PC-HELP.CZ

České diskuzní fórum o počítačích
https://pc-help.cnews.cz/

Trojan ktorý napadol Windows - ako ho zničiť ?

https://pc-help.cnews.cz/viewtopic.php?f=47&t=28719

Stránka 1 z 1

Trojan ktorý napadol Windows - ako ho zničiť ?  Vyřešeno

Napsal: 28 čer 2008 16:52
od pistabaci
Some dangerous trojan horses detected in your system. Microsoft Windows XP files corrupted.This Way lead to the destruction of important files in: c:/Windows. Download protection software now! Click OK to download the antispiware.Recommended.

Tak takúto hlášku som dostal a mašinka hlavne keď mala použivať explorer.exe totalne mrzne a dookola dáva uvedený anglický text. Po nainštalovaní príslušneho software/ie-antivirus ten hlasi výskyty ,ale nezničí výskyt -len za nakup software. Okrem toho mi system často vyhodí hlášku o nedostatku virtuálnej pamäte.
Bežne antivíry ako NOD32 , dr.WEB, Avira a spyware Search and Destroy, Ad-Aware, Spyware Doctor to nevyliečili. Skusil som ComboFix a bez úspechu . Obnova systému nepomáha. Poradí nejaká dobrá duša lebo reinštalovať Windows sa dosť bojím že by som mohol stratiť časť údajov a zálohu z Acronis True Image som ešte nerobil.......

Ďakujem.

:evil:

Re: Trojan ktorý napadol Windows - ako ho zničiť ?

Napsal: 28 čer 2008 17:13
od bereline
měl jsem to samé .. hoď sem log z HiJackThis a počkej na někoho kdo ti jej projede :wink:

Re: Trojan ktorý napadol Windows - ako ho zničiť ?

Napsal: 28 čer 2008 17:43
od pistabaci
Tu je HijackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:43, on 2008-06-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\windows\system32\spoolsv.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\windows\system32\drivers\dcfssvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\windows\System32\alg.exe
C:\windows\system32\wscntfy.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\ThreatFire\TFService.exe
E:\INSTALACKY\PicPick\picpick.exe
C:\windows\explorer.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Eset\nod32.exe
C:\Program Files\WinOverBoost\wob2.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\TRANSLAT\WEBIE.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe_.dll
O2 - BHO: InlineSearchHandleHotKeys Class - {B6FFE2AE-4D12-451F-B457-FE6125FFB1CF} - C:\Program Files\IEForge\Inline Search\InlineSearch.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\TRANSLAT\WEBIE.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe_.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\windows\system32\drivers\dcfssvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdauxservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

--
End of file - 10367 bytes

Re: Trojan ktorý napadol Windows - ako ho zničiť ?

Napsal: 28 čer 2008 21:42
od zlobyl
Použij ComboFix: (vypni si však před jeho použitím všechny rezidentní štíty)

fredik píše:Stáhni ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem, prosím, celý jeho obsah

Re: Trojan ktorý napadol Windows - ako ho zničiť ?

Napsal: 28 čer 2008 21:53
od pistabaci
ComboFix 08-06-20.4 - pistabaci 2008-06-28 21:18:08.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.178 [GMT 2:00]
Running from: C:\Documents and Settings\pistabaci\Plocha\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\180search assistant\
C:\Program Files\180searchassistant\
C:\Program Files\2search\
C:\Program Files\Accoona\
C:\Program Files\AVSystemCare\
C:\Program Files\bravesentry\
C:\Program Files\ClientMan\
C:\Program Files\CSBB\
C:\Program Files\DriveCleaner Free\
C:\Program Files\e2g\
C:\Program Files\HbTools\
C:\Program Files\Hotbar\
C:\Program Files\IEToolbar\
C:\Program Files\install provider\
C:\Program Files\instant access\
C:\Program Files\Instant Buzz\
C:\Program Files\ipwindows\
C:\Program Files\kuaiso toolsbar\
C:\Program Files\media-codec\
C:\Program Files\mmediacodec\
C:\Program Files\MyWebSearch\
C:\Program Files\newdotnet\
C:\Program Files\p4p\
C:\Program Files\PerfectCleaner\
C:\Program Files\PestTrap\
C:\Program Files\purityscan\
C:\Program Files\regifast\
C:\Program Files\seekmo\
C:\Program Files\SideFind\
C:\Program Files\spamblockerutility\
C:\Program Files\spysheriff\
C:\Program Files\Spytech Software\
C:\Program Files\starware\
C:\Program Files\stc\
C:\Program Files\SurfAccuracy\
C:\Program Files\surfsidekick 3\
C:\Program Files\toolbar888\
C:\Program Files\web buying\
C:\Program Files\webhancer\
C:\Program Files\WhenUSearch\
C:\Program Files\zango\
C:\windows\mc\
C:\windows\mslagent\
C:\windows\regedit.com
C:\windows\system32\taskmgr.com
C:\windows\wincomp\
C:\windows\winmgts\
C:\windows\wintrim\
.
---- Previous Run -------
.
C:\Program Files\180search assistant\
C:\Program Files\180searchassistant\
C:\Program Files\2search\
C:\Program Files\Accoona\
C:\Program Files\AVSystemCare\
C:\Program Files\bravesentry\
C:\Program Files\ClientMan\
C:\Program Files\CSBB\
C:\Program Files\DriveCleaner Free\
C:\Program Files\e2g\
C:\Program Files\HbTools\
C:\Program Files\Hotbar\
C:\Program Files\IEToolbar\
C:\Program Files\install provider\
C:\Program Files\instant access\
C:\Program Files\Instant Buzz\
C:\Program Files\ipwindows\
C:\Program Files\kuaiso toolsbar\
C:\Program Files\media-codec\
C:\Program Files\mmediacodec\
C:\Program Files\MyWebSearch\
C:\Program Files\newdotnet\
C:\Program Files\p4p\
C:\Program Files\PerfectCleaner\
C:\Program Files\PestTrap\
C:\Program Files\purityscan\
C:\Program Files\regifast\
C:\Program Files\seekmo\
C:\Program Files\SideFind\
C:\Program Files\spamblockerutility\
C:\Program Files\spysheriff\
C:\Program Files\Spytech Software\
C:\Program Files\starware\
C:\Program Files\stc\
C:\Program Files\SurfAccuracy\
C:\Program Files\surfsidekick 3\
C:\Program Files\toolbar888\
C:\Program Files\web buying\
C:\Program Files\webhancer\
C:\Program Files\WhenUSearch\
C:\Program Files\zango\
C:\windows\mc\
C:\windows\mslagent\
C:\windows\msvrc20.dll
C:\windows\wincomp\
C:\windows\winmgts\
C:\windows\wintrim\

.
((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-28 )))))))))))))))))))))))))))))))
.

2019-11-26 14:11 . 2008-01-10 21:38 12 --a------ C:\WINDOWS\system32\mapisvc.inf
2008-06-28 17:25 . 2008-06-28 17:25 26 --a------ C:\WINDOWS\Lic.xxx
2008-06-28 17:02 . 2004-08-17 15:49 147,968 --a------ C:\WINDOWS\R.COM
2008-06-28 17:02 . 2007-05-11 16:27 137,216 --a------ C:\WINDOWS\system32\T.COM
2008-06-28 15:37 . 2008-06-28 15:37 <DIR> d-------- C:\Program Files\ThreatFire
2008-06-27 19:00 . 2008-06-28 21:14 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-06-27 18:14 . 2008-06-28 14:30 495 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
2008-06-27 13:57 . 2008-06-27 13:57 <DIR> d-------- C:\Program Files\IObit
2008-06-27 06:28 . 2008-06-27 06:28 <DIR> d-------- C:\Program Files\filehippo.com
2008-06-24 21:54 . 2008-06-24 21:54 <DIR> d-------- C:\Documents and Settings\All Users\ćablony
2008-06-24 21:52 . 2008-06-24 21:52 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-06-23 20:53 . 2008-06-27 21:01 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-06-23 20:53 . 2008-06-23 20:53 141,312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-06-22 12:05 . 2008-06-22 12:05 <DIR> d-------- C:\WINDOWS\PC Digital Safe
2008-06-22 10:30 . 2008-06-22 10:30 <DIR> dr------- C:\Documents and Settings\Administrator\Dokumenty
2008-06-22 04:28 . 2008-06-22 06:24 <DIR> d-------- C:\Documents and Settings\Administrator\DoctorWeb
2008-06-21 06:09 . 2008-06-23 23:13 <DIR> d-------- C:\Documents and Settings\pistabaci\DoctorWeb
2008-06-21 01:05 . 2008-06-26 15:22 <DIR> d-------- C:\Program Files\Crawler
2008-06-20 23:20 . 2008-06-28 14:40 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2008-06-19 00:31 . 2008-06-18 20:32 267,592 --a------ C:\Program Files\Uninstall Ask Toolbar.dll
2008-06-18 23:43 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-06-18 23:43 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-06-18 23:43 . 2008-06-28 07:17 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-06-18 23:43 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-06-18 09:08 . 2008-06-18 09:08 <DIR> dr-hs---- C:\WINDOWS\zeta.exe
2008-06-18 06:27 . 2008-06-18 06:45 <DIR> d-------- C:\Program Files\Rapidown
2008-06-17 10:13 . 2008-06-17 10:13 <DIR> d-------- C:\Program Files\SHOUTcast Source
2008-06-17 10:12 . 2008-06-17 10:20 <DIR> d-------- C:\Program Files\Zoom Player
2008-06-17 10:06 . 2008-06-17 10:06 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-17 10:06 . 2008-06-17 10:06 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-16 18:08 . 2008-06-16 18:08 0 --a------ C:\WINDOWS\system32\atiicdxx.dat
2008-06-16 07:28 . 2008-06-16 07:28 <DIR> d-------- C:\Program Files\GRETECH
2008-06-14 19:57 . 2008-06-14 19:57 2,560 --a------ C:\WINDOWS\system32\settings.aaw
2008-06-14 19:57 . 2008-06-14 19:57 704 --a------ C:\WINDOWS\system32\history.aaw
2008-06-14 17:19 . 2008-06-14 20:01 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-11 09:11 . 2008-06-14 19:23 <DIR> d-------- C:\Program Files\abcAVI
2008-06-09 20:46 . 2008-06-16 12:50 <DIR> d-------- C:\WINDOWS\system32\drivers\umdf
2008-06-09 20:44 . 2008-06-09 20:44 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-06-08 10:44 . 2008-03-26 11:15 53,248 --a------ C:\WINDOWS\system32\CSVer.dll
2008-06-08 10:43 . 2008-06-08 10:43 <DIR> d-------- C:\Intel
2008-06-04 21:19 . 2008-06-08 06:33 526 --a------ C:\WINDOWS\ATICIM.INI
2008-06-04 20:00 . 2008-06-04 20:00 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-05-31 09:39 . 2008-05-31 09:39 <DIR> d-------- C:\Program Files\ATI Technologies

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-27 18:18 --------- d-----w C:\Program Files\IEPro
2008-06-27 16:34 --------- d-----w C:\Program Files\Common Files\Download Manager
2008-06-27 03:30 --------- d-----w C:\Program Files\Microsoft Bootvis
2008-06-26 22:48 --------- d-----w C:\Program Files\FlashFXP
2008-06-26 22:26 --------- d-----w C:\Program Files\Desktop Maestro
2008-06-26 15:17 --------- d-----w C:\Program Files\WhatsRunning
2008-06-25 16:38 --------- d-----w C:\Program Files\ApexDC++
2008-06-24 03:05 --------- d-----w C:\Program Files\Wise Registry Cleaner
2008-06-18 04:16 --------- d-----w C:\Program Files\Ant Movie Catalog
2008-06-17 16:09 --------- d-----w C:\Program Files\Revo Uninstaller
2008-06-16 11:18 --------- d-----w C:\Program Files\Privacy Guardian
2008-06-16 05:19 --------- d-----w C:\Program Files\Google
2008-06-14 18:00 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-14 17:05 --------- d-----w C:\Program Files\Opera
2008-06-10 04:12 --------- d-----w C:\Program Files\Easy Duplicate Finder
2008-06-04 19:54 --------- d-----w C:\Program Files\GoQ - NetRadio
2008-06-04 19:04 --------- d-----w C:\Program Files\IsoBuster
2008-06-04 06:59 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-05-31 07:40 --------- d-----w C:\Program Files\Unlocker
2008-05-31 07:40 --------- d-----w C:\Program Files\CCleaner
2008-05-27 16:14 --------- d-----w C:\Program Files\uTorrent
2008-05-26 16:42 --------- d-----w C:\Program Files\Realtek AC97
2008-05-24 19:02 --------- d-----w C:\Program Files\MGrab
2008-05-22 08:06 --------- d-----w C:\Program Files\SpeedFan
2008-05-22 08:01 --------- d-----w C:\Program Files\SpeedFan(2)
2008-05-20 09:20 --------- d-----w C:\Program Files\Lingea
2008-05-19 13:50 --------- d-----w C:\Program Files\Common Files\GTK
2008-05-16 14:34 --------- d-----w C:\Program Files\Glary Utilities
2008-05-15 04:51 --------- d-----w C:\Program Files\Malware Blocker
2008-05-14 08:18 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-05-12 13:31 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 5
2008-05-12 13:23 --------- d-----w C:\Program Files\Common Files\Moonlight
2008-05-12 12:16 --------- d-----w C:\Program Files\Common Files\DBOXII
2008-05-12 12:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-12 10:07 --------- d-----w C:\Program Files\Moonlight Cordless
2008-05-12 07:43 --------- d-----w C:\Program Files\VideoInspector
2008-05-08 12:28 202,752 ----a-w C:\windows\system32\drivers\rmcast.sys
2008-05-05 18:46 27,048 ----a-w C:\windows\system32\drivers\mbamcatchme.sys
2008-05-05 18:46 15,864 ----a-w C:\windows\system32\drivers\mbam.sys
2008-05-03 11:55 --------- d-----w C:\Program Files\Torrent Harvester
2008-05-02 04:53 --------- d-----w C:\Program Files\Foxit Software
2008-05-01 07:54 --------- d-----w C:\Program Files\xp-AntiSpy
2008-04-30 14:38 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-30 04:44 --------- d-----w C:\Program Files\TuneUp Utilities 2006
2008-04-23 04:16 826,368 ----a-w C:\windows\system32\wininet.dll
2008-04-14 19:03 8,192 ----a-w C:\ntuser.dat
2008-03-31 21:25 682,496 ----a-w C:\windows\system32\divx.dll
2008-03-29 05:19 9,801,728 -c--a-w C:\windows\system32\atioglx2.dll
2008-03-29 04:40 167,936 ----a-w C:\windows\system32\atiok3x2.dll
2008-03-29 04:05 372,736 -c--a-w C:\windows\system32\ATIDEMGX.dll
2008-03-29 04:04 299,008 ----a-w C:\windows\system32\ati2dvag.dll
2008-03-29 03:56 172,032 ----a-w C:\windows\system32\atipdlxx.dll
2008-03-29 03:56 126,976 -c--a-w C:\windows\system32\Oemdspif.dll
2008-03-29 03:55 43,520 ----a-w C:\windows\system32\ati2edxx.dll
2008-03-29 03:55 26,112 -c--a-w C:\windows\system32\Ati2mdxx.exe
2008-03-29 03:55 126,976 ----a-w C:\windows\system32\ati2evxx.dll
2008-03-29 03:54 536,576 ----a-w C:\windows\system32\ati2evxx.exe
2008-03-29 03:52 53,248 -c--a-w C:\windows\system32\ATIDDC.DLL
2008-03-29 03:43 3,176,480 ----a-w C:\windows\system32\ati3duag.dll
2008-03-29 03:39 307,200 -c--a-w C:\windows\system32\atiiiexx.dll
2008-03-29 03:36 1,765,120 ----a-w C:\windows\system32\ativvaxx.dll
2008-03-29 03:24 46,080 -c--a-w C:\windows\system32\amdpcom32.dll
2008-03-29 03:23 5,439,488 -c--a-w C:\windows\system32\atioglxx.dll
2008-03-29 03:21 393,216 ----a-w C:\windows\system32\atikvmag.dll
2008-03-29 03:19 17,408 -c--a-w C:\windows\system32\atitvo32.dll
2008-03-29 03:12 520,192 ----a-w C:\windows\system32\ati2cqag.dll
2008-03-28 19:05 593,920 ----a-w C:\windows\system32\ati2sgag.exe
2008-03-28 17:41 7,680 ----a-w C:\windows\system32\ff_vfw.dll
2008-01-21 08:34 131,584 -c--a-w C:\Documents and Settings\pistabaci\ClamAVServer.dll
2007-12-05 07:46 320,000 -c--a-w C:\Documents and Settings\pistabaci\Sp_clamsrv.exe
2007-08-27 13:13 5,848 -c--a-w C:\Documents and Settings\pistabaci\xClamAVServerSources.zip
2007-08-21 20:01 638,976 -c--a-w C:\Documents and Settings\pistabaci\libclamav.dll
2007-05-03 01:03 30,208 -c--a-w C:\Documents and Settings\pistabaci\pthreadVC2.dll
2006-10-25 04:17 417,792 -c--a-w C:\Documents and Settings\pistabaci\clamav.dll
2005-09-23 04:56 479,232 -c--a-w C:\Documents and Settings\pistabaci\msvcm80.dll
2005-09-22 21:05 626,688 -c--a-w C:\Documents and Settings\pistabaci\msvcr80.dll
2005-09-22 21:05 548,864 -c--a-w C:\Documents and Settings\pistabaci\msvcp80.dll
2005-01-28 14:15 73,728 -csha-w C:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
2004-08-17 13:49 60,416 -csha-w C:\windows\ServicePackFiles\i386\msimn.exe
2006-05-03 09:06 163,328 -csha-r C:\windows\system32\flvDX.dll
2007-12-23 15:57 848 -csha-w C:\windows\system32\KGyGaAvL.sys
2007-02-21 10:47 31,232 -csha-r C:\windows\system32\msfDX.dll
2008-03-15 15:58 32,768 -csha-w C:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008031520080316\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2008-03-20 00:36 1267040 --a--c--- C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-03-20 00:36 1267040]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2004-08-17 15:49 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CHotkey"="mHotkey.exe" [2002-07-05 17:37 491008 C:\WINDOWS\mHotkey.exe]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-03-25 11:39 917504]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-06-23 20:53 1817600]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"= 0 (0x0)
"NoViewOnDrive"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 14:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"vidc.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SharedAccess"=2 (0x2)
"O&O Defrag"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"<NO NAME>"=C:\Program Files\NetLimiter 2 Pro\nlsvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\JustVoip.com\\JustVoip\\JustVoip.exe"=
"C:\\Program Files\\IEPro\\MiniDM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"C:\\Program Files\\MGrab\\MGrab.exe"=
"C:\\Documents and Settings\\pistabaci\\Plocha\\DCC-Sony\\DCC.exe"=
"C:\\Documents and Settings\\pistabaci\\Plocha\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
"9999:TCP"= 9999:TCP:Strong DC++

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 TfFsMon;TfFsMon;C:\windows\system32\drivers\TfFsMon.sys [2008-04-25 00:52]
R0 TfSysMon;TfSysMon;C:\windows\system32\drivers\TfSysMon.sys [2008-04-25 00:52]
R1 fwdrv;Firewall Driver;C:\windows\system32\drivers\fwdrv.sys [2007-04-26 10:21]
R1 khips;Kerio HIPS Driver;C:\windows\system32\drivers\khips.sys [2007-04-26 10:21]
R1 nltdi;nltdi;C:\windows\system32\drivers\nltdi.sys [2007-04-23 13:03]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\windows\system32\drivers\sp_rsdrv2.sys [2008-06-23 20:53]
R2 GDTdiInterceptor;GDTdiInterceptor;C:\WINDOWS\system32\drivers\GDTdiIcpt.sys [2007-02-20 21:54]
R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21]
R2 ThreatFire;ThreatFire;C:\Program Files\ThreatFire\TFService.exe service []
R3 PSched;Plánovač paketů technologie QoS;C:\windows\system32\DRIVERS\psched.sys [2004-08-03 23:04]
R3 TfNetMon;TfNetMon;C:\windows\system32\drivers\TfNetMon.sys [2008-04-25 00:52]
S3 Avgfwdx;Avgfwdx;C:\windows\system32\DRIVERS\avgfwdx.sys [2008-03-24 22:39]
S3 Avgfwfd;AVG network filter service;C:\windows\system32\DRIVERS\avgfwdx.sys [2008-03-24 22:39]
S3 kvpndev;Kerio VPN adapter;C:\windows\system32\DRIVERS\kvpndrv.sys [2008-01-16 09:58]
S3 NPF;NetGroup Packet Filter Driver;C:\windows\system32\drivers\npf.sys [2007-11-06 22:22]
S3 PLFF;USB Flash Disk Driver;C:\windows\system32\Drivers\PLFF.sys [2003-10-06 11:29]
S3 tap0901_2gm;VPN Anonymizer Adapter;C:\windows\system32\DRIVERS\tap0901_2gm.sys [2007-06-21 16:21]
S3 TVICHW32;TVICHW32;C:\windows\system32\DRIVERS\TVICHW32.SYS [2007-01-18 14:38]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB;C:\windows\system32\DRIVERS\usbccgp.sys [2004-08-03 23:08]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\windows\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

.
Contents of the 'Scheduled Tasks' folder
"2008-06-27 15:22:34 C:\windows\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
"2008-06-28 14:30:25 C:\windows\Tasks\Advanced WindowsCare V2 Pro.job"
- C:\Program Files\IObit\Advanced WindowsCare V2 Pro\AutoCare.exe
"2008-06-28 18:00:20 C:\windows\Tasks\AwcProUpdate.job"
- C:\Program Files\IObit\Advanced WindowsCare V2 Pro\AutoUpdate.ex
- C:\Program Files\IObit\Advanced WindowsCare V2 Pro
"2008-06-28 18:56:09 C:\windows\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-06-28 19:36:05 C:\windows\Tasks\EasyShare Registration RunOnce Task.job"
- C:\windows\system32\rundll32.exesC:\DOCUME~1\ALLUSE~1\DATAAP~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.5.30.2.sxt _RegistrationOfferSilence@16
"2008-06-28 19:36:09 C:\windows\Tasks\GlaryInitialize.job"
- C:\Program Files\Glary Utilities\initialize.exe
"2008-06-15 11:28:07 C:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-04-06 07:37:23 C:\windows\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-04-06 11:16:04 C:\windows\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
"2008-06-28 07:32:00 C:\windows\Tasks\Úklid 1 kliknutím.job"

Re: Trojan ktorý napadol Windows - ako ho zničiť ?

Napsal: 28 čer 2008 23:11
od zlobyl
Použij v ComboFixu script:

Zkopíruj si následující text do poznámkového bloku (Start-Spustit-Notepad) a ulož ho na Plochu jako CFScript.txt.
(nepoužívej funkci Vybrat vše!)

Kód: Vybrat vše

File::
C:\WINDOWS\ativpsrm.bin
C:\WINDOWS\QTFont.qfn
C:\WINDOWS\QTFont.for
C:\Documents and Settings\pistabaci\pthreadVC2.dll
C:\Documents and Settings\pistabaci\msvcm80.dll
C:\Documents and Settings\pistabaci\msvcr80.dll
C:\Documents and Settings\pistabaci\msvcp80.dll
C:\WINDOWS\system32\KGyGaAvL.sys

Folder::
C:\WINDOWS\zeta.exe


Pak tento soubor přetáhni na ikonu ComboFixu a pusť.(předpokládám, že máš ComboFix také na ploše)

Obrázek

Pak sem dej log, který ti z něj vyleze.

Re: Trojan ktorý napadol Windows - ako ho zničiť ?

Napsal: 29 čer 2008 08:40
od pistabaci
Dávam log z ComboFix-u , ale myslím si že nenašiel nič. Zaujímavá bude asi stránka http://www.removeadware.com.au/articles ... gieantivir ,ale zase neviem anglicky, nepozrieš sa na ňu ?

Ďakujem.

ComboFix 08-06-20.4 - pistabaci 2008-06-29 8:21:22.3 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.213 [GMT 2:00]
Running from: C:\Documents and Settings\pistabaci\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\pistabaci\Plocha\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\pistabaci\msvcm80.dll
C:\Documents and Settings\pistabaci\msvcp80.dll
C:\Documents and Settings\pistabaci\msvcr80.dll
C:\Documents and Settings\pistabaci\pthreadVC2.dll
C:\WINDOWS\ativpsrm.bin
C:\WINDOWS\QTFont.for
C:\WINDOWS\QTFont.qfn
C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\pistabaci\msvcm80.dll
C:\Documents and Settings\pistabaci\msvcp80.dll
C:\Documents and Settings\pistabaci\msvcr80.dll
C:\Documents and Settings\pistabaci\pthreadVC2.dll
C:\Program Files\180search assistant\
C:\Program Files\180searchassistant\
C:\Program Files\2search\
C:\Program Files\Accoona\
C:\Program Files\AVSystemCare\
C:\Program Files\bravesentry\
C:\Program Files\ClientMan\
C:\Program Files\CSBB\
C:\Program Files\DriveCleaner Free\
C:\Program Files\e2g\
C:\Program Files\HbTools\
C:\Program Files\Hotbar\
C:\Program Files\IEToolbar\
C:\Program Files\install provider\
C:\Program Files\instant access\
C:\Program Files\Instant Buzz\
C:\Program Files\ipwindows\
C:\Program Files\kuaiso toolsbar\
C:\Program Files\media-codec\
C:\Program Files\mmediacodec\
C:\Program Files\MyWebSearch\
C:\Program Files\newdotnet\
C:\Program Files\p4p\
C:\Program Files\PerfectCleaner\
C:\Program Files\PestTrap\
C:\Program Files\purityscan\
C:\Program Files\regifast\
C:\Program Files\seekmo\
C:\Program Files\SideFind\
C:\Program Files\spamblockerutility\
C:\Program Files\spysheriff\
C:\Program Files\Spytech Software\
C:\Program Files\starware\
C:\Program Files\stc\
C:\Program Files\SurfAccuracy\
C:\Program Files\surfsidekick 3\
C:\Program Files\toolbar888\
C:\Program Files\web buying\
C:\Program Files\webhancer\
C:\Program Files\WhenUSearch\
C:\Program Files\zango\
C:\WINDOWS\ativpsrm.bin
C:\windows\mc\
C:\windows\mslagent\
C:\WINDOWS\QTFont.for
C:\WINDOWS\QTFont.qfn
C:\WINDOWS\system32\KGyGaAvL.sys
C:\windows\wincomp\
C:\windows\winmgts\
C:\windows\wintrim\
C:\WINDOWS\zeta.exe
C:\WINDOWS\zeta.exe\Readme.txt
.
---- Previous Run -------
.
C:\Program Files\180search assistant\
C:\Program Files\180searchassistant\
C:\Program Files\2search\
C:\Program Files\Accoona\
C:\Program Files\AVSystemCare\
C:\Program Files\bravesentry\
C:\Program Files\ClientMan\
C:\Program Files\CSBB\
C:\Program Files\DriveCleaner Free\
C:\Program Files\e2g\
C:\Program Files\HbTools\
C:\Program Files\Hotbar\
C:\Program Files\IEToolbar\
C:\Program Files\install provider\
C:\Program Files\instant access\
C:\Program Files\Instant Buzz\
C:\Program Files\ipwindows\
C:\Program Files\kuaiso toolsbar\
C:\Program Files\media-codec\
C:\Program Files\mmediacodec\
C:\Program Files\MyWebSearch\
C:\Program Files\newdotnet\
C:\Program Files\p4p\
C:\Program Files\PerfectCleaner\
C:\Program Files\PestTrap\
C:\Program Files\purityscan\
C:\Program Files\regifast\
C:\Program Files\seekmo\
C:\Program Files\SideFind\
C:\Program Files\spamblockerutility\
C:\Program Files\spysheriff\
C:\Program Files\Spytech Software\
C:\Program Files\starware\
C:\Program Files\stc\
C:\Program Files\SurfAccuracy\
C:\Program Files\surfsidekick 3\
C:\Program Files\toolbar888\
C:\Program Files\web buying\
C:\Program Files\webhancer\
C:\Program Files\WhenUSearch\
C:\Program Files\zango\
C:\windows\mc\
C:\windows\mslagent\
C:\windows\msvrc20.dll
C:\windows\regedit.com
C:\windows\system32\taskmgr.com
C:\windows\wincomp\
C:\windows\winmgts\
C:\windows\wintrim\

.
((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-29 )))))))))))))))))))))))))))))))
.

2019-11-26 14:11 . 2008-01-10 21:38 12 --a------ C:\WINDOWS\system32\mapisvc.inf
2008-06-28 23:42 . 2008-06-28 23:51 <DIR> d-------- C:\Program Files\XoftSpySE
2008-06-28 22:36 . 2008-06-28 22:36 26,624 --a------ C:\WINDOWS\system32\xmlwin.dll
2008-06-28 22:19 . 2008-06-28 22:36 <DIR> d-------- C:\Program Files\IObit
2008-06-28 22:18 . 2008-06-28 22:18 26,624 --a------ C:\WINDOWS\system32\oggsys.dll
2008-06-28 17:25 . 2008-06-28 17:25 26 --a------ C:\WINDOWS\Lic.xxx
2008-06-28 17:02 . 2004-08-17 15:49 147,968 --a------ C:\WINDOWS\R.COM
2008-06-28 17:02 . 2007-05-11 16:27 137,216 --a------ C:\WINDOWS\system32\T.COM
2008-06-27 19:00 . 2008-06-28 23:10 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-06-27 06:28 . 2008-06-27 06:28 <DIR> d-------- C:\Program Files\filehippo.com
2008-06-23 20:53 . 2008-06-28 22:34 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-06-23 20:53 . 2008-06-23 20:53 141,312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-06-22 12:05 . 2008-06-22 12:05 <DIR> d-------- C:\WINDOWS\PC Digital Safe
2008-06-22 10:30 . 2008-06-22 10:30 <DIR> dr------- C:\Documents and Settings\Administrator\Dokumenty
2008-06-22 04:28 . 2008-06-22 06:24 <DIR> d-------- C:\Documents and Settings\Administrator\DoctorWeb
2008-06-21 06:09 . 2008-06-23 23:13 <DIR> d-------- C:\Documents and Settings\pistabaci\DoctorWeb
2008-06-20 23:20 . 2008-06-28 14:40 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2008-06-18 23:43 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-06-18 23:43 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-06-18 23:43 . 2008-06-28 07:17 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-06-18 23:43 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-06-18 09:08 . 2008-06-18 09:08 <DIR> dr-hs---- C:\WINDOWS\xpupdate.exe
2008-06-18 06:27 . 2008-06-18 06:45 <DIR> d-------- C:\Program Files\Rapidown
2008-06-17 10:13 . 2008-06-17 10:13 <DIR> d-------- C:\Program Files\SHOUTcast Source
2008-06-17 10:12 . 2008-06-17 10:20 <DIR> d-------- C:\Program Files\Zoom Player
2008-06-16 18:08 . 2008-06-16 18:08 0 --a------ C:\WINDOWS\system32\atiicdxx.dat
2008-06-16 07:28 . 2008-06-16 07:28 <DIR> d-------- C:\Program Files\GRETECH
2008-06-14 19:57 . 2008-06-14 19:57 2,560 --a------ C:\WINDOWS\system32\settings.aaw
2008-06-14 19:57 . 2008-06-14 19:57 704 --a------ C:\WINDOWS\system32\history.aaw
2008-06-14 17:19 . 2008-06-14 20:01 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-11 09:11 . 2008-06-14 19:23 <DIR> d-------- C:\Program Files\abcAVI
2008-06-09 20:46 . 2008-06-16 12:50 <DIR> d-------- C:\WINDOWS\system32\drivers\umdf
2008-06-09 20:44 . 2008-06-09 20:44 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-06-08 10:44 . 2008-03-26 11:15 53,248 --a------ C:\WINDOWS\system32\CSVer.dll
2008-06-08 10:43 . 2008-06-08 10:43 <DIR> d-------- C:\Intel
2008-06-04 21:19 . 2008-06-08 06:33 526 --a------ C:\WINDOWS\ATICIM.INI
2008-06-04 20:00 . 2008-06-04 20:00 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-05-31 09:39 . 2008-05-31 09:39 <DIR> d-------- C:\Program Files\ATI Technologies

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-28 20:12 --------- d-----w C:\Program Files\Wise Registry Cleaner
2008-06-28 20:10 --------- d-----w C:\Program Files\WhatsRunning
2008-06-28 20:09 --------- d-----w C:\Program Files\ApexDC++
2008-06-27 18:18 --------- d-----w C:\Program Files\IEPro
2008-06-27 16:34 --------- d-----w C:\Program Files\Common Files\Download Manager
2008-06-27 03:30 --------- d-----w C:\Program Files\Microsoft Bootvis
2008-06-26 22:48 --------- d-----w C:\Program Files\FlashFXP
2008-06-26 22:26 --------- d-----w C:\Program Files\Desktop Maestro
2008-06-18 04:16 --------- d-----w C:\Program Files\Ant Movie Catalog
2008-06-17 16:09 --------- d-----w C:\Program Files\Revo Uninstaller
2008-06-16 11:18 --------- d-----w C:\Program Files\Privacy Guardian
2008-06-16 05:19 --------- d-----w C:\Program Files\Google
2008-06-14 18:00 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-14 17:05 --------- d-----w C:\Program Files\Opera
2008-06-10 04:12 --------- d-----w C:\Program Files\Easy Duplicate Finder
2008-06-04 19:54 --------- d-----w C:\Program Files\GoQ - NetRadio
2008-06-04 19:04 --------- d-----w C:\Program Files\IsoBuster
2008-06-04 06:59 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-05-31 07:40 --------- d-----w C:\Program Files\Unlocker
2008-05-31 07:40 --------- d-----w C:\Program Files\CCleaner
2008-05-27 16:14 --------- d-----w C:\Program Files\uTorrent
2008-05-26 16:42 --------- d-----w C:\Program Files\Realtek AC97
2008-05-24 19:02 --------- d-----w C:\Program Files\MGrab
2008-05-22 08:06 --------- d-----w C:\Program Files\SpeedFan
2008-05-22 08:01 --------- d-----w C:\Program Files\SpeedFan(2)
2008-05-20 09:20 --------- d-----w C:\Program Files\Lingea
2008-05-19 13:50 --------- d-----w C:\Program Files\Common Files\GTK
2008-05-16 14:34 --------- d-----w C:\Program Files\Glary Utilities
2008-05-15 04:51 --------- d-----w C:\Program Files\Malware Blocker
2008-05-14 08:18 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-05-12 13:31 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 5
2008-05-12 13:23 --------- d-----w C:\Program Files\Common Files\Moonlight
2008-05-12 12:16 --------- d-----w C:\Program Files\Common Files\DBOXII
2008-05-12 12:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-12 10:07 --------- d-----w C:\Program Files\Moonlight Cordless
2008-05-12 07:43 --------- d-----w C:\Program Files\VideoInspector
2008-05-08 12:28 202,752 ----a-w C:\windows\system32\drivers\rmcast.sys
2008-05-05 18:46 27,048 ----a-w C:\windows\system32\drivers\mbamcatchme.sys
2008-05-05 18:46 15,864 ----a-w C:\windows\system32\drivers\mbam.sys
2008-05-03 11:55 --------- d-----w C:\Program Files\Torrent Harvester
2008-05-02 04:53 --------- d-----w C:\Program Files\Foxit Software
2008-05-01 07:54 --------- d-----w C:\Program Files\xp-AntiSpy
2008-04-30 14:38 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-30 04:44 --------- d-----w C:\Program Files\TuneUp Utilities 2006
2008-04-23 04:16 826,368 ----a-w C:\windows\system32\wininet.dll
2008-03-31 21:25 682,496 ----a-w C:\windows\system32\divx.dll
2008-03-29 05:19 9,801,728 -c--a-w C:\windows\system32\atioglx2.dll
2008-03-29 04:40 167,936 ----a-w C:\windows\system32\atiok3x2.dll
2008-03-29 04:05 372,736 -c--a-w C:\windows\system32\ATIDEMGX.dll
2008-03-29 04:04 299,008 ----a-w C:\windows\system32\ati2dvag.dll
2008-03-29 03:56 172,032 ----a-w C:\windows\system32\atipdlxx.dll
2008-03-29 03:56 126,976 -c--a-w C:\windows\system32\Oemdspif.dll
2008-03-29 03:55 43,520 ----a-w C:\windows\system32\ati2edxx.dll
2008-03-29 03:55 26,112 -c--a-w C:\windows\system32\Ati2mdxx.exe
2008-03-29 03:55 126,976 ----a-w C:\windows\system32\ati2evxx.dll
2008-03-29 03:54 536,576 ----a-w C:\windows\system32\ati2evxx.exe
2008-03-29 03:52 53,248 -c--a-w C:\windows\system32\ATIDDC.DLL
2008-03-29 03:43 3,176,480 ----a-w C:\windows\system32\ati3duag.dll
2008-03-29 03:39 307,200 -c--a-w C:\windows\system32\atiiiexx.dll
2008-03-29 03:36 1,765,120 ----a-w C:\windows\system32\ativvaxx.dll
2008-03-29 03:24 46,080 -c--a-w C:\windows\system32\amdpcom32.dll
2008-03-29 03:23 5,439,488 -c--a-w C:\windows\system32\atioglxx.dll
2008-03-29 03:21 393,216 ----a-w C:\windows\system32\atikvmag.dll
2008-03-29 03:19 17,408 -c--a-w C:\windows\system32\atitvo32.dll
2008-03-29 03:12 520,192 ----a-w C:\windows\system32\ati2cqag.dll
2008-01-21 08:34 131,584 -c--a-w C:\Documents and Settings\pistabaci\ClamAVServer.dll
2007-12-05 07:46 320,000 -c--a-w C:\Documents and Settings\pistabaci\Sp_clamsrv.exe
2007-08-27 13:13 5,848 -c--a-w C:\Documents and Settings\pistabaci\xClamAVServerSources.zip
2007-08-21 20:01 638,976 -c--a-w C:\Documents and Settings\pistabaci\libclamav.dll
2006-10-25 04:17 417,792 -c--a-w C:\Documents and Settings\pistabaci\clamav.dll
2005-01-28 14:15 73,728 -csha-w C:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
2004-08-17 13:49 60,416 -csha-w C:\windows\ServicePackFiles\i386\msimn.exe
2006-05-03 09:06 163,328 -csha-r C:\windows\system32\flvDX.dll
2007-02-21 10:47 31,232 -csha-r C:\windows\system32\msfDX.dll
2008-03-15 15:58 32,768 -csha-w C:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008031520080316\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-06-29_ 8.12.07.25 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-29 06:09:17 2,048 --s-a-w C:\windows\bootstat.dat
+ 2008-06-29 06:32:10 2,048 --s-a-w C:\windows\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2008-03-20 00:36 1267040 --a--c--- C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8AE578E0-6DF5-41E0-869F-F65A32D2F6BD}]
2008-06-28 22:36 26624 --a------ C:\windows\system32\xmlwin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-03-20 00:36 1267040]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2004-08-17 15:49 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CHotkey"="mHotkey.exe" [2002-07-05 17:37 491008 C:\WINDOWS\mHotkey.exe]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-03-25 11:39 917504]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-06-23 20:53 1817600]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"= 0 (0x0)
"NoViewOnDrive"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 14:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"vidc.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SharedAccess"=2 (0x2)
"O&O Defrag"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"<NO NAME>"=C:\Program Files\NetLimiter 2 Pro\nlsvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\JustVoip.com\\JustVoip\\JustVoip.exe"=
"C:\\Program Files\\IEPro\\MiniDM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"C:\\Program Files\\MGrab\\MGrab.exe"=
"C:\\Documents and Settings\\pistabaci\\Plocha\\DCC-Sony\\DCC.exe"=
"C:\\Documents and Settings\\pistabaci\\Plocha\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
"9999:TCP"= 9999:TCP:Strong DC++

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 fwdrv;Firewall Driver;C:\windows\system32\drivers\fwdrv.sys [2007-04-26 10:21]
R1 khips;Kerio HIPS Driver;C:\windows\system32\drivers\khips.sys [2007-04-26 10:21]
R1 nltdi;nltdi;C:\windows\system32\drivers\nltdi.sys [2007-04-23 13:03]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\windows\system32\drivers\sp_rsdrv2.sys [2008-06-23 20:53]
R2 GDTdiInterceptor;GDTdiInterceptor;C:\WINDOWS\system32\drivers\GDTdiIcpt.sys [2007-02-20 21:54]
R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21]
R3 PSched;Plánovač paketů technologie QoS;C:\windows\system32\DRIVERS\psched.sys [2004-08-03 23:04]
S3 Avgfwdx;Avgfwdx;C:\windows\system32\DRIVERS\avgfwdx.sys [2008-03-24 22:39]
S3 Avgfwfd;AVG network filter service;C:\windows\system32\DRIVERS\avgfwdx.sys [2008-03-24 22:39]
S3 kvpndev;Kerio VPN adapter;C:\windows\system32\DRIVERS\kvpndrv.sys [2008-01-16 09:58]
S3 NPF;NetGroup Packet Filter Driver;C:\windows\system32\drivers\npf.sys [2007-11-06 22:22]
S3 PLFF;USB Flash Disk Driver;C:\windows\system32\Drivers\PLFF.sys [2003-10-06 11:29]
S3 tap0901_2gm;VPN Anonymizer Adapter;C:\windows\system32\DRIVERS\tap0901_2gm.sys [2007-06-21 16:21]
S3 TVICHW32;TVICHW32;C:\windows\system32\DRIVERS\TVICHW32.SYS [2007-01-18 14:38]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB;C:\windows\system32\DRIVERS\usbccgp.sys [2004-08-03 23:08]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\windows\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

.
Contents of the 'Scheduled Tasks' folder
"2008-06-27 15:22:34 C:\windows\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
"2008-06-28 20:36:53 C:\windows\Tasks\Advanced WindowsCare V2 Pro.job"
- C:\Program Files\IObit\Advanced WindowsCare V2 Pro\AutoCare.exe
"2008-06-28 20:36:53 C:\windows\Tasks\AwcProUpdate.job"
- C:\Program Files\IObit\Advanced WindowsCare V2 Pro\AutoUpdate.ex
- C:\Program Files\IObit\Advanced WindowsCare V2 Pro
"2008-06-29 05:56:06 C:\windows\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-06-29 06:32:22 C:\windows\Tasks\EasyShare Registration RunOnce Task.job"
- C:\windows\system32\rundll32.exesC:\DOCUME~1\ALLUSE~1\DATAAP~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.5.30.2.sxt _RegistrationOfferSilence@16
"2008-06-29 06:32:23 C:\windows\Tasks\GlaryInitialize.job"
- C:\Program Files\Glary Utilities\initialize.exe
"2008-06-15 11:28:07 C:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-04-06 07:37:23 C:\windows\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-04-06 11:16:04 C:\windows\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
"2008-06-29 06:32:22 C:\windows\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-06-28 21:43:10 C:\windows\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-06-28 07:32:00 C:\windows\Tasks\Úklid 1 kliknutím.job"

Re: Trojan ktorý napadol Windows - ako ho zničiť ?

Napsal: 29 čer 2008 12:19
od pistabaci
Myslím si , že sme trafili klinec po hlavičke
http://www.malwareteks.com/FixIEDef.php
Aj http://www.superantispyware.com/ našiel a zlikvidoval cca 100 svinstiev.

yaJohny a ostatní z PC Fórum super ďakujem.

:D

Potvrdené systém ide bez problémov a fungujú všetky programy.
Dva dni hororu skončili.
Hurá.

:banana: :banana: :banana:

Re: Trojan ktorý napadol Windows - ako ho zničiť ?

Napsal: 29 čer 2008 23:39
od zlobyl
Tak pokud to jde, tak budu jedině rád. :P

Můžeš odinstalovat ComboFix:

Start-Spustit a zadej ComboFix[mezera]/u

Re: Trojan ktorý napadol Windows - ako ho zničiť ?

Napsal: 30 čer 2008 18:48
od Kastelán
[quote="pistabaci"]Tu je HijackThis :

Podle analýzy je špatné tohle:
Visitor's assessment Analyzerdetails
E:\INSTALACKY\PicPick\picpick.exe

Druh


Nasty (2.91 / 5.00)

Re: Trojan ktorý napadol Windows - ako ho zničiť ?

Napsal: 01 črc 2008 14:46
od zlobyl
To Kastelán:

Toto je už vyřešené téma!
Založ si laskavě svoje vlastní téma a rozhodně popis svého problému upřesni, aby dával smysl!!
Časové pásmo: UTC+02:00
Stránka 1 z 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/