CAu nod32 mi najednou zacal hlasit ze mam Win32\Adware.Virtumond a ja newim jak ho dostat ven skousel sem spyware Terminator a nod32 ale ani jeden si stim neporadil tady je log z hitjackthis pozte mi prosim. predem dekuji
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 15:45:52, on 2.8.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS WLAN Adapter\ACU.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis1.exe
C:\WINDOWS\smss.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Apoint2K\Apvfb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\QIP\qip.exe
C:\Program Files\Spyware Terminator\SpywareTerminator.exe
C:\Documents and Settings\Administrator\Plocha\HiJackThis_v2.exe
C:\Program Files\Mozilla Firefox\firefox.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gogle.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {16E18809-1D7A-4D85-9592-9F9003A6CDAB} - C:\WINDOWS\system32\mljgg.dll (file missing)
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: (no name) - {1E6CE4CD-161B-4847-B8BF-E2EF72299D69} - (no file)
O2 - BHO: (no name) - {67475B4D-150D-44A4-B5DD-BC80D4C9361F} - C:\WINDOWS\system32\nnnoljg.dll
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\ofecriku.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ACU] "C:\Program Files\ASUS WLAN Adapter\ACU.exe" -nogui
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [pdfFactory Dispatcher v1] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis1.exe
O4 - HKLM\..\Run: [WinSysModule] dsrss.exe
O4 - HKLM\..\Run: [IE Redir] C:\WINDOWS\smss.exe
O4 - HKLM\..\Run: [Microsoft Windows Session Manager Subsystem] C:\WINDOWS\smss.exe
O4 - HKLM\..\Run: [Microsoft Windows Logon Process] C:\WINDOWS\winlogon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\ljlrssgx.dll",forkonce
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - Winlogon Notify: nnnoljg - C:\WINDOWS\SYSTEM32\nnnoljg.dll
O20 - Winlogon Notify: winexz32 - C:\WINDOWS\SYSTEM32\winexz32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ASUS Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe (file missing)
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Windows Logon Process Service (MSWinLogonProcService) - Unknown owner - C:\WINDOWS\winlogon.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
//dvakrát stejná otázka, nerovná se rychlejší odpověď a proto jsem ti jednu smazal
//Karlos
Win32\Adware.Virtumond
1. Vypni obnovu systému:
klikni pravým tlačítkem na Tento počítač>vlastnosti>obnova systému a zaškrtni a klikni na OK, potvrď a restartuj PC.
Avšak ju hned poté nezapínej zapni ju poté co skončíme likvidací havěti v tvém PC.
2. V HJT fixni:
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [WinSysModule] dsrss.exe
O4 - HKLM\..\Run: [IE Redir] C:\WINDOWS\smss.exe
O4 - HKLM\..\Run: [Microsoft Windows Session Manager Subsystem] C:\WINDOWS\smss.exe
O4 - HKLM\..\Run: [Microsoft Windows Logon Process] C:\WINDOWS\winlogon.exe
O4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe
A restartuj PC.
3. Po restartu si stáhni Avenger a spusť ho pod účtem administrátora.
Zaškrtni volbu - Input script manually a klikni na ikonku lupy vyskočí prázdné okno kam zkopíruj ten tučně označený text:
Files to delete:
C:\WINDOWS\smss.exe
C:\WINDOWS\winlogon.exe
C:\WINDOWS\dsrss.exe
C:\WINDOWS\SYSTEM32\winexz32.dll
A klikni na Done.
Poté klikni na ikonku Semafory.
Vyskočí hláška kde odklikni Yes poté další hláška kde odklikni Yes.
PC se restartuje.Po restartu by ti měl "vyběhnout" log z Avengeru tak ho sem zkopíruj.
4. Odinstaluj přes přidat/odebrat programy WinPop a Crawler nebo Crawler Toolbar.
Poté až je odinstaluješ tak smaž tyto složky:
C:\PROGRA~1\Crawler
C:\Program Files\WinPop
5.Dej Start > Spustit a do volného řádku zkopíruj postupně tyto tři příkazy:
sc stop MSWinLogonProcService
a stiskni enter.
pak tam zkopíruj tento příkaz:
sc config MSWinLogonProcService start= disabled
Stiskni enter.
a pak naposledy tam zkopíruj tento příkaz:
sc delete MSWinLogonProcService
stiskni zase enter a restartuj PC.
6. Po restartu postupuj dle tohoto návodu
Použij toho Vundofix-a
Akorát je ten návod psaný na starou verzi takže mám k tomu dvě připomínky:
1.Hned jak to spustíš tak klikni na Scan for Vundo
2.Je možné že se VundoFix po restartu znovu automaticky spustí, znamená, že některé infikované soubory, které našel, nemohly být smazány.A v tom případě opakuj postup s Vundofixem znovu.
A dej sem log z VundoFixu umístěný na C:\VundoFix.txt
7. Stáhni si pak novou verzi HijackThis ke stažení zde a dej sem log z té nové verze.
Předtím však než si stáhneš novou verzi tak smaž tu starou.
Pak sem dej teda log z VundoFixa + log z Avengera + nový log z HJT.
klikni pravým tlačítkem na Tento počítač>vlastnosti>obnova systému a zaškrtni a klikni na OK, potvrď a restartuj PC.
Avšak ju hned poté nezapínej zapni ju poté co skončíme likvidací havěti v tvém PC.
2. V HJT fixni:
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [WinSysModule] dsrss.exe
O4 - HKLM\..\Run: [IE Redir] C:\WINDOWS\smss.exe
O4 - HKLM\..\Run: [Microsoft Windows Session Manager Subsystem] C:\WINDOWS\smss.exe
O4 - HKLM\..\Run: [Microsoft Windows Logon Process] C:\WINDOWS\winlogon.exe
O4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe
A restartuj PC.
3. Po restartu si stáhni Avenger a spusť ho pod účtem administrátora.
Zaškrtni volbu - Input script manually a klikni na ikonku lupy vyskočí prázdné okno kam zkopíruj ten tučně označený text:
Files to delete:
C:\WINDOWS\smss.exe
C:\WINDOWS\winlogon.exe
C:\WINDOWS\dsrss.exe
C:\WINDOWS\SYSTEM32\winexz32.dll
A klikni na Done.
Poté klikni na ikonku Semafory.
Vyskočí hláška kde odklikni Yes poté další hláška kde odklikni Yes.
PC se restartuje.Po restartu by ti měl "vyběhnout" log z Avengeru tak ho sem zkopíruj.
4. Odinstaluj přes přidat/odebrat programy WinPop a Crawler nebo Crawler Toolbar.
Poté až je odinstaluješ tak smaž tyto složky:
C:\PROGRA~1\Crawler
C:\Program Files\WinPop
5.Dej Start > Spustit a do volného řádku zkopíruj postupně tyto tři příkazy:
sc stop MSWinLogonProcService
a stiskni enter.
pak tam zkopíruj tento příkaz:
sc config MSWinLogonProcService start= disabled
Stiskni enter.
a pak naposledy tam zkopíruj tento příkaz:
sc delete MSWinLogonProcService
stiskni zase enter a restartuj PC.
6. Po restartu postupuj dle tohoto návodu
Použij toho Vundofix-a
Akorát je ten návod psaný na starou verzi takže mám k tomu dvě připomínky:
1.Hned jak to spustíš tak klikni na Scan for Vundo
2.Je možné že se VundoFix po restartu znovu automaticky spustí, znamená, že některé infikované soubory, které našel, nemohly být smazány.A v tom případě opakuj postup s Vundofixem znovu.
A dej sem log z VundoFixu umístěný na C:\VundoFix.txt
7. Stáhni si pak novou verzi HijackThis ke stažení zde a dej sem log z té nové verze.
Předtím však než si stáhneš novou verzi tak smaž tu starou.
Pak sem dej teda log z VundoFixa + log z Avengera + nový log z HJT.
Spustíš HijackThis pokud máš tu novou verzi 2.0.2 klikneš dole vlevo na tlačítko Scan až to do scanuje tak zatrhneš políčko před položkou která byla určena k fixnutí a klikneš na tlačítko Fix checked.
Pokud máš ještě starší verzi HijackThisa tak si stáhni tu novou odkaz je v mém předchozím příspěvku.
Pokud máš ještě starší verzi HijackThisa tak si stáhni tu novou odkaz je v mém předchozím příspěvku.
tady je ten log z vundofixu
VundoFix V6.5.6
Checking Java version...
Sun Java not detected
Scan started at 15:03:15 2.8.2007
Listing files found while scanning....
C:\WINDOWS\system32\ggjlm.bak1
C:\WINDOWS\system32\ggjlm.bak2
C:\WINDOWS\system32\ggjlm.ini
C:\windows\system32\ipyobcbg.dll
C:\WINDOWS\system32\mljgg.dll
C:\windows\system32\oiigfgua.dll
C:\windows\system32\qgvswsbs.dll
C:\windows\system32\ymbhsyli.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\ggjlm.bak1
C:\WINDOWS\system32\ggjlm.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\ggjlm.bak2
C:\WINDOWS\system32\ggjlm.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\ggjlm.ini
C:\WINDOWS\system32\ggjlm.ini Has been deleted!
Attempting to delete C:\windows\system32\ipyobcbg.dll
C:\windows\system32\ipyobcbg.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\mljgg.dll
C:\WINDOWS\system32\mljgg.dll Has been deleted!
Attempting to delete C:\windows\system32\oiigfgua.dll
C:\windows\system32\oiigfgua.dll Has been deleted!
Attempting to delete C:\windows\system32\qgvswsbs.dll
C:\windows\system32\qgvswsbs.dll Has been deleted!
Attempting to delete C:\windows\system32\ymbhsyli.dll
C:\windows\system32\ymbhsyli.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.5.6
Checking Java version...
Sun Java not detected
Scan started at 15:08:28 2.8.2007
Listing files found while scanning....
No infected files were found.
VundoFix V6.5.6
Checking Java version...
Sun Java not detected
Scan started at 20:33:26 2.8.2007
Listing files found while scanning....
No infected files were found.
Beginning removal...
VundoFix V6.5.6
Checking Java version...
Sun Java not detected
Scan started at 15:03:15 2.8.2007
Listing files found while scanning....
C:\WINDOWS\system32\ggjlm.bak1
C:\WINDOWS\system32\ggjlm.bak2
C:\WINDOWS\system32\ggjlm.ini
C:\windows\system32\ipyobcbg.dll
C:\WINDOWS\system32\mljgg.dll
C:\windows\system32\oiigfgua.dll
C:\windows\system32\qgvswsbs.dll
C:\windows\system32\ymbhsyli.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\ggjlm.bak1
C:\WINDOWS\system32\ggjlm.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\ggjlm.bak2
C:\WINDOWS\system32\ggjlm.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\ggjlm.ini
C:\WINDOWS\system32\ggjlm.ini Has been deleted!
Attempting to delete C:\windows\system32\ipyobcbg.dll
C:\windows\system32\ipyobcbg.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\mljgg.dll
C:\WINDOWS\system32\mljgg.dll Has been deleted!
Attempting to delete C:\windows\system32\oiigfgua.dll
C:\windows\system32\oiigfgua.dll Has been deleted!
Attempting to delete C:\windows\system32\qgvswsbs.dll
C:\windows\system32\qgvswsbs.dll Has been deleted!
Attempting to delete C:\windows\system32\ymbhsyli.dll
C:\windows\system32\ymbhsyli.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.5.6
Checking Java version...
Sun Java not detected
Scan started at 15:08:28 2.8.2007
Listing files found while scanning....
No infected files were found.
VundoFix V6.5.6
Checking Java version...
Sun Java not detected
Scan started at 20:33:26 2.8.2007
Listing files found while scanning....
No infected files were found.
Beginning removal...
tady je z HJT
VundoFix V6.5.6
Checking Java version...
Sun Java not detected
Scan started at 15:03:15 2.8.2007
Listing files found while scanning....
C:\WINDOWS\system32\ggjlm.bak1
C:\WINDOWS\system32\ggjlm.bak2
C:\WINDOWS\system32\ggjlm.ini
C:\windows\system32\ipyobcbg.dll
C:\WINDOWS\system32\mljgg.dll
C:\windows\system32\oiigfgua.dll
C:\windows\system32\qgvswsbs.dll
C:\windows\system32\ymbhsyli.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\ggjlm.bak1
C:\WINDOWS\system32\ggjlm.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\ggjlm.bak2
C:\WINDOWS\system32\ggjlm.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\ggjlm.ini
C:\WINDOWS\system32\ggjlm.ini Has been deleted!
Attempting to delete C:\windows\system32\ipyobcbg.dll
C:\windows\system32\ipyobcbg.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\mljgg.dll
C:\WINDOWS\system32\mljgg.dll Has been deleted!
Attempting to delete C:\windows\system32\oiigfgua.dll
C:\windows\system32\oiigfgua.dll Has been deleted!
Attempting to delete C:\windows\system32\qgvswsbs.dll
C:\windows\system32\qgvswsbs.dll Has been deleted!
Attempting to delete C:\windows\system32\ymbhsyli.dll
C:\windows\system32\ymbhsyli.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.5.6
Checking Java version...
Sun Java not detected
Scan started at 15:08:28 2.8.2007
Listing files found while scanning....
No infected files were found.
VundoFix V6.5.6
Checking Java version...
Sun Java not detected
Scan started at 20:33:26 2.8.2007
Listing files found while scanning....
No infected files were found.
Beginning removal...
VundoFix V6.5.6
Checking Java version...
Sun Java not detected
Scan started at 15:03:15 2.8.2007
Listing files found while scanning....
C:\WINDOWS\system32\ggjlm.bak1
C:\WINDOWS\system32\ggjlm.bak2
C:\WINDOWS\system32\ggjlm.ini
C:\windows\system32\ipyobcbg.dll
C:\WINDOWS\system32\mljgg.dll
C:\windows\system32\oiigfgua.dll
C:\windows\system32\qgvswsbs.dll
C:\windows\system32\ymbhsyli.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\ggjlm.bak1
C:\WINDOWS\system32\ggjlm.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\ggjlm.bak2
C:\WINDOWS\system32\ggjlm.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\ggjlm.ini
C:\WINDOWS\system32\ggjlm.ini Has been deleted!
Attempting to delete C:\windows\system32\ipyobcbg.dll
C:\windows\system32\ipyobcbg.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\mljgg.dll
C:\WINDOWS\system32\mljgg.dll Has been deleted!
Attempting to delete C:\windows\system32\oiigfgua.dll
C:\windows\system32\oiigfgua.dll Has been deleted!
Attempting to delete C:\windows\system32\qgvswsbs.dll
C:\windows\system32\qgvswsbs.dll Has been deleted!
Attempting to delete C:\windows\system32\ymbhsyli.dll
C:\windows\system32\ymbhsyli.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.5.6
Checking Java version...
Sun Java not detected
Scan started at 15:08:28 2.8.2007
Listing files found while scanning....
No infected files were found.
VundoFix V6.5.6
Checking Java version...
Sun Java not detected
Scan started at 20:33:26 2.8.2007
Listing files found while scanning....
No infected files were found.
Beginning removal...
Pokud ti Avenger nic neukázal tak jsem zkopíruj jeho log je umístěný na C:\avenger.txt.
A aplikuj ComboFixa:
Stáhni si ComboFix zavři všechna spuštěná okna a spusť ho.
Postupuj dle pokynů během aplikování ComboFixu neklikej do zobrazujícího se okna může se stát totiž že to proces zastaví.
Po skončení se vytvoří log tak sem zkopíruj jeho obsah.
(Je možné že se počítač restartuje, bude to kvůli tomu že ComboFix našel infikované soubory aby je smazal tak se restartuje PC)
Pro spusťění ComboFixu je nutné mít práva administrátora.
Jinak je ComboFixův log umístěný na C:\ComboFix.txt
+ sem vlož nový log z HJT.
A aplikuj ComboFixa:
Stáhni si ComboFix zavři všechna spuštěná okna a spusť ho.
Postupuj dle pokynů během aplikování ComboFixu neklikej do zobrazujícího se okna může se stát totiž že to proces zastaví.
Po skončení se vytvoří log tak sem zkopíruj jeho obsah.
(Je možné že se počítač restartuje, bude to kvůli tomu že ComboFix našel infikované soubory aby je smazal tak se restartuje PC)
Pro spusťění ComboFixu je nutné mít práva administrátora.
Jinak je ComboFixův log umístěný na C:\ComboFix.txt
+ sem vlož nový log z HJT.
ComboFix 07-07-30.2 - "Administrator" 2007-08-02 21:11:14.2 [GMT 2:00] - NTFS
Syst‚m Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.True
((((((((((((((((((((((((( Files Created from 2007-07-02 to 2007-08-02 )))))))))))))))))))))))))))))))
2007-08-02 21:02 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-02 17:15 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-08-02 17:15 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-08-02 15:03 <DIR> d-------- C:\VundoFix Backups
2007-08-01 22:46 125,504 --a------ C:\WINDOWS\system32\ljlrssgx.dll
2007-08-01 18:37 125,504 --a------ C:\WINDOWS\system32\gmrbeelc.dll
2007-08-01 18:37 1,156 --a------ C:\WINDOWS\mozver.dat
2007-07-31 14:26 <DIR> d-------- C:\Program Files\uTorrent
2007-07-31 14:26 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DATAAP~1\uTorrent
2007-07-31 14:01 <DIR> d-------- C:\Program Files\QIP
2007-07-30 20:43 125,504 --a------ C:\WINDOWS\system32\samkhxgg.dll
2007-07-30 15:34 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-07-30 15:34 298,104 --a------ C:\WINDOWS\system32\imon.dll
2007-07-30 15:34 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2007-07-30 15:19 138,368 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2007-07-30 15:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Spyware Terminator
2007-07-30 15:15 <DIR> d-------- C:\Program Files\Spyware Terminator
2007-07-29 20:47 <DIR> d-------- C:\WINDOWS\system32\InsFiles
2007-07-29 20:46 60,255 -ra------ C:\WINDOWS\system32\drivers\stmatm.sys
2007-07-29 20:46 549,421 -ra------ C:\WINDOWS\system32\drivers\torususb.sys
2007-07-29 20:46 36,864 -ra------ C:\WINDOWS\system32\stmclean.exe
2007-07-29 20:46 253,952 -ra------ C:\WINDOWS\system32\stmcfg32.dll
2007-07-29 20:46 155,648 -ra------ C:\WINDOWS\system32\stmctrl.dll
2007-07-26 18:52 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-07-26 18:51 <DIR> d-------- C:\Program Files\Real
2007-07-26 18:51 <DIR> d-------- C:\Program Files\Common Files\Real
2007-07-26 18:51 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DATAAP~1\Real
2007-07-26 18:50 <DIR> d-------- C:\Program Files\Webteh
2007-07-25 13:11 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-07-25 13:01 0 --a------ C:\WINDOWS\nsreg.dat
2007-07-25 12:58 <DIR> d-------- C:\Program Files\Lavasoft
2007-07-25 12:58 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-25 12:58 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Lavasoft
2007-07-25 12:37 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-07-25 12:37 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-07-25 12:28 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-07-25 09:15 <DIR> d---s---- C:\DOCUME~1\ADMINI~1\UserData
2007-07-25 09:10 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-07-25 08:47 33 --a------ C:\WINDOWS\regprc32.bat
2007-07-25 08:47 126,016 --------- C:\WINDOWS\system32\djhmxhtq.dll
2007-07-25 08:44 388 --a------ C:\WINDOWS\urls.dat
2007-07-25 08:44 18,906 --a------ C:\WINDOWS\htmlcode.dat
2007-07-25 08:39 31,254 --a------ C:\WINDOWS\system32\nnnoljg.dll
2007-07-25 08:20 241,664 --a------ C:\WINDOWS\system32\fppmon1.dll
2007-07-25 08:20 102,400 --a------ C:\WINDOWS\system32\fppr132.dll
2007-07-25 08:19 974,848 --a------ C:\WINDOWS\system32\MFC70.dll
2007-07-25 08:19 54,784 --a------ C:\WINDOWS\system32\MSVCI70.dll
2007-07-25 08:19 487,424 --a------ C:\WINDOWS\system32\MSVCP70.dll
2007-07-25 08:19 344,064 --a------ C:\WINDOWS\system32\MSVCR70.dll
2007-07-25 08:19 <DIR> d-------- C:\Program Files\Alwil Software
2007-07-25 08:16 545 --a------ C:\WINDOWS\UC.PIF
2007-07-25 08:16 545 --a------ C:\WINDOWS\RAR.PIF
2007-07-25 08:16 545 --a------ C:\WINDOWS\PKZIP.PIF
2007-07-25 08:16 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2007-07-25 08:16 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2007-07-25 08:16 545 --a------ C:\WINDOWS\LHA.PIF
2007-07-25 08:16 545 --a------ C:\WINDOWS\ARJ.PIF
2007-07-25 08:16 <DIR> d-------- C:\Program Files\totalcmd
2007-07-24 22:41 58,240 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-07-24 22:41 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-07-24 22:40 9,344 --a------ C:\WINDOWS\system32\drivers\compbatt.sys
2007-07-24 22:40 75,264 --a------ C:\WINDOWS\system32\usbui.dll
2007-07-24 22:40 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2007-07-24 22:40 14,080 --a------ C:\WINDOWS\system32\drivers\CmBatt.sys
2007-07-24 22:40 14,080 --a------ C:\WINDOWS\system32\drivers\battc.sys
2007-07-24 22:39 8,832 --a------ C:\WINDOWS\system32\drivers\wmiacpi.sys
2007-07-24 22:38 894,336 --a------ C:\WINDOWS\system32\drivers\smserial.sys
2007-07-24 22:38 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2007-07-24 22:38 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2007-07-24 22:38 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2007-07-24 22:38 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2007-07-24 22:38 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2007-07-24 22:38 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2007-07-24 22:38 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2007-07-24 22:38 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2007-07-24 22:38 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2007-07-24 22:38 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2007-07-24 22:38 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2007-07-24 22:38 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2007-07-24 22:38 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2007-07-24 22:38 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2007-07-24 22:38 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2007-07-24 22:38 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2007-07-24 22:38 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2007-07-24 22:38 16,128 --a------ C:\WINDOWS\system32\drivers\MODEMCSA.sys
2007-07-24 22:38 155,648 --a------ C:\WINDOWS\system32\sm56coin.dll
2007-07-24 22:38 <DIR> dr------- C:\Program Files
2007-07-24 22:38 <DIR> d--hs---- C:\WINDOWS\Installer
2007-07-24 22:38 <DIR> d-------- C:\Program Files\Motorola
2007-07-24 22:38 <DIR> d-------- C:\Program Files\Common Files\SpeechEngines
2007-07-24 22:38 <DIR> d-------- C:\Program Files\Common Files\ODBC
2007-07-24 22:37 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2007-07-24 22:37 9,291 --a------ C:\WINDOWS\system\VER.DLL
2007-07-24 22:37 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-07-24 22:37 82,944 --a------ C:\WINDOWS\system\OLECLI.DLL
2007-07-24 22:37 8,704 --a------ C:\WINDOWS\system32\batt.dll
2007-07-24 22:37 75,264 --a------ C:\WINDOWS\system32\storprop.dll
2007-07-24 22:37 70,272 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-07-24 22:37 69,632 --a------ C:\WINDOWS\NOTEPAD.EXE
2007-07-24 22:37 69,008 --a------ C:\WINDOWS\system\MMSYSTEM.DLL
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-02 20:51 46214 --a------ C:\WINDOWS\system32\perfc005.dat
2007-08-02 20:51 309954 --a------ C:\WINDOWS\system32\perfh005.dat
2007-07-25 08:18 0 --a------ C:\WINDOWS\system32\drivers\1043_ASUSTeK_F3Tc.alu
2007-06-04 15:18 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 15:17 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 15:14 6272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{16E18809-1D7A-4D85-9592-9F9003A6CDAB}]
C:\WINDOWS\system32\mljgg.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{67475B4D-150D-44A4-B5DD-BC80D4C9361F}]
2007-07-25 08:39 31254 --a------ C:\WINDOWS\system32\nnnoljg.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2006-07-20 20:58 C:\WINDOWS\system32\nwiz.exe]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2006-06-02 18:58]
"ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-05-16 16:29]
"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-14 14:00 C:\WINDOWS\RTHDCPL.exe]
"ACU"="C:\Program Files\ASUS WLAN Adapter\ACU.exe" [2006-04-27 14:47]
"ASUS Live Update"="C:\Program Files\ASUS\ASUS Live Update\ALU.exe" [2006-02-21 15:20]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-07-26 18:52]
"AdslTaskBar"="stmctrl.dll" [2003-12-03 19:18 C:\WINDOWS\system32\stmctrl.dll]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2007-07-30 15:18]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-07-30 15:32]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-20 20:58]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-18 14:00]
C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 02:48:00]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 01:01:00]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{67475B4D-150D-44A4-B5DD-BC80D4C9361F}"= C:\WINDOWS\system32\nnnoljg.dll [2007-07-25 08:39 31254]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnoljg]
nnnoljg.dll 2007-07-25 08:39 31254 C:\WINDOWS\system32\nnnoljg.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winexz32]
winexz32.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
R1 asuskbnt;Enhanced Display Driver Helper Service;C:\WINDOWS\system32\drivers\atkkbnt.sys
R1 nod32drv;nod32drv;C:\WINDOWS\system32\drivers\nod32drv.sys
R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI;C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
R3 PSched;Pl novaź paket… technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
R3 sdbus;sdbus;C:\WINDOWS\system32\DRIVERS\sdbus.sys
R3 smserial;smserial;C:\WINDOWS\system32\DRIVERS\smserial.sys
R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\DRIVERS\stmatm.sys
R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys
S3 M3AD;Motorola Messenger Modem Audio Device;C:\WINDOWS\system32\drivers\m3aux.sys
S3 TaurusUsb;ADSL Modem USB Service;C:\WINDOWS\system32\DRIVERS\torususb.sys
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Schedule
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-02 21:13:27
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?\xe9?)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1\xed?)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-02 21:14:41 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-02 21:14
--- E O F ---
Syst‚m Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.True
((((((((((((((((((((((((( Files Created from 2007-07-02 to 2007-08-02 )))))))))))))))))))))))))))))))
2007-08-02 21:02 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-02 17:15 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-08-02 17:15 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-08-02 15:03 <DIR> d-------- C:\VundoFix Backups
2007-08-01 22:46 125,504 --a------ C:\WINDOWS\system32\ljlrssgx.dll
2007-08-01 18:37 125,504 --a------ C:\WINDOWS\system32\gmrbeelc.dll
2007-08-01 18:37 1,156 --a------ C:\WINDOWS\mozver.dat
2007-07-31 14:26 <DIR> d-------- C:\Program Files\uTorrent
2007-07-31 14:26 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DATAAP~1\uTorrent
2007-07-31 14:01 <DIR> d-------- C:\Program Files\QIP
2007-07-30 20:43 125,504 --a------ C:\WINDOWS\system32\samkhxgg.dll
2007-07-30 15:34 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-07-30 15:34 298,104 --a------ C:\WINDOWS\system32\imon.dll
2007-07-30 15:34 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2007-07-30 15:19 138,368 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2007-07-30 15:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Spyware Terminator
2007-07-30 15:15 <DIR> d-------- C:\Program Files\Spyware Terminator
2007-07-29 20:47 <DIR> d-------- C:\WINDOWS\system32\InsFiles
2007-07-29 20:46 60,255 -ra------ C:\WINDOWS\system32\drivers\stmatm.sys
2007-07-29 20:46 549,421 -ra------ C:\WINDOWS\system32\drivers\torususb.sys
2007-07-29 20:46 36,864 -ra------ C:\WINDOWS\system32\stmclean.exe
2007-07-29 20:46 253,952 -ra------ C:\WINDOWS\system32\stmcfg32.dll
2007-07-29 20:46 155,648 -ra------ C:\WINDOWS\system32\stmctrl.dll
2007-07-26 18:52 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-07-26 18:51 <DIR> d-------- C:\Program Files\Real
2007-07-26 18:51 <DIR> d-------- C:\Program Files\Common Files\Real
2007-07-26 18:51 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DATAAP~1\Real
2007-07-26 18:50 <DIR> d-------- C:\Program Files\Webteh
2007-07-25 13:11 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-07-25 13:01 0 --a------ C:\WINDOWS\nsreg.dat
2007-07-25 12:58 <DIR> d-------- C:\Program Files\Lavasoft
2007-07-25 12:58 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-25 12:58 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Lavasoft
2007-07-25 12:37 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-07-25 12:37 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-07-25 12:28 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-07-25 09:15 <DIR> d---s---- C:\DOCUME~1\ADMINI~1\UserData
2007-07-25 09:10 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-07-25 08:47 33 --a------ C:\WINDOWS\regprc32.bat
2007-07-25 08:47 126,016 --------- C:\WINDOWS\system32\djhmxhtq.dll
2007-07-25 08:44 388 --a------ C:\WINDOWS\urls.dat
2007-07-25 08:44 18,906 --a------ C:\WINDOWS\htmlcode.dat
2007-07-25 08:39 31,254 --a------ C:\WINDOWS\system32\nnnoljg.dll
2007-07-25 08:20 241,664 --a------ C:\WINDOWS\system32\fppmon1.dll
2007-07-25 08:20 102,400 --a------ C:\WINDOWS\system32\fppr132.dll
2007-07-25 08:19 974,848 --a------ C:\WINDOWS\system32\MFC70.dll
2007-07-25 08:19 54,784 --a------ C:\WINDOWS\system32\MSVCI70.dll
2007-07-25 08:19 487,424 --a------ C:\WINDOWS\system32\MSVCP70.dll
2007-07-25 08:19 344,064 --a------ C:\WINDOWS\system32\MSVCR70.dll
2007-07-25 08:19 <DIR> d-------- C:\Program Files\Alwil Software
2007-07-25 08:16 545 --a------ C:\WINDOWS\UC.PIF
2007-07-25 08:16 545 --a------ C:\WINDOWS\RAR.PIF
2007-07-25 08:16 545 --a------ C:\WINDOWS\PKZIP.PIF
2007-07-25 08:16 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2007-07-25 08:16 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2007-07-25 08:16 545 --a------ C:\WINDOWS\LHA.PIF
2007-07-25 08:16 545 --a------ C:\WINDOWS\ARJ.PIF
2007-07-25 08:16 <DIR> d-------- C:\Program Files\totalcmd
2007-07-24 22:41 58,240 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-07-24 22:41 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-07-24 22:40 9,344 --a------ C:\WINDOWS\system32\drivers\compbatt.sys
2007-07-24 22:40 75,264 --a------ C:\WINDOWS\system32\usbui.dll
2007-07-24 22:40 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2007-07-24 22:40 14,080 --a------ C:\WINDOWS\system32\drivers\CmBatt.sys
2007-07-24 22:40 14,080 --a------ C:\WINDOWS\system32\drivers\battc.sys
2007-07-24 22:39 8,832 --a------ C:\WINDOWS\system32\drivers\wmiacpi.sys
2007-07-24 22:38 894,336 --a------ C:\WINDOWS\system32\drivers\smserial.sys
2007-07-24 22:38 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2007-07-24 22:38 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2007-07-24 22:38 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2007-07-24 22:38 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2007-07-24 22:38 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2007-07-24 22:38 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2007-07-24 22:38 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2007-07-24 22:38 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2007-07-24 22:38 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2007-07-24 22:38 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2007-07-24 22:38 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2007-07-24 22:38 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2007-07-24 22:38 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2007-07-24 22:38 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2007-07-24 22:38 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2007-07-24 22:38 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2007-07-24 22:38 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2007-07-24 22:38 16,128 --a------ C:\WINDOWS\system32\drivers\MODEMCSA.sys
2007-07-24 22:38 155,648 --a------ C:\WINDOWS\system32\sm56coin.dll
2007-07-24 22:38 <DIR> dr------- C:\Program Files
2007-07-24 22:38 <DIR> d--hs---- C:\WINDOWS\Installer
2007-07-24 22:38 <DIR> d-------- C:\Program Files\Motorola
2007-07-24 22:38 <DIR> d-------- C:\Program Files\Common Files\SpeechEngines
2007-07-24 22:38 <DIR> d-------- C:\Program Files\Common Files\ODBC
2007-07-24 22:37 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2007-07-24 22:37 9,291 --a------ C:\WINDOWS\system\VER.DLL
2007-07-24 22:37 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-07-24 22:37 82,944 --a------ C:\WINDOWS\system\OLECLI.DLL
2007-07-24 22:37 8,704 --a------ C:\WINDOWS\system32\batt.dll
2007-07-24 22:37 75,264 --a------ C:\WINDOWS\system32\storprop.dll
2007-07-24 22:37 70,272 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-07-24 22:37 69,632 --a------ C:\WINDOWS\NOTEPAD.EXE
2007-07-24 22:37 69,008 --a------ C:\WINDOWS\system\MMSYSTEM.DLL
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-02 20:51 46214 --a------ C:\WINDOWS\system32\perfc005.dat
2007-08-02 20:51 309954 --a------ C:\WINDOWS\system32\perfh005.dat
2007-07-25 08:18 0 --a------ C:\WINDOWS\system32\drivers\1043_ASUSTeK_F3Tc.alu
2007-06-04 15:18 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 15:17 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 15:14 6272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{16E18809-1D7A-4D85-9592-9F9003A6CDAB}]
C:\WINDOWS\system32\mljgg.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{67475B4D-150D-44A4-B5DD-BC80D4C9361F}]
2007-07-25 08:39 31254 --a------ C:\WINDOWS\system32\nnnoljg.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2006-07-20 20:58 C:\WINDOWS\system32\nwiz.exe]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2006-06-02 18:58]
"ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-05-16 16:29]
"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-14 14:00 C:\WINDOWS\RTHDCPL.exe]
"ACU"="C:\Program Files\ASUS WLAN Adapter\ACU.exe" [2006-04-27 14:47]
"ASUS Live Update"="C:\Program Files\ASUS\ASUS Live Update\ALU.exe" [2006-02-21 15:20]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-07-26 18:52]
"AdslTaskBar"="stmctrl.dll" [2003-12-03 19:18 C:\WINDOWS\system32\stmctrl.dll]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2007-07-30 15:18]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-07-30 15:32]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-20 20:58]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-18 14:00]
C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 02:48:00]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 01:01:00]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{67475B4D-150D-44A4-B5DD-BC80D4C9361F}"= C:\WINDOWS\system32\nnnoljg.dll [2007-07-25 08:39 31254]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnoljg]
nnnoljg.dll 2007-07-25 08:39 31254 C:\WINDOWS\system32\nnnoljg.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winexz32]
winexz32.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
R1 asuskbnt;Enhanced Display Driver Helper Service;C:\WINDOWS\system32\drivers\atkkbnt.sys
R1 nod32drv;nod32drv;C:\WINDOWS\system32\drivers\nod32drv.sys
R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI;C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
R3 PSched;Pl novaź paket… technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
R3 sdbus;sdbus;C:\WINDOWS\system32\DRIVERS\sdbus.sys
R3 smserial;smserial;C:\WINDOWS\system32\DRIVERS\smserial.sys
R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\DRIVERS\stmatm.sys
R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys
S3 M3AD;Motorola Messenger Modem Audio Device;C:\WINDOWS\system32\drivers\m3aux.sys
S3 TaurusUsb;ADSL Modem USB Service;C:\WINDOWS\system32\DRIVERS\torususb.sys
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Schedule
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-02 21:13:27
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?\xe9?)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1\xed?)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-02 21:14:41 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-02 21:14
--- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:17:47, on 2.8.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS WLAN Adapter\ACU.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Apoint2K\Apvfb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Plocha\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gogle.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {16E18809-1D7A-4D85-9592-9F9003A6CDAB} - C:\WINDOWS\system32\mljgg.dll (file missing)
O2 - BHO: (no name) - {67475B4D-150D-44A4-B5DD-BC80D4C9361F} - C:\WINDOWS\system32\nnnoljg.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ACU] "C:\Program Files\ASUS WLAN Adapter\ACU.exe" -nogui
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: nnnoljg - C:\WINDOWS\SYSTEM32\nnnoljg.dll
O20 - Winlogon Notify: winexz32 - winexz32.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ASUS Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe (file missing)
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
--
End of file - 4932 bytes
Scan saved at 21:17:47, on 2.8.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS WLAN Adapter\ACU.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Apoint2K\Apvfb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Plocha\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gogle.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {16E18809-1D7A-4D85-9592-9F9003A6CDAB} - C:\WINDOWS\system32\mljgg.dll (file missing)
O2 - BHO: (no name) - {67475B4D-150D-44A4-B5DD-BC80D4C9361F} - C:\WINDOWS\system32\nnnoljg.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ACU] "C:\Program Files\ASUS WLAN Adapter\ACU.exe" -nogui
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: nnnoljg - C:\WINDOWS\SYSTEM32\nnnoljg.dll
O20 - Winlogon Notify: winexz32 - winexz32.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ASUS Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe (file missing)
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
--
End of file - 4932 bytes
Zpět na “Viry, antiviry, firewally…”
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 1 host