll
2008-05-17 18:22 . 2008-05-17 13:59 94,208 --a------ C:\WINDOWS\eova.exe
2008-05-17 18:22 . 2008-05-17 13:59 81,920 --a------ C:\WINDOWS\mdtgkswr.exe
2008-05-16 23:18 . 2008-05-16 23:18 <DIR> d-------- C:\Program Files\Bonjour
2008-05-16 19:51 . 2008-05-16 19:51 <DIR> d-------- C:\WINDOWS\ShellNew
2008-05-16 18:48 . 2008-05-16 18:50 3,260 --a------ C:\WINDOWS\Ascd_tmp.ini
2008-05-16 18:47 . 2003-03-27 09:48 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2008-05-16 18:35 . 2005-07-12 11:33 32,768 --a------ C:\WINDOWS\system32\LXPRMON.DLL
2008-05-16 18:35 . 2005-07-12 11:33 20,480 --a------ C:\WINDOWS\system32\LXPMONUI.DLL
2008-05-16 18:34 . 2008-05-18 09:51 <DIR> d-------- C:\Program Files\Lx_cats
2008-05-16 18:34 . 2008-05-16 18:35 <DIR> d-------- C:\Program Files\Lexmark Fax Solutions
2008-05-16 18:34 . 2003-03-11 19:26 339,968 --a------ C:\WINDOWS\system32\IMGMAN32.DLL
2008-05-16 18:34 . 2003-03-11 19:26 98,345 --a------ C:\WINDOWS\system32\IMHOST32.DLL
2008-05-16 18:34 . 2003-03-11 19:26 98,304 --a------ C:\WINDOWS\system32\IM31XPNG.DEL
2008-05-16 18:34 . 2003-03-11 19:26 69,632 --a------ C:\WINDOWS\system32\IM31XTIF.DEL
2008-05-16 18:34 . 2003-03-11 19:26 49,152 --a------ C:\WINDOWS\system32\IM31IMG.DIL
2008-05-16 18:34 . 2008-05-16 18:36 22,993 --a------ C:\WINDOWS\system32\LexFiles.ulf
2008-05-16 18:34 . 2005-07-12 11:36 12,288 --a------ C:\WINDOWS\system32\LXPMONRC.DLL
2008-05-16 18:33 . 2005-07-27 18:42 1,583 -ra------ C:\WINDOWS\system32\lxcc.loc
2008-05-16 18:31 . 2008-05-16 22:34 <DIR> d-------- C:\Program Files\Lexmark 3300 Series
2008-05-16 18:31 . 2001-10-24 12:25 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
2008-05-16 18:31 . 2001-10-24 12:25 87,040 --a--c--- C:\WINDOWS\system32\dllcache\wiafbdrv.dll
2008-05-16 18:31 . 2005-04-28 08:07 65,536 -ra------ C:\WINDOWS\system32\lxcccfg.dll
2008-05-16 18:31 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-05-16 18:31 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-05-16 18:31 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-05-16 18:31 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-05-16 18:27 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-05-16 18:27 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-05-16 18:27 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-05-16 15:14 . 2008-05-17 22:20 <DIR> d-------- C:\Program Files\Common Files\ACD Systems
2008-05-16 15:13 . 2008-05-16 15:13 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-05-16 14:53 . 2008-05-16 14:53 <DIR> d---s---- C:\Documents and Settings\jaroslav zelenak\UserData
2008-05-16 13:37 . 2008-05-16 13:37 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-05-16 12:40 . 2008-05-16 12:40 <DIR> d-------- C:\Program Files\ESET
2008-05-16 10:49 . 2008-05-16 10:49 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-16 10:45 . 2008-05-16 10:45 <DIR> d-------- C:\Program Files\Opera
2008-05-16 10:45 . 2008-05-18 15:18 <DIR> d-------- C:\Documents and Settings\jaroslav zelenak\Plocha
2008-05-16 10:37 . 2008-05-16 10:37 <DIR> d-------- C:\icons
2008-05-16 10:21 . 2008-05-16 10:21 <DIR> d-------- C:\Program Files\Dreamweaver Interface Improver
2008-05-16 10:20 . 2003-07-30 18:28 974,848 --a------ C:\WINDOWS\system32\mfc70.dll
2008-05-16 10:20 . 2003-07-30 18:28 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll
2008-05-16 10:20 . 2003-07-30 18:28 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2008-05-16 10:07 . 2004-08-17 17:49 1,888,992 --a------ C:\WINDOWS\system32\ati3duag.dll
2008-05-16 10:06 . 2004-08-17 17:49 75,264 --a------ C:\WINDOWS\system32\usbui.dll
2008-05-16 10:05 . 2008-05-16 08:51 <DIR> d--h----- C:\Documents and Settings\Default User\ćablony
2008-05-16 10:05 . 2008-05-16 10:05 <DIR> d-------- C:\Documents and Settings\Default User\Plocha
2008-05-16 10:05 . 2008-05-16 10:05 <DIR> d--h----- C:\Documents and Settings\Default User\Okolnˇ tisk rny
2008-05-16 10:05 . 2008-05-16 10:05 <DIR> d--h----- C:\Documents and Settings\Default User\Okolnˇ sˇś
2008-05-16 10:05 . 2008-05-16 10:05 <DIR> d-------- C:\Documents and Settings\Default User\Oblˇben‚ polo§ky
2008-05-16 10:05 . 2008-05-16 10:05 <DIR> dr------- C:\Documents and Settings\Default User\Nabˇdka Start
2008-05-16 10:05 . 2008-05-16 10:05 <DIR> d-------- C:\Documents and Settings\Default User\Dokumenty
2008-05-16 10:05 . 2008-05-16 10:05 <DIR> d--h----- C:\Documents and Settings\All Users\ćablony
2008-05-16 10:05 . 2008-05-16 19:46 <DIR> d-------- C:\Documents and Settings\All Users\Plocha
2008-05-16 10:05 . 2008-05-16 10:05 <DIR> d-------- C:\Documents and Settings\All Users\Oblˇben‚ polo§ky
2008-05-16 10:05 . 2008-05-16 23:04 <DIR> dr------- C:\Documents and Settings\All Users\Nabˇdka Start
2008-05-16 10:05 . 2008-05-16 23:20 <DIR> dr------- C:\Documents and Settings\All Users\Dokumenty
2008-05-16 10:04 . 2008-05-16 10:05 <DIR> dr-h----- C:\Documents and Settings\Default User\Data aplikacˇ
2008-05-16 10:04 . 2008-05-16 08:55 <DIR> d--h----- C:\Documents and Settings\Default User
2008-05-16 10:04 . 2008-05-17 22:19 <DIR> dr-h----- C:\Documents and Settings\All Users\Data aplikacˇ
2008-05-16 10:04 . 2008-05-16 08:54 <DIR> d-------- C:\Documents and Settings\All Users
2008-05-16 10:04 . 2008-05-16 09:13 <DIR> d-------- C:\Documents and Settings
2008-05-16 10:03 . 2008-05-16 08:58 261 --a------ C:\WINDOWS\system32\$winnt$.inf
2008-05-16 10:01 . 2008-05-16 10:01 <DIR> d-------- C:\Program Files\Common Files\Macromedia Shared
2008-05-16 10:01 . 2008-05-16 10:01 1 --a------ C:\WINDOWS\system32\FlashPaperPrinterPort
2008-05-16 10:00 . 2008-05-18 15:20 21 --a------ C:\qpmd8376.bin
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-16 21:18 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-16 17:46 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-16 08:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-16 08:20 --------- d-----w C:\Program Files\Macromedia
2008-05-16 08:20 --------- d-----w C:\Program Files\Common Files\Macromedia
2008-05-16 07:56 --------- d-----w C:\Program Files\Common Files\InstallShield
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18F4FBD5-CDE8-492C-9365-1912378EECFE}]
2008-05-17 18:23 29824 --a------ C:\WINDOWS\system32\byXRjjKC.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{191BDFC1-2D14-4CC6-8C83-A4A3AF9F99D2}]
2008-05-17 13:59 217088 --a------ C:\WINDOWS\nldfmtapgpv.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{10B9E92F-421E-44B2-A093-9DE0F3FAB2BC}"= "C:\WINDOWS\gktxaspm.dll" [2008-05-17 13:59 155648]
[HKEY_CLASSES_ROOT\clsid\{10b9e92f-421e-44b2-a093-9de0f3fab2bc}]
[HKEY_CLASSES_ROOT\gktxaspm.1]
[HKEY_CLASSES_ROOT\TypeLib\{A998690B-A72F-4E3B-8AA0-BE953DCCEF4B}]
[HKEY_CLASSES_ROOT\gktxaspm]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 16:49 15360]
"WinSpywareProtect (ver. 5.1)"="C:\Documents and Settings\All Users\Data aplikací\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48 1443072]
"LXCCCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2005-07-20 15:44 73728]
"lxccmon.exe"="C:\Program Files\Lexmark 3300 Series\lxccmon.exe" [2005-07-21 02:16 192512]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 11:36 299008]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"64d3023d"="C:\WINDOWS\system32\ortmxkdv.dll" [2008-05-18 09:31 91264]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 16:49 15360]
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{18F4FBD5-CDE8-492C-9365-1912378EECFE}"= C:\WINDOWS\system32\byXRjjKC.dll [2008-05-17 18:23 29824]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"pxgdslro"= {BD3B3058-4AC9-474C-BFED-1E4813AEB25B} - C:\WINDOWS\pxgdslro.dll [2008-05-17 13:59 212992]
"gnowmebk"= {20FD79DC-38C1-459D-96DD-012C0FF9421E} - C:\WINDOWS\gnowmebk.dll [2008-05-17 13:59 176128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byXRjjKC]
byXRjjKC.dll 2008-05-17 18:23 29824 C:\WINDOWS\system32\byXRjjKC.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]
R2 ColdFusion MX ODBC Agent;ColdFusion MX ODBC Agent;C:\CFusionMX\db\slserver52\bin\swagent.exe "ColdFusion MX ODBC Agent" []
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 00:04]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\setup.EXE /AUTORUN
\Shell\configure\command - F:\setup.EXE
\Shell\install\command - F:\setup.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\wd_windows_tools\setup.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-18 15:20:27
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\byXRjjKC.dll
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\ortmxkdv.dll
-> C:\WINDOWS\system32\xxyayAPF.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Bonjour\mDNSResponder.exe
C:\CFusionMX\runtime\bin\jrunsvc.exe
C:\CFusionMX\runtime\bin\jrun.exe
C:\CFusionMX\db\slserver52\bin\swstrtr.exe
C:\CFusionMX\db\slserver52\bin\swsoc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\lxcccoms.exe
C:\Program Files\Dreamweaver Interface Improver\MdImpr.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-05-18 15:26:15 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-18 13:25:17
Adresářů: 10, Volných bajtů: 16,495,939,584
Adres ý…: 12, Volněch bajt…: 16,487,481,344
209
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.88 [GMT 2:00]
Running from: C:\Documents and Settings\jaroslav zelenak\Plocha\ComboFix.exe
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\jaroslav zelenak\Oblíbené položky\Error Cleaner.url
C:\Documents and Settings\jaroslav zelenak\Oblíbené položky\Privacy Protector.url
C:\Documents and Settings\jaroslav zelenak\Oblíbené položky\Spyware&Malware Protection.url
C:\Documents and Settings\jaroslav zelenak\Plocha\Error Cleaner.url
C:\Documents and Settings\jaroslav zelenak\Plocha\Privacy Protector.url
C:\Documents and Settings\jaroslav zelenak\Plocha\Spyware&Malware Protection.url
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\rs.txt
C:\WINDOWS\system32\fccdbBUL.dll
C:\WINDOWS\system32\LUBbdccf.ini
C:\WINDOWS\system32\LUBbdccf.ini2
C:\WINDOWS\system32\pknudjke.ini
C:\WINDOWS\system32\vdkxmtro.ini
G:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-04-18 to 2008-05-18 )))))))))))))))))))))))))))))))
.
2008-05-18 15:22 . 2008-05-18 15:22 74 ---hs---- C:\WINDOWS\system32\vdkxmtro.ini
2008-05-18 10:17 . 2008-05-18 10:17 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-18 10:14 . 2004-10-07 14:39 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2008-05-18 10:13 . 2008-05-18 11:56 <DIR> d-------- C:\Program Files\SystemErrorFixer
2008-05-18 09:31 . 2008-05-18 09:31 91,264 --a------ C:\WINDOWS\system32\ortmxkdv.dll
2008-05-17 22:54 . 2008-05-17 22:54 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-17 22:37 . 2008-05-18 13:49 <DIR> d-------- C:\SDFix
2008-05-17 22:20 . 2008-05-17 22:41 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-05-17 18:29 . 2008-05-17 18:29 91,264 --------- C:\WINDOWS\system32\ekjdunkp.dll
2008-05-17 18:23 . 2008-05-17 18:23 29,824 --a------ C:\WINDOWS\system32\byXRjjKC.dll
2008-05-17 18:22 . 2008-05-17 13:59 217,088 --a------ C:\WINDOWS\nldfmtapgpv.dll
2008-05-17 18:22 . 2008-05-17 13:59 212,992 --a------ C:\WINDOWS\pxgdslro.dll
2008-05-17 18:22 . 2008-05-17 13:59 176,128 --a------ C:\WINDOWS\gnowmebk.dll
2008-05-17 18:22 . 2008-05-17 13:59 155,648 --a------ C:\WINDOWS\gktxaspm.dll
2008-05-17 18:22 . 2008-05-17 13:59 94,208 --a------ C:\WINDOWS\eova.exe
2008-05-17 18:22 . 2008-05-17 13:59 81,920 --a------ C:\WINDOWS\mdtgkswr.exe
2008-05-16 23:18 . 2008-05-16 23:18 <DIR> d-------- C:\Program Files\Bonjour
2008-05-16 19:51 . 2008-05-16 19:51 <DIR> d-------- C:\WINDOWS\ShellNew
2008-05-16 18:48 . 2008-05-16 18:50 3,260 --a------ C:\WINDOWS\Ascd_tmp.ini
2008-05-16 18:47 . 2003-03-27 09:48 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2008-05-16 18:35 . 2005-07-12 11:33 32,768 --a------ C:\WINDOWS\system32\LXPRMON.DLL
2008-05-16 18:35 . 2005-07-12 11:33 20,480 --a------ C:\WINDOWS\system32\LXPMONUI.DLL
2008-05-16 18:34 . 2008-05-18 09:51 <DIR> d-------- C:\Program Files\Lx_cats
2008-05-16 18:34 . 2008-05-16 18:35 <DIR> d-------- C:\Program Files\Lexmark Fax Solutions
2008-05-16 18:34 . 2003-03-11 19:26 339,968 --a------ C:\WINDOWS\system32\IMGMAN32.DLL
2008-05-16 18:34 . 2003-03-11 19:26 98,345 --a------ C:\WINDOWS\system32\IMHOST32.DLL
2008-05-16 18:34 . 2003-03-11 19:26 98,304 --a------ C:\WINDOWS\system32\IM31XPNG.DEL
2008-05-16 18:34 . 2003-03-11 19:26 69,632 --a------ C:\WINDOWS\system32\IM31XTIF.DEL
2008-05-16 18:34 . 2003-03-11 19:26 49,152 --a------ C:\WINDOWS\system32\IM31IMG.DIL
2008-05-16 18:34 . 2008-05-16 18:36 22,993 --a------ C:\WINDOWS\system32\LexFiles.ulf
2008-05-16 18:34 . 2005-07-12 11:36 12,288 --a------ C:\WINDOWS\system32\LXPMONRC.DLL
2008-05-16 18:33 . 2005-07-27 18:42 1,583 -ra------ C:\WINDOWS\system32\lxcc.loc
2008-05-16 18:31 . 2008-05-16 22:34 <DIR> d-------- C:\Program Files\Lexmark 3300 Series
2008-05-16 18:31 . 2001-10-24 12:25 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
2008-05-16 18:31 . 2001-10-24 12:25 87,040 --a--c--- C:\WINDOWS\system32\dllcache\wiafbdrv.dll
2008-05-16 18:31 . 2005-04-28 08:07 65,536 -ra------ C:\WINDOWS\system32\lxcccfg.dll
2008-05-16 18:31 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-05-16 18:31 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-05-16 18:31 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-05-16 18:31 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-05-16 18:27 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-05-16 18:27 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-05-16 18:27 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-05-16 15:14 . 2008-05-17 22:20 <DIR> d-------- C:\Program Files\Common Files\ACD Systems
2008-05-16 15:13 . 2008-05-16 15:13 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-05-16 14:53 . 2008-05-16 14:53 <DIR> d---s---- C:\Documents and Settings\jaroslav zelenak\UserData
2008-05-16 13:37 . 2008-05-16 13:37 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-05-16 12:40 . 2008-05-16 12:40 <DIR> d-------- C:\Program Files\ESET
2008-05-16 10:49 . 2008-05-16 10:49 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-16 10:45 . 2008-05-16 10:45 <DIR> d-------- C:\Program Files\Opera
2008-05-16 10:45 . 2008-05-18 15:18 <DIR> d-------- C:\Documents and Settings\jaroslav zelenak\Plocha
2008-05-16 10:37 . 2008-05-16 10:37 <DIR> d-------- C:\icons
2008-05-16 10:21 . 2008-05-16 10:21 <DIR> d-------- C:\Program Files\Dreamweaver Interface Improver
2008-05-16 10:20 . 2003-07-30 18:28 974,848 --a------ C:\WINDOWS\system32\mfc70.dll
2008-05-16 10:20 . 2003-07-30 18:28 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll
2008-05-16 10:20 . 2003-07-30 18:28 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2008-05-16 10:07 . 2004-08-17 17:49 1,888,992 --a------ C:\WINDOWS\system32\ati3duag.dll
2008-05-16 10:06 . 2004-08-17 17:49 75,264 --a------ C:\WINDOWS\system32\usbui.dll
2008-05-16 10:05 . 2008-05-16 08:51 <DIR> d--h----- C:\Documents and Settings\Default User\ćablony
2008-05-16 10:05 . 2008-05-16 10:05 <DIR> d-------- C:\Documents and Settings\Default User\Plocha
2008-05-16 10:05 . 2008-05-16 10:05 <DIR> d--h----- C:\Documents and Settings\Default User\Okolnˇ tisk rny
2008-05-16 10:05 . 2008-05-16 10:05 <DIR> d--h----- C:\Documents and Settings\Default User\Okolnˇ sˇś
2008-05-16 10:05 . 2008-05-16 10:05 <DIR> d-------- C:\Documents and Settings\Default User\Oblˇben‚ polo§ky
2008-05-16 10:05 . 2008-05-16 10:05 <DIR> dr------- C:\Documents and Settings\Default User\Nabˇdka Start
2008-05-16 10:05 . 2008-05-16 10:05 <DIR> d-------- C:\Documents and Settings\Default User\Dokumenty
2008-05-16 10:05 . 2008-05-16 10:05 <DIR> d--h----- C:\Documents and Settings\All Users\ćablony
2008-05-16 10:05 . 2008-05-16 19:46 <DIR> d-------- C:\Documents and Settings\All Users\Plocha
2008-05-16 10:05 . 2008-05-16 10:05 <DIR> d-------- C:\Documents and Settings\All Users\Oblˇben‚ polo§ky
2008-05-16 10:05 . 2008-05-16 23:04 <DIR> dr------- C:\Documents and Settings\All Users\Nabˇdka Start
2008-05-16 10:05 . 2008-05-16 23:20 <DIR> dr------- C:\Documents and Settings\All Users\Dokumenty
2008-05-16 10:04 . 2008-05-16 10:05 <DIR> dr-h----- C:\Documents and Settings\Default User\Data aplikacˇ
2008-05-16 10:04 . 2008-05-16 08:55 <DIR> d--h----- C:\Documents and Settings\Default User
2008-05-16 10:04 . 2008-05-17 22:19 <DIR> dr-h----- C:\Documents and Settings\All Users\Data aplikacˇ
2008-05-16 10:04 . 2008-05-16 08:54 <DIR> d-------- C:\Documents and Settings\All Users
2008-05-16 10:04 . 2008-05-16 09:13 <DIR> d-------- C:\Documents and Settings
2008-05-16 10:03 . 2008-05-16 08:58 261 --a------ C:\WINDOWS\system32\$winnt$.inf
2008-05-16 10:01 . 2008-05-16 10:01 <DIR> d-------- C:\Program Files\Common Files\Macromedia Shared
2008-05-16 10:01 . 2008-05-16 10:01 1 --a------ C:\WINDOWS\system32\FlashPaperPrinterPort
2008-05-16 10:00 . 2008-05-18 15:20 21 --a------ C:\qpmd8376.bin
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-16 21:18 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-16 17:46 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-16 08:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-16 08:20 --------- d-----w C:\Program Files\Macromedia
2008-05-16 08:20 --------- d-----w C:\Program Files\Common Files\Macromedia
2008-05-16 07:56 --------- d-----w C:\Program Files\Common Files\InstallShield
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18F4FBD5-CDE8-492C-9365-1912378EECFE}]
2008-05-17 18:23 29824 --a------ C:\WINDOWS\system32\byXRjjKC.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{191BDFC1-2D14-4CC6-8C83-A4A3AF9F99D2}]
2008-05-17 13:59 217088 --a------ C:\WINDOWS\nldfmtapgpv.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{10B9E92F-421E-44B2-A093-9DE0F3FAB2BC}"= "C:\WINDOWS\gktxaspm.dll" [2008-05-17 13:59 155648]
[HKEY_CLASSES_ROOT\clsid\{10b9e92f-421e-44b2-a093-9de0f3fab2bc}]
[HKEY_CLASSES_ROOT\gktxaspm.1]
[HKEY_CLASSES_ROOT\TypeLib\{A998690B-A72F-4E3B-8AA0-BE953DCCEF4B}]
[HKEY_CLASSES_ROOT\gktxaspm]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 16:49 15360]
"WinSpywareProtect (ver. 5.1)"="C:\Documents and Settings\All Users\Data aplikací\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48 1443072]
"LXCCCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2005-07-20 15:44 73728]
"lxccmon.exe"="C:\Program Files\Lexmark 3300 Series\lxccmon.exe" [2005-07-21 02:16 192512]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 11:36 299008]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"64d3023d"="C:\WINDOWS\system32\ortmxkdv.dll" [2008-05-18 09:31 91264]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 16:49 15360]
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{18F4FBD5-CDE8-492C-9365-1912378EECFE}"= C:\WINDOWS\system32\byXRjjKC.dll [2008-05-17 18:23 29824]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"pxgdslro"= {BD3B3058-4AC9-474C-BFED-1E4813AEB25B} - C:\WINDOWS\pxgdslro.dll [2008-05-17 13:59 212992]
"gnowmebk"= {20FD79DC-38C1-459D-96DD-012C0FF9421E} - C:\WINDOWS\gnowmebk.dll [2008-05-17 13:59 176128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byXRjjKC]
byXRjjKC.dll 2008-05-17 18:23 29824 C:\WINDOWS\system32\byXRjjKC.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]
R2 ColdFusion MX ODBC Agent;ColdFusion MX ODBC Agent;C:\CFusionMX\db\slserver52\bin\swagent.exe "ColdFusion MX ODBC Agent" []
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 00:04]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\setup.EXE /AUTORUN
\Shell\configure\command - F:\setup.EXE
\Shell\install\command - F:\setup.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\wd_windows_tools\setup.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-18 15:20:27
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\byXRjjKC.dll
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\ortmxkdv.dll
-> C:\WINDOWS\system32\xxyayAPF.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Bonjour\mDNSResponder.exe
C:\CFusionMX\runtime\bin\jrunsvc.exe
C:\CFusionMX\runtime\bin\jrun.exe
C:\CFusionMX\db\slserver52\bin\swstrtr.exe
C:\CFusionMX\db\slserver52\bin\swsoc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\lxcccoms.exe
C:\Program Files\Dreamweaver Interface Improver\MdImpr.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-05-18 15:26:15 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-18 13:25:17
Adresářů: 10, Volných bajtů: 16,495,939,584
Adres ý…: 12, Volněch bajt…: 16,487,481,344
209
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Re: Prosím pomoc - YOUR PRIVACY IS IN DANGER
Odinstaluj přes Přidat nebo odebrat programy pokud tam bude:
SystemErrorFixer
Spusť znovu HijackThis a zaškrtni v něm okéno před řádkem:
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
po zaškrtnutí klikni na tlačítko Fix Checked
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť
- Automaticky se spustí ComboFix (Pc se ti pak restartuje tak se nelekni)
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
SystemErrorFixer
Spusť znovu HijackThis a zaškrtni v něm okéno před řádkem:
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
po zaškrtnutí klikni na tlačítko Fix Checked
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
KillAll::
File::
C:\WINDOWS\system32\vdkxmtro.ini
C:\WINDOWS\system32\ortmxkdv.dll
C:\WINDOWS\system32\ekjdunkp.dll
C:\WINDOWS\system32\byXRjjKC.dll
C:\WINDOWS\nldfmtapgpv.dll
C:\WINDOWS\pxgdslro.dll
C:\WINDOWS\gnowmebk.dll
C:\WINDOWS\gktxaspm.dll
C:\WINDOWS\eova.exe
C:\WINDOWS\mdtgkswr.exe
C:\qpmd8376.bin
C:\WINDOWS\system32\xxyayAPF.dll
Folder::
C:\Program Files\SystemErrorFixer
C:\Program Files\Common Files\SystemErrorFixer
C:\Documents and Settings\All Users\Data aplikací\Adsl Software Limited\WinSpywareProtect
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18F4FBD5-CDE8-492C-9365-1912378EECFE}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{191BDFC1-2D14-4CC6-8C83-A4A3AF9F99D2}]
[-HKEY_CLASSES_ROOT\clsid\{10b9e92f-421e-44b2-a093-9de0f3fab2bc}]
[-HKEY_CLASSES_ROOT\gktxaspm.1]
[-HKEY_CLASSES_ROOT\TypeLib\{A998690B-A72F-4E3B-8AA0-BE953DCCEF4B}]
[-HKEY_CLASSES_ROOT\gktxaspm]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{10B9E92F-421E-44B2-A093-9DE0F3FAB2BC}"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinSpywareProtect (ver. 5.1)"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"64d3023d"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{18F4FBD5-CDE8-492C-9365-1912378EECFE}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"pxgdslro"=-
"gnowmebk"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byXRjjKC]Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť
- Automaticky se spustí ComboFix (Pc se ti pak restartuje tak se nelekni)
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
It may take a while to get a response, because the "HJT Team" are very busy. Please, be patient, these people are volunteers. They will help you out, as soon as possible.
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Re: Prosím pomoc - YOUR PRIVACY IS IN DANGER
ComboFix 08-05-15.3 - jaroslav zelenak 2008-05-18 18:14:36.3 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.99 [GMT 2:00]
Running from: C:\Documents and Settings\jaroslav zelenak\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\jaroslav zelenak\Plocha\CFScript.txt
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\qpmd8376.bin
C:\WINDOWS\eova.exe
C:\WINDOWS\gktxaspm.dll
C:\WINDOWS\gnowmebk.dll
C:\WINDOWS\mdtgkswr.exe
C:\WINDOWS\nldfmtapgpv.dll
C:\WINDOWS\pxgdslro.dll
C:\WINDOWS\system32\byXRjjKC.dll
C:\WINDOWS\system32\ekjdunkp.dll
C:\WINDOWS\system32\ortmxkdv.dll
C:\WINDOWS\system32\vdkxmtro.ini
C:\WINDOWS\system32\xxyayAPF.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\qpmd8376.bin
.
((((((((((((((((((((((((( Files Created from 2008-04-18 to 2008-05-18 )))))))))))))))))))))))))))))))
.
2008-05-18 15:27 . 2008-05-18 15:27 90,752 --a------ C:\WINDOWS\system32\wtptjetj.dll
2008-05-18 10:17 . 2008-05-18 10:17 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-18 10:14 . 2004-10-07 14:39 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2008-05-17 22:54 . 2008-05-17 22:54 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-17 22:37 . 2008-05-18 13:49 <DIR> d-------- C:\SDFix
2008-05-17 22:20 . 2008-05-17 22:41 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-05-16 23:18 . 2008-05-16 23:18 <DIR> d-------- C:\Program Files\Bonjour
2008-05-16 19:51 . 2008-05-16 19:51 <DIR> d-------- C:\WINDOWS\ShellNew
2008-05-16 18:48 . 2008-05-16 18:50 3,260 --a------ C:\WINDOWS\Ascd_tmp.ini
2008-05-16 18:47 . 2003-03-27 09:48 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2008-05-16 18:35 . 2005-07-12 11:33 32,768 --a------ C:\WINDOWS\system32\LXPRMON.DLL
2008-05-16 18:35 . 2005-07-12 11:33 20,480 --a------ C:\WINDOWS\system32\LXPMONUI.DLL
2008-05-16 18:34 . 2008-05-18 09:51 <DIR> d-------- C:\Program Files\Lx_cats
2008-05-16 18:34 . 2008-05-16 18:35 <DIR> d-------- C:\Program Files\Lexmark Fax Solutions
2008-05-16 18:34 . 2003-03-11 19:26 339,968 --a------ C:\WINDOWS\system32\IMGMAN32.DLL
2008-05-16 18:34 . 2003-03-11 19:26 98,345 --a------ C:\WINDOWS\system32\IMHOST32.DLL
2008-05-16 18:34 . 2003-03-11 19:26 98,304 --a------ C:\WINDOWS\system32\IM31XPNG.DEL
2008-05-16 18:34 . 2003-03-11 19:26 69,632 --a------ C:\WINDOWS\system32\IM31XTIF.DEL
2008-05-16 18:34 . 2003-03-11 19:26 49,152 --a------ C:\WINDOWS\system32\IM31IMG.DIL
2008-05-16 18:34 . 2008-05-16 18:36 22,993 --a------ C:\WINDOWS\system32\LexFiles.ulf
2008-05-16 18:34 . 2005-07-12 11:36 12,288 --a------ C:\WINDOWS\system32\LXPMONRC.DLL
2008-05-16 18:33 . 2005-07-27 18:42 1,583 -ra------ C:\WINDOWS\system32\lxcc.loc
2008-05-16 18:31 . 2008-05-16 22:34 <DIR> d-------- C:\Program Files\Lexmark 3300 Series
2008-05-16 18:31 . 2001-10-24 12:25 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
2008-05-16 18:31 . 2001-10-24 12:25 87,040 --a--c--- C:\WINDOWS\system32\dllcache\wiafbdrv.dll
2008-05-16 18:31 . 2005-04-28 08:07 65,536 -ra------ C:\WINDOWS\system32\lxcccfg.dll
2008-05-16 18:31 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-05-16 18:31 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-05-16 18:31 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-05-16 18:31 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-05-16 18:27 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-05-16 18:27 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-05-16 18:27 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-05-16 15:14 . 2008-05-17 22:20 <DIR> d-------- C:\Program Files\Common Files\ACD Systems
2008-05-16 15:13 . 2008-05-16 15:13 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-05-16 14:53 . 2008-05-16 14:53 <DIR> d---s---- C:\Documents and Settings\jaroslav zelenak\UserData
2008-05-16 13:37 . 2008-05-16 13:37 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-05-16 12:40 . 2008-05-16 12:40 <DIR> d-------- C:\Program Files\ESET
2008-05-16 10:49 . 2008-05-16 10:49 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-16 10:45 . 2008-05-16 10:45 <DIR> d-------- C:\Program Files\Opera
2008-05-16 10:45 . 2008-05-18 18:14 <DIR> d-------- C:\Documents and Settings\jaroslav zelenak\Plocha
2008-05-16 10:37 . 2008-05-16 10:37 <DIR> d-------- C:\icons
2008-05-16 10:21 . 2008-05-16 10:21 <DIR> d-------- C:\Program Files\Dreamweaver Interface Improver
2008-05-16 10:20 . 2003-07-30 18:28 974,848 --a------ C:\WINDOWS\system32\mfc70.dll
2008-05-16 10:20 . 2003-07-30 18:28 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll
2008-05-16 10:20 . 2003-07-30 18:28 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2008-05-16 10:07 . 2004-08-17 17:49 1,888,992 --a------ C:\WINDOWS\system32\ati3duag.dll
2008-05-16 10:06 . 2004-08-17 17:49 75,264 --a------ C:\WINDOWS\system32\usbui.dll
2008-05-16 10:05 . 2008-05-16 08:51 <DIR> d--h----- C:\Documents and Settings\Default User\ćablony
2008-05-16 10:05 . 2008-05-16 10:05 <DIR> d-------- C:\Documents and Settings\Default User\Plocha
2008-05-16 10:05 . 2008-05-16 10:05 <DIR> d--h----- C:\Documents and Settings\Default User\Okolnˇ tisk rny
2008-05-16 10:05 . 2008-05-16 10:05 <DIR> d--h----- C:\Documents and Settings\Default User\Okolnˇ sˇś
2008-05-16 10:05 . 2008-05-16 10:05 <DIR> d-------- C:\Documents and Settings\Default User\Oblˇben‚ polo§ky
2008-05-16 10:05 . 2008-05-16 10:05 <DIR> dr------- C:\Documents and Settings\Default User\Nabˇdka Start
2008-05-16 10:05 . 2008-05-16 10:05 <DIR> d-------- C:\Documents and Settings\Default User\Dokumenty
2008-05-16 10:05 . 2008-05-16 10:05 <DIR> d--h----- C:\Documents and Settings\All Users\ćablony
2008-05-16 10:05 . 2008-05-16 19:46 <DIR> d-------- C:\Documents and Settings\All Users\Plocha
2008-05-16 10:05 . 2008-05-16 10:05 <DIR> d-------- C:\Documents and Settings\All Users\Oblˇben‚ polo§ky
2008-05-16 10:05 . 2008-05-16 23:04 <DIR> dr------- C:\Documents and Settings\All Users\Nabˇdka Start
2008-05-16 10:05 . 2008-05-16 23:20 <DIR> dr------- C:\Documents and Settings\All Users\Dokumenty
2008-05-16 10:04 . 2008-05-16 10:05 <DIR> dr-h----- C:\Documents and Settings\Default User\Data aplikacˇ
2008-05-16 10:04 . 2008-05-16 08:55 <DIR> d--h----- C:\Documents and Settings\Default User
2008-05-16 10:04 . 2008-05-17 22:19 <DIR> dr-h----- C:\Documents and Settings\All Users\Data aplikacˇ
2008-05-16 10:04 . 2008-05-16 08:54 <DIR> d-------- C:\Documents and Settings\All Users
2008-05-16 10:04 . 2008-05-16 09:13 <DIR> d-------- C:\Documents and Settings
2008-05-16 10:03 . 2008-05-16 08:58 261 --a------ C:\WINDOWS\system32\$winnt$.inf
2008-05-16 10:01 . 2008-05-16 10:01 <DIR> d-------- C:\Program Files\Common Files\Macromedia Shared
2008-05-16 10:01 . 2008-05-16 10:01 1 --a------ C:\WINDOWS\system32\FlashPaperPrinterPort
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-16 21:18 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-16 17:46 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-16 08:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-16 08:20 --------- d-----w C:\Program Files\Macromedia
2008-05-16 08:20 --------- d-----w C:\Program Files\Common Files\Macromedia
2008-05-16 07:56 --------- d-----w C:\Program Files\Common Files\InstallShield
.
((((((((((((((((((((((((((((( snapshot_2008-05-18_18.08.56.00 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-18 16:03:52 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-18 16:17:18 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2004-08-17 14:49:22 36,864 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll
+ 2007-07-30 17:18:40 33,624 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 16:49 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48 1443072]
"LXCCCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2005-07-20 15:44 73728]
"lxccmon.exe"="C:\Program Files\Lexmark 3300 Series\lxccmon.exe" [2005-07-21 02:16 192512]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 11:36 299008]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 16:49 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]
R2 ColdFusion MX ODBC Agent;ColdFusion MX ODBC Agent;C:\CFusionMX\db\slserver52\bin\swagent.exe "ColdFusion MX ODBC Agent" []
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 00:04]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\setup.EXE /AUTORUN
\Shell\configure\command - F:\setup.EXE
\Shell\install\command - F:\setup.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\wd_windows_tools\setup.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-18 18:17:40
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Dreamweaver Interface Improver\MdImpr.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\CFusionMX\runtime\bin\jrunsvc.exe
C:\CFusionMX\runtime\bin\jrun.exe
C:\CFusionMX\db\slserver52\bin\swstrtr.exe
C:\CFusionMX\db\slserver52\bin\swsoc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\lxcccoms.exe
.
**************************************************************************
.
Completion time: 2008-05-18 18:23:18 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-18 16:22:29
ComboFix2.txt 2008-05-18 16:10:00
ComboFix3.txt 2008-05-18 13:26:17
Adresářů: 10, Volných bajtů: 16,490,586,112
Adres ý…: 11, Volněch bajt…: 16,453,709,824
172
......................................................................................................................................
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:23:48, on 18.5.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Lexmark 3300 Series\lxccmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dreamweaver Interface Improver\MdImpr.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\CFusionMX\runtime\bin\jrunsvc.exe
C:\CFusionMX\db\slserver52\bin\swagent.exe
C:\CFusionMX\runtime\bin\jrun.exe
C:\CFusionMX\db\slserver52\bin\swstrtr.exe
C:\CFusionMX\db\slserver52\bin\swsoc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\lxcccoms.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Dreamweaver Interface Improver.lnk = C:\Program Files\Dreamweaver Interface Improver\MdImpr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ColdFusion MX Application Server - Macromedia Inc. - C:\CFusionMX\runtime\bin\jrunsvc.exe
O23 - Service: ColdFusion MX ODBC Agent - Unknown owner - C:\CFusionMX\db\slserver52\bin\swagent.exe
O23 - Service: ColdFusion MX ODBC Server - Unknown owner - C:\CFusionMX\db\slserver52\bin\swstrtr.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
--
End of file - 4472 bytes
Som ti hrozne vdacna, ze si taky ochotny
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.99 [GMT 2:00]
Running from: C:\Documents and Settings\jaroslav zelenak\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\jaroslav zelenak\Plocha\CFScript.txt
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\qpmd8376.bin
C:\WINDOWS\eova.exe
C:\WINDOWS\gktxaspm.dll
C:\WINDOWS\gnowmebk.dll
C:\WINDOWS\mdtgkswr.exe
C:\WINDOWS\nldfmtapgpv.dll
C:\WINDOWS\pxgdslro.dll
C:\WINDOWS\system32\byXRjjKC.dll
C:\WINDOWS\system32\ekjdunkp.dll
C:\WINDOWS\system32\ortmxkdv.dll
C:\WINDOWS\system32\vdkxmtro.ini
C:\WINDOWS\system32\xxyayAPF.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\qpmd8376.bin
.
((((((((((((((((((((((((( Files Created from 2008-04-18 to 2008-05-18 )))))))))))))))))))))))))))))))
.
2008-05-18 15:27 . 2008-05-18 15:27 90,752 --a------ C:\WINDOWS\system32\wtptjetj.dll
2008-05-18 10:17 . 2008-05-18 10:17 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-18 10:14 . 2004-10-07 14:39 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2008-05-17 22:54 . 2008-05-17 22:54 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-17 22:37 . 2008-05-18 13:49 <DIR> d-------- C:\SDFix
2008-05-17 22:20 . 2008-05-17 22:41 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-05-16 23:18 . 2008-05-16 23:18 <DIR> d-------- C:\Program Files\Bonjour
2008-05-16 19:51 . 2008-05-16 19:51 <DIR> d-------- C:\WINDOWS\ShellNew
2008-05-16 18:48 . 2008-05-16 18:50 3,260 --a------ C:\WINDOWS\Ascd_tmp.ini
2008-05-16 18:47 . 2003-03-27 09:48 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2008-05-16 18:35 . 2005-07-12 11:33 32,768 --a------ C:\WINDOWS\system32\LXPRMON.DLL
2008-05-16 18:35 . 2005-07-12 11:33 20,480 --a------ C:\WINDOWS\system32\LXPMONUI.DLL
2008-05-16 18:34 . 2008-05-18 09:51 <DIR> d-------- C:\Program Files\Lx_cats
2008-05-16 18:34 . 2008-05-16 18:35 <DIR> d-------- C:\Program Files\Lexmark Fax Solutions
2008-05-16 18:34 . 2003-03-11 19:26 339,968 --a------ C:\WINDOWS\system32\IMGMAN32.DLL
2008-05-16 18:34 . 2003-03-11 19:26 98,345 --a------ C:\WINDOWS\system32\IMHOST32.DLL
2008-05-16 18:34 . 2003-03-11 19:26 98,304 --a------ C:\WINDOWS\system32\IM31XPNG.DEL
2008-05-16 18:34 . 2003-03-11 19:26 69,632 --a------ C:\WINDOWS\system32\IM31XTIF.DEL
2008-05-16 18:34 . 2003-03-11 19:26 49,152 --a------ C:\WINDOWS\system32\IM31IMG.DIL
2008-05-16 18:34 . 2008-05-16 18:36 22,993 --a------ C:\WINDOWS\system32\LexFiles.ulf
2008-05-16 18:34 . 2005-07-12 11:36 12,288 --a------ C:\WINDOWS\system32\LXPMONRC.DLL
2008-05-16 18:33 . 2005-07-27 18:42 1,583 -ra------ C:\WINDOWS\system32\lxcc.loc
2008-05-16 18:31 . 2008-05-16 22:34 <DIR> d-------- C:\Program Files\Lexmark 3300 Series
2008-05-16 18:31 . 2001-10-24 12:25 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
2008-05-16 18:31 . 2001-10-24 12:25 87,040 --a--c--- C:\WINDOWS\system32\dllcache\wiafbdrv.dll
2008-05-16 18:31 . 2005-04-28 08:07 65,536 -ra------ C:\WINDOWS\system32\lxcccfg.dll
2008-05-16 18:31 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-05-16 18:31 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-05-16 18:31 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-05-16 18:31 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-05-16 18:27 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-05-16 18:27 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-05-16 18:27 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-05-16 15:14 . 2008-05-17 22:20 <DIR> d-------- C:\Program Files\Common Files\ACD Systems
2008-05-16 15:13 . 2008-05-16 15:13 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-05-16 14:53 . 2008-05-16 14:53 <DIR> d---s---- C:\Documents and Settings\jaroslav zelenak\UserData
2008-05-16 13:37 . 2008-05-16 13:37 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-05-16 12:40 . 2008-05-16 12:40 <DIR> d-------- C:\Program Files\ESET
2008-05-16 10:49 . 2008-05-16 10:49 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-16 10:45 . 2008-05-16 10:45 <DIR> d-------- C:\Program Files\Opera
2008-05-16 10:45 . 2008-05-18 18:14 <DIR> d-------- C:\Documents and Settings\jaroslav zelenak\Plocha
2008-05-16 10:37 . 2008-05-16 10:37 <DIR> d-------- C:\icons
2008-05-16 10:21 . 2008-05-16 10:21 <DIR> d-------- C:\Program Files\Dreamweaver Interface Improver
2008-05-16 10:20 . 2003-07-30 18:28 974,848 --a------ C:\WINDOWS\system32\mfc70.dll
2008-05-16 10:20 . 2003-07-30 18:28 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll
2008-05-16 10:20 . 2003-07-30 18:28 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2008-05-16 10:07 . 2004-08-17 17:49 1,888,992 --a------ C:\WINDOWS\system32\ati3duag.dll
2008-05-16 10:06 . 2004-08-17 17:49 75,264 --a------ C:\WINDOWS\system32\usbui.dll
2008-05-16 10:05 . 2008-05-16 08:51 <DIR> d--h----- C:\Documents and Settings\Default User\ćablony
2008-05-16 10:05 . 2008-05-16 10:05 <DIR> d-------- C:\Documents and Settings\Default User\Plocha
2008-05-16 10:05 . 2008-05-16 10:05 <DIR> d--h----- C:\Documents and Settings\Default User\Okolnˇ tisk rny
2008-05-16 10:05 . 2008-05-16 10:05 <DIR> d--h----- C:\Documents and Settings\Default User\Okolnˇ sˇś
2008-05-16 10:05 . 2008-05-16 10:05 <DIR> d-------- C:\Documents and Settings\Default User\Oblˇben‚ polo§ky
2008-05-16 10:05 . 2008-05-16 10:05 <DIR> dr------- C:\Documents and Settings\Default User\Nabˇdka Start
2008-05-16 10:05 . 2008-05-16 10:05 <DIR> d-------- C:\Documents and Settings\Default User\Dokumenty
2008-05-16 10:05 . 2008-05-16 10:05 <DIR> d--h----- C:\Documents and Settings\All Users\ćablony
2008-05-16 10:05 . 2008-05-16 19:46 <DIR> d-------- C:\Documents and Settings\All Users\Plocha
2008-05-16 10:05 . 2008-05-16 10:05 <DIR> d-------- C:\Documents and Settings\All Users\Oblˇben‚ polo§ky
2008-05-16 10:05 . 2008-05-16 23:04 <DIR> dr------- C:\Documents and Settings\All Users\Nabˇdka Start
2008-05-16 10:05 . 2008-05-16 23:20 <DIR> dr------- C:\Documents and Settings\All Users\Dokumenty
2008-05-16 10:04 . 2008-05-16 10:05 <DIR> dr-h----- C:\Documents and Settings\Default User\Data aplikacˇ
2008-05-16 10:04 . 2008-05-16 08:55 <DIR> d--h----- C:\Documents and Settings\Default User
2008-05-16 10:04 . 2008-05-17 22:19 <DIR> dr-h----- C:\Documents and Settings\All Users\Data aplikacˇ
2008-05-16 10:04 . 2008-05-16 08:54 <DIR> d-------- C:\Documents and Settings\All Users
2008-05-16 10:04 . 2008-05-16 09:13 <DIR> d-------- C:\Documents and Settings
2008-05-16 10:03 . 2008-05-16 08:58 261 --a------ C:\WINDOWS\system32\$winnt$.inf
2008-05-16 10:01 . 2008-05-16 10:01 <DIR> d-------- C:\Program Files\Common Files\Macromedia Shared
2008-05-16 10:01 . 2008-05-16 10:01 1 --a------ C:\WINDOWS\system32\FlashPaperPrinterPort
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-16 21:18 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-16 17:46 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-16 08:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-16 08:20 --------- d-----w C:\Program Files\Macromedia
2008-05-16 08:20 --------- d-----w C:\Program Files\Common Files\Macromedia
2008-05-16 07:56 --------- d-----w C:\Program Files\Common Files\InstallShield
.
((((((((((((((((((((((((((((( snapshot_2008-05-18_18.08.56.00 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-18 16:03:52 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-18 16:17:18 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2004-08-17 14:49:22 36,864 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll
+ 2007-07-30 17:18:40 33,624 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 16:49 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48 1443072]
"LXCCCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2005-07-20 15:44 73728]
"lxccmon.exe"="C:\Program Files\Lexmark 3300 Series\lxccmon.exe" [2005-07-21 02:16 192512]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 11:36 299008]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 16:49 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]
R2 ColdFusion MX ODBC Agent;ColdFusion MX ODBC Agent;C:\CFusionMX\db\slserver52\bin\swagent.exe "ColdFusion MX ODBC Agent" []
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 00:04]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\setup.EXE /AUTORUN
\Shell\configure\command - F:\setup.EXE
\Shell\install\command - F:\setup.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\wd_windows_tools\setup.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-18 18:17:40
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Dreamweaver Interface Improver\MdImpr.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\CFusionMX\runtime\bin\jrunsvc.exe
C:\CFusionMX\runtime\bin\jrun.exe
C:\CFusionMX\db\slserver52\bin\swstrtr.exe
C:\CFusionMX\db\slserver52\bin\swsoc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\lxcccoms.exe
.
**************************************************************************
.
Completion time: 2008-05-18 18:23:18 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-18 16:22:29
ComboFix2.txt 2008-05-18 16:10:00
ComboFix3.txt 2008-05-18 13:26:17
Adresářů: 10, Volných bajtů: 16,490,586,112
Adres ý…: 11, Volněch bajt…: 16,453,709,824
172
......................................................................................................................................
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:23:48, on 18.5.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Lexmark 3300 Series\lxccmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dreamweaver Interface Improver\MdImpr.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\CFusionMX\runtime\bin\jrunsvc.exe
C:\CFusionMX\db\slserver52\bin\swagent.exe
C:\CFusionMX\runtime\bin\jrun.exe
C:\CFusionMX\db\slserver52\bin\swstrtr.exe
C:\CFusionMX\db\slserver52\bin\swsoc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\lxcccoms.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Dreamweaver Interface Improver.lnk = C:\Program Files\Dreamweaver Interface Improver\MdImpr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ColdFusion MX Application Server - Macromedia Inc. - C:\CFusionMX\runtime\bin\jrunsvc.exe
O23 - Service: ColdFusion MX ODBC Agent - Unknown owner - C:\CFusionMX\db\slserver52\bin\swagent.exe
O23 - Service: ColdFusion MX ODBC Server - Unknown owner - C:\CFusionMX\db\slserver52\bin\swstrtr.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
--
End of file - 4472 bytes
Som ti hrozne vdacna, ze si taky ochotny
Re: Prosím pomoc - YOUR PRIVACY IS IN DANGER
Asi to pomohlo, lebo uz nic nevyskakuje a vyzera to ako predtym.
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Re: Prosím pomoc - YOUR PRIVACY IS IN DANGER
Stáhni si program OTMoveIt2 (by OldTimer) a ulož si ho na disk C a spusť ho.
- Do levého sloupce (Paste List Of Files/Folders to Move) zkopíruj tyto cesty:
- Po zkopírování klikni na tlačítko MoveIt! a vlož sem následně celý obsah z pravého sloupce, jinak uložený ve složce C:\_OTMoveIt\MovedFiles\, který bude informovat o výsledcích
- Je možné, že pokud nebudou moci být soubory odstraněny, budeš dotázán na restart počítače, v tom případě restart potvrď
- Do levého sloupce (Paste List Of Files/Folders to Move) zkopíruj tyto cesty:
Kód: Vybrat vše
[kill explorer]
C:\WINDOWS\system32\wtptjetj.dll
EmptyTemp
[start explorer]- Po zkopírování klikni na tlačítko MoveIt! a vlož sem následně celý obsah z pravého sloupce, jinak uložený ve složce C:\_OTMoveIt\MovedFiles\, který bude informovat o výsledcích
- Je možné, že pokud nebudou moci být soubory odstraněny, budeš dotázán na restart počítače, v tom případě restart potvrď
It may take a while to get a response, because the "HJT Team" are very busy. Please, be patient, these people are volunteers. They will help you out, as soon as possible.
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Re: Prosím pomoc - YOUR PRIVACY IS IN DANGER
Explorer killed successfully
DllUnregisterServer procedure not found in C:\WINDOWS\system32\wtptjetj.dll
C:\WINDOWS\system32\wtptjetj.dll NOT unregistered.
C:\WINDOWS\system32\wtptjetj.dll moved successfully.
< EmptyTemp >
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully
OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 05202008_212902
Dakujem za pomoc
DllUnregisterServer procedure not found in C:\WINDOWS\system32\wtptjetj.dll
C:\WINDOWS\system32\wtptjetj.dll NOT unregistered.
C:\WINDOWS\system32\wtptjetj.dll moved successfully.
< EmptyTemp >
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully
OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 05202008_212902
Dakujem za pomoc
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Re: Prosím pomoc - YOUR PRIVACY IS IN DANGER
Jdi přes Start -> Spustit... a napiš do okna tento příkaz označený modře ComboFix /u a dej Ok.
- mezi comobofix a /u musí být mezera
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Fixni v HJT tuto položku jestli tam ještě bude:
Spusť znovu HijackThis a zaškrtni v něm okénko před řádkem:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
po zaškrtnutí klikni na tlačítko Fix Checked
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Spusť znovu OTMoveIT a klikni na tlačítko CleanUp!. Načte se ti seznam a objeví se ti hláška tak dej Yes. Po proběhnutí se tě zeptá na restart tak ho opět povol přes volbu Yes.
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Pro lepší zabezpečení bych ti doporučil doinstalovat firewall, můžeš si vybrat některý zde uvedený nebo některý jiný z odkazu: Přehled osobních firewallů
Firewally zdarma:
Comodo - kvalitní, pokročilý, s mnoha funkcemi, originálně v angličtině
Kerio - přehledný, větší možnosti nastavení, náročnější na systémové prostředky, v češtině
ZoneAlarm - jednoduchý, kompatibilní, nenáročný na systémové prostředky, málo možností nastavení, v angličtině + návod
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Stáhni si a spusť T-cleaner a postupuj podle instrukcí.
- případně můžeš také pročistit Pc od dočasných souborů např. pomocí: CCleaner
Nemáš za co, kdyby byl nějaký problém tak dej vědet.
- mezi comobofix a /u musí být mezera
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Fixni v HJT tuto položku jestli tam ještě bude:
Spusť znovu HijackThis a zaškrtni v něm okénko před řádkem:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
po zaškrtnutí klikni na tlačítko Fix Checked
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Spusť znovu OTMoveIT a klikni na tlačítko CleanUp!. Načte se ti seznam a objeví se ti hláška tak dej Yes. Po proběhnutí se tě zeptá na restart tak ho opět povol přes volbu Yes.
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Pro lepší zabezpečení bych ti doporučil doinstalovat firewall, můžeš si vybrat některý zde uvedený nebo některý jiný z odkazu: Přehled osobních firewallů
Firewally zdarma:
Comodo - kvalitní, pokročilý, s mnoha funkcemi, originálně v angličtině
Kerio - přehledný, větší možnosti nastavení, náročnější na systémové prostředky, v češtině
ZoneAlarm - jednoduchý, kompatibilní, nenáročný na systémové prostředky, málo možností nastavení, v angličtině + návod
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Stáhni si a spusť T-cleaner a postupuj podle instrukcí.
- případně můžeš také pročistit Pc od dočasných souborů např. pomocí: CCleaner
Nemáš za co, kdyby byl nějaký problém tak dej vědet.
It may take a while to get a response, because the "HJT Team" are very busy. Please, be patient, these people are volunteers. They will help you out, as soon as possible.
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Zpět na “Viry, antiviry, firewally…”
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 2 hosti