Logfile of HijackThis v1.99.1
Scan saved at 15:57: VIRUS ALERT!, on 10.9.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\1XConfig.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Documents and Settings\Andy\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\QIP Infium\infium.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Altap Salamander 2.5\SALAMAND.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Andy\Plocha\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://google.icq.com/search/search_frame.phpR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://google.icq.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: fqbewlna - {9F342F63-3E27-4BB6-8A01-D7C2C6FEB055} - C:\WINDOWS\fqbewlna.dll
O4 - HKLM
\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ZCfgSvc.exe] C:\WINDOWS\system32\ZCfgSvc.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [7cceb3f5] rundll32.exe "C:\WINDOWS\system32\npbsemkj.dll",b
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Andy\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: mgxfebsq - {281F19D7-F39C-4D4B-9339-B206E1BAAE28} - C:\WINDOWS\mgxfebsq.dll
O21 - SSODL: dtseqrxk - {F74CC9EA-F18D-4CEF-9654-E18279DDCF50} - C:\WINDOWS\dtseqrxk.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobil
e Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Unknown owner - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe (file missing)
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
ComboFix 08-09-05.14 - Andy 2008-09-10 16:53:29.2 - NTFSx86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.382 [GMT 2:00]
Spusteny z: C:\Documents and Settings\Andy\Plocha\ComboFix.exe
VAROVANI - NA TOMTO POCITACI NENI NAINSTALOVANA KONZOLA PRO ZOTAVENI !!.
((((((((((((((((((((((((((((((((((((((( Ostatni vymazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Andy\Oblíbené položky\Error Cleaner.url
C:\Documents and Settings\Andy\Oblíbené položky\Privacy Protector.url
C:\Documents and Settings\Andy\Oblíbené položky\Spyware&Malware Protection.url
C:\Documents and Settings\Andy\Plocha\Error Cleaner.url
C:\Documents and Settings\Andy\Plocha\Privacy Protector.url
C:\Documents and Settings\Andy\Plocha\Spyware&Malware Protection.url
C:\Program Files\PCHealthCenter
.
---- Previous Run -------
.
C:\Documents and Settings\Andy\Dokumenty\DOBE~1
C:\Documents and Settings\Andy\Oblíbené položky\Error Cleaner.url
C:\Documents and Settings\Andy\Oblíbené položky\Privacy Protector.url
C:\Documents and Settings\Andy\Oblíbené položky\Spyware&Malware Protection.url
C:\Documents and Settings\Andy\Plocha\Error Cleaner.url
C:\Documents and Settings\Andy\Plocha\Privacy Protector.url
C:\Documents and Settings\Andy\Plocha\Spyware&Malware Protection.url
C:\Program Files\JavaCore
C:\Program Files\JavaCore\UnInstall.exe
C:\Program Files\NoDNS
C:\Program Files\NoDNS\UnInstall.exe
C:\Program Files\nvcoi
C:\Program Files\nvcoi\mst.stt
C:\Program Files\PCHealthCenter\
0.exe
C:\Program Files\PCHealthCenter\
0.gif
C:\Program Files\PCHealthCenter\1.exe
C:\Program Files\PCHealthCenter\1.gif
C:\Program Files\PCHealthCenter\1.ico
C:\Program Files\PCHealthCenter\2.exe
C:\Program Files\PCHealthCenter\2.gif
C:\Program Files\PCHealthCenter\2.ico
C:\Program Files\PCHealthCenter\3.exe
C:\Program Files\PCHealthCenter\3.gif
C:\Program Files\PCHealthCenter\4.exe
C:\Program Files\PCHealthCenter\5.exe
C:\Program Files\PCHealthCenter\7.exe
C:\Program Files\PCHealthCenter\sc.html
C:\Program Files\Temporary
C:\WINDOWS\erkn.exe
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\system32\jkmesbpn.ini
C:\WINDOWS\system32\mlJYrspq.dll
C:\WINDOWS\system32\npbsemkj.dll
C:\WINDOWS\system32\qoMcdDUM.dll
C:\WINDOWS\system32\smante~1
C:\WINDOWS\system32\smante~1\S?mantec\
C:\WINDOWS\system32\tdssadw.dll
C:\WINDOWS\system32\tdssinit.dll
C:\WINDOWS\system32\tdssl.dll
C:\WINDOWS\system32\tdsslog.dll
C:\WINDOWS\system32\tdssmain.dll
C:\WINDOWS\system32\tdssservers.dat
C:\WINDOWS\system32\tEfilUvw.ini
C:\WINDOWS\system32\tEfilUvw.ini2
.
((((((((((((((((((((((((( Soubory vytvorene od 2008-08-10 do 2008-09-10 )))))))))))))))))))))))))))))))
.
200
8-09-10 16:48 . 2008-09-10 16:48 <DIR> d-------- C:\Documents and Settings\Administrator
2008-09-10 16:14 . 2008-09-10 16:52 <DIR> d-------- C:\327882R2FWJFW
2008-09-10 14:16 . 2008-09-10 14:16 322,048 --a------ C:\WINDOWS\system32\wvUlifEt.dll
2008-09-10 14:11 . 2008-09-10 14:11 88,878 --a------ C:\WINDOWS\system32\casino3.ico
2008-09-10 14:11 . 2008-09-10 14:11 88,878 --a------ C:\WINDOWS\system32\casino2.ico
2008-09-10 14:11 . 2008-09-10 14:11 88,878 --a------ C:\WINDOWS\system32\casino1.ico
2008-09-10 14:11 . 2008-09-10 14:11 14,848 --a------ C:\WINDOWS\system32\tdsspopup.dll
2008-09-10 14:11 . 2008-09-10 14:11 120 --a------ C:\WINDOWS\system32\tdsspopup3.url
2008-09-10 14:11 . 2008-09-10 14:11 120 --a------ C:\WINDOWS\system32\tdsspopup2.url
2008-09-10 14:11 . 2008-09-10 14:11 120 --a------ C:\WINDOWS\system32\tdsspopup1.url
2008-09-10 14:08 . 2008-09-10 09:20 335,872 --a------ C:\WINDOWS\dtseqrxk.dll
2008-09-10 14:08 . 2008-09-10 09:21 135,168 --a------ C:\WINDOWS\mqgldfvo.exe
2008-09-10 14:07 . 2008-09-10 09:20 364,544 --a------ C:\WINDOWS\vmgspntbter.dll
2008-09-10 14:07 . 2008-09-10 09:20 229,376 --a------ C:\WINDOWS\mgxfebsq.dll
2008-09-10 14:07 . 2008-09-10 09:20 192,512 --a------ C:\WINDOWS\fqbewlna.dll
2008-08-31 17:52 . 2008-08-31 17:52 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-08-29 10:07 . 2008-08-29 10:07 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-08-29 10:07 . 2008-08-29 10:07 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\FLEXnet
2008-08-28 19:41 . 2008-09-02 20:56 <DIR> d-------- C:\Documents and Settings\Andy\Data aplikací\OpenOffice.org2
2008-08-28 19:19 . 2008-08-29 22:03 <DIR> d-------- C:\Program Files\OpenOffice.org 2.4
2008-08-28 13:11 . 2008-08-28 13:11 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Yahoo! Companion
2008-08-27 08:35 . 2008-08-27 08:35 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-08-27 08:34 . 2008-08-27 08:34 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-08-10 12:53 . 2008-08-10 12:53 <DIR> d-------- C:\Program Files\CCleaner
.
(((((((((((((((((((((((((((((((((((((((( Find3M vypis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-10 12:40 --------- d-----w C:\Documents and Settings\Andy\Data aplikací\uTorrent
2008-09-10 12:09 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\avg8
2008-09-03 20:46 --------- d-----w C:\Program Files\uTorrent
2008-08-31 07:46 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-29 08:07 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-27 06:36 --------- d-----w C:\Documents and Settings\Andy\Data aplikací\Skype
2008-08-2
7 06:35 --------- d-----w C:\Documents and Settings\Andy\Data aplikací\skypePM
2008-08-21 06:07 --------- d-----w C:\Program Files\QIP Infium
2008-08-11 16:55 713,728 ----a-w C:\WINDOWS\system32\opengl32.dll.tmp
2008-08-10 11:02 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2008-08-10 10:53 --------- d-----w C:\Program Files\Yahoo!
2008-08-08 19:21 --------- d-----w C:\Program Files\Kantaris
2008-08-08 19:15 --------- d-----w C:\Documents and Settings\Andy\Data aplikací\kantaris
2008-08-08 18:38 --------- d-----w C:\Documents and Settings\Andy\Data aplikací\kiwi.software.NET
2008-08-08 18:29 --------- d-----w C:\Program Files\kiwi.software.NET
2008-08-03 16:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-28 16:40 --------- d-----w C:\Program Files\Common Files\Canon
2008-07-21 07:40 --------- d-----w C:\Program Files\Java
2008-07-20 14:36 --------- d-----w C:\Program Files\Flock
2008-07-20 14:36 --------- d-----w C:\Documents and Settings\Andy\Data aplikací\Flock
2008-07-20 11:47 --------- d-----w C:\Program Files\Lavasoft
2008-07-20 11:47 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-20 11:46 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2008-07-14 20:45 --------- d-----w C:\Program Files\iTunes
2008-07-14 20:45 --------- d-----w C:\Program Files\iPod
2008-07-08 23:16 995,328 ----a-w C:\WINDOWS\system32\W20MLRes.dll
2008-07-08 23:16 409,667 ----a-w C:\WINDOWS\system32\W20NCPA.dll
2008-07-04 08:01 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-02-21 10:54 32 ----a-w C:\Documents and Settings\All Users\Data aplikací\ezsid.dat
2008-02-05 10:19 1,217 ----a-w C:\Program Files\ZCUrootCA.cer
.
(((((((((((((((((((((((((((((((((( Spousteci body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznamka* prazdne zaznamy & legitimni vychozi udaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6AFB6F98-289C-442E-B577-5E5125C742E2}]
C:\WINDOWS\system32\mlJYrspq.dll [BU]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{72FFF2D8-3FB3-4DB5-8543-34A57F4F9898}]
2008-09-10 14:16 322048 --a------ C:\WINDOWS\system32\wvUlifEt.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F6EE5875-4854-4408-B12D-3290883D966E}]
2008-09-10 09:20 364544 --a------ C:\WINDOWS\vmgspntbter.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{9F342F63-3E27-4BB6-8A01-D7C2C6FEB055}"= "C:\WINDOWS\fqbewlna.dll" [2008-09-10 192512]
[HKEY_CLASSES_ROOT\clsid\{9f342f63-3e27-4bb6-8a01-d7c2c6feb055}]
[HKEY_CLASSES_ROOT\fqbewlna.1]
[HKEY_CLASSES_ROOT\TypeLib\{91DCF0F9-6943-48A2-9B54-30201F7253A0}]
[HKEY_CL
ASSES_ROOT\fqbewlna]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="C:\Documents and Settings\Andy\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2008-09-02 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2005-12-19 1347584]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"ZCfgSvc.exe"="C:\WINDOWS\system32\ZCfgSvc.exe" [2006-08-03 639040]
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [2005-07-07 135168]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-17 C:\WINDOWS\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 1294336]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{6AFB6F98-289C-442E-B577-5E5125C742E2}"= "C:\WINDOWS\system32\mlJYrspq.dll" [BU]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"mgxfebsq"= {281F19D7-F39C-4D4B-9339-B206E1BAAE28} - C:\WINDOWS\mgxfebsq.dll [2008-09-10 229376]
"dtseqrxk"= {F74CC9EA-F18D-4CEF-9654-E18279DDCF50} - C:\WINDOWS\dtseqrxk.dll [2008-09-10 335872]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2006-08-03 03:20 188482 C:\WINDOWS\system32\LgNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"VIDC.ACDV"= ACDV.dll
"vidc.vp31"= vp31vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage]
C:\Program Files\AdVantage\AdVantage.exe [BU]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage Setup]
C:\Program Files\DAEMON Tools Lite\AdVantageSetup.exe [BU]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-07-10 09:47 116040 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2005-11-10 22:05 344064 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
--a------ 2008-08-31 09:46 1235736 C:\PROGRA~1\AVG\AVG8\avgtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe [BU]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconf
ig\startupreg\DAEMON Tools Lite]
--a------ 2007-12-29 14:05 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
--------- 2006-10-12 15:57 102400 C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
--a------ 2008-06-18 23:00 3144800 C:\Program Files\ICQLite\ICQLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-10 10:51 289064 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
--a------ 2007-05-11 02:08 2512392 C:\WINDOWS\system32\oodtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2007-12-10 11:12 695808 C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [BU]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 21:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [BU]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\QIP Infium\\infium.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\games\\q3ademo\\quake3.exe"=
"C:\\Program Files\\ICQLite\\ICQLite.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
S1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-31 97928]
S1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2008-02-03 33824]
S2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-31 875288]
S2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-31 231704]
S2 AvgT
diX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-04 76040]
S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [ ]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [ ]
S3 OZSCR;O2Micro SmartCardBus Smartcard Reader;C:\WINDOWS\system32\DRIVERS\ozscr.sys [2005-04-21 92550]
S3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 69120]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000]
S3 usbscan;Ovladač skeneru USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c5db873-dfbe-11dc-a611-b14dbef7b86c}]
\Shell\AutoRun\command - F:\y82td3td.com
\Shell\explore\Command - F:\y82td3td.com
\Shell\open\Command - F:\y82td3td.com
.
Obsah adresare 'Naplanovane ulohy'
.
- - - - NEPLATNE POLOZKY ODSTRANENE Z REGISTRU - - - -
BHO-{4114BACC-5724-2B88-5410-5E00BCC7DDB9} - (no file)
HKLM-Run-7cceb3f5 - C:\WINDOWS\system32\npbsemkj.dll
.
------- Doplnkovy sken -------
.
FireFox -: Profile - C:\Documents and Settings\Andy\Data aplikací\Mozilla\Firefox\Profiles\5ln6zvm7.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - About:Blank
FF -: plugin - C:\Documents and Settings\Andy\Local Settings\Data aplikacĂ\Google\Update\1.2.131.11\npGoogleOneClick5.dll
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\npdivx32.dll
FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-09-10 16:55:57
Windows 5.1.2600 Service Pack 2 NTFS
skenovani skrytych procesu ...
skenovani skrytych polozek 'Po spusteni' ...
skenovani skrytych souboru ...
sken byl uspesne dokoncen
skryte soubory: 0
**************************************************************************
.
Celkovy cas: 2008-09-10 16:57:43
ComboFix-quarantined-files.txt 2008-09-10 14:57:07
Pre-Run: 4,462,936,064
Post-Run: 4,454,641,664
272
UFF...neslo to ani pres cd...nakonec jsem si to tam musel poslat pres icq...
slo to ztuha..