Prosím o kontrolu - vyskakuje Kerio pokus o průnik

hujirek · Příspěvekod **hujirek** » 21 čer 2008 14:23

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:11:21, on 21. 6. 2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Office 2007\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Eset\nod32krn.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: (no name) - {0541290B-954E-4B9E-B9D0-907944A5F690} - C:\WINDOWS\system32\rqRLdDUL.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {327EC098-37D1-45B3-97C4-CD20F0B52CFC} - C:\WINDOWS\system32\pmnoLcBU.dll
O4 - HKLM\..\Run: [Acronis True Image Monitor] "C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office 2007\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe"
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [3cf4a8ba] rundll32.exe "C:\WINDOWS\system32\gqfgfvdj.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net ... plugin.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: rqRLdDUL - C:\WINDOWS\SYSTEM32\rqRLdDUL.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver - Unknown owner - C:\WINDOWS\system32\HPHipm09.exe (file missing)

--
End of file - 8674 bytes

Reklama

bellatrix · Příspěvekod **bellatrix** » 21 čer 2008 14:26

1. Ukončite všetky aktívne okná (teda programy, ktoré ste mali spustené atď), deaktivujte rezidentný štít antispywaru (ak ho používate)
2. Stiahnite a uložte na plochu Combofix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
3. Aplikáciu pustite pod účtom administrátora (teda ak máte všetky práva, tak pod vašim účtom)
4. Po štarte programu sa objavia licenčné podmienky -> potvrďte ich kliknutím na ano/yes
5. Sken môže trvať až 10 minút (niekedy aj viac). Počas skenu nespúštajte žiadne iné aplikácie a takisto radšej nikde neklikajte.
6. Počítač môže byť po dokončení reštartovaný.
7. Po reštarte (alebo bez neho) combofix vytvorí log, uložený bude v C:/Combofix.txt -> jeho celý obsah sem vložte

+ hod screen z Keria o tom prieniku

hujirek · Příspěvekod **hujirek** » 21 čer 2008 14:53

ComboFix 08-06-20.4 - Pižla 2008-06-21 14:24:44.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.1542 [GMT 2:00]
Running from: C:\Documents and Settings\Pižla\Plocha\ComboFix.exe
* Created a new restore point
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Pižla\Data aplikací\inst.exe
C:\WINDOWS\system32\jdvfgfqg.ini
C:\WINDOWS\system32\pmnoLcBU.dll
C:\WINDOWS\system32\rqRLdDUL.dll
C:\WINDOWS\system32\UBcLonmp.ini
C:\WINDOWS\system32\UBcLonmp.ini2

.
((((((((((((((((((((((((( Files Created from 2008-05-21 to 2008-06-21 )))))))))))))))))))))))))))))))
.

2008-06-21 14:29 . 2008-06-21 14:29 39,795 --a------ C:\Documents and Settings\Picatchme.zip
2008-06-21 12:05 . 2008-06-21 12:05 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-21 11:27 . 2008-06-21 11:27 <DIR> d-------- C:\!KillBox
2008-06-21 09:37 . 2008-06-21 09:37 79,872 --a------ C:\WINDOWS\system32\gqfgfvdj.dll
2008-06-20 18:35 . 2008-06-20 18:35 <DIR> d-------- C:\Program Files\Rossmann Foto-Shop Client
2008-06-14 19:03 . 2008-06-14 19:03 <DIR> d-------- C:\Program Files\QuickTime
2008-06-14 18:52 . 2008-06-14 18:53 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-06-14 18:51 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2008-06-14 18:51 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2008-06-14 18:51 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2008-06-14 18:47 . 2008-06-14 18:47 <DIR> d-------- C:\Autodesk
2008-06-14 18:31 . 2008-06-14 18:51 <DIR> d-------- C:\Program Files\Autodesk
2008-06-12 00:02 . 2008-06-12 00:03 <DIR> d-------- C:\Program Files\ATI Technologies
2008-06-12 00:02 . 2008-06-12 00:02 <DIR> d-------- C:\ATI
2008-05-30 21:28 . 2004-07-09 05:26 83,968 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2008-05-30 21:28 . 2004-07-09 05:26 18,688 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2008-05-30 21:28 . 2004-07-09 05:26 16,384 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2008-05-30 21:28 . 2002-12-12 01:14 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2008-05-30 21:28 . 2008-05-30 21:30 156 --a------ C:\WINDOWS\Twunk001.MTX
2008-05-30 21:28 . 2008-05-30 21:30 4 --a------ C:\WINDOWS\Twain001.Mtx
2008-05-30 21:28 . 2008-05-30 21:28 0 --a------ C:\WINDOWS\Twunk002.MTX
2008-05-30 21:27 . 2005-11-23 13:55 53,248 --a------ C:\WINDOWS\system32\csnpstd3.dll
2008-05-30 21:23 . 2008-05-30 21:45 <DIR> d-------- C:\Program Files\V-Gear BEE
2008-05-30 21:23 . 2008-05-30 21:23 796,672 --a------ C:\WINDOWS\GPInstall.exe
2008-05-30 21:22 . 2008-05-30 21:22 <DIR> d-------- C:\Program Files\Common Files\snpstd3
2008-05-30 21:22 . 2006-04-12 12:11 147,456 --a------ C:\WINDOWS\system32\rsnpstd3.dll
2008-05-30 21:22 . 2004-08-09 17:43 94,208 --a------ C:\WINDOWS\amcap.exe
2008-05-30 21:22 . 2004-12-08 18:40 20,480 --a------ C:\WINDOWS\usnpstd3.exe
2008-05-27 21:47 . 2008-06-08 18:09 <DIR> d-------- C:\Program Files\IKEA HomePlanner
2008-05-27 21:45 . 2008-05-27 21:45 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-11 22:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-13 17:01 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-05-13 17:01 --------- d-----w C:\Program Files\DVDFab 5
2008-05-12 16:30 3,007,488 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-05-12 15:56 397,312 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-05-12 15:54 305,152 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-05-12 15:53 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-05-12 15:45 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-05-12 15:45 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-05-12 15:45 180,224 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-05-12 15:45 139,264 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-05-12 15:44 139,264 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-05-12 15:43 540,672 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-05-12 15:43 10,153,984 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-05-12 15:41 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-05-12 15:32 3,203,168 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-05-12 15:22 1,999,616 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-05-12 15:09 47,104 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-05-12 15:05 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-05-12 15:05 327,680 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-05-12 15:03 19,968 ----a-w C:\WINDOWS\system32\atiadlxx.dll
2008-05-12 15:03 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-05-12 15:02 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-05-12 15:02 241,664 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-05-12 14:57 548,864 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-05-12 08:49 593,920 ----a-w C:\WINDOWS\system32\ati2sgag.exe
2008-04-29 16:42 --------- d-----w C:\Program Files\Exifer
2008-04-29 16:36 30 ----a-w C:\Program Files\Exiferupdate.ini
2008-04-25 21:03 --------- d-----w C:\Program Files\DynamicPhotoHDR
2008-04-25 10:34 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2008-03-31 18:14 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-03-29 23:02 298,104 ----a-w C:\WINDOWS\system32\imon.dll
2004-03-11 12:27 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
2005-05-13 15:12 217,073 --sha-r C:\WINDOWS\meta4.exe
2005-10-24 09:13 66,560 --sha-r C:\WINDOWS\MOTA113.exe
2005-10-13 19:27 422,400 --sha-r C:\WINDOWS\x2.64.exe
2005-10-07 17:14 308,224 --sha-r C:\WINDOWS\system32\avisynth.dll
2005-07-14 10:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 13:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-21 20:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2004-01-24 22:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll
2006-04-27 08:24 2,945,024 --sha-r C:\WINDOWS\system32\Smab.dll
2005-02-28 11:16 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
2004-01-24 22:00 217,088 --sha-r C:\WINDOWS\system32\yv12vfw.dll
.

------- Sigcheck -------

2007-12-27 12:47 359040 1745b00fc1141404b28f4b94f69a8871 C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 14:49 15360]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 14:58 495616]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 03:23 443968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acronis True Image Monitor"="C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe" [2002-02-18 23:01 419416]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2002-02-18 23:01 69632]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 18:35 32768]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-03-30 01:02 949376]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-04 11:44 16120832 C:\WINDOWS\RTHDCPL.exe]
"OSSelectorReinstall"="C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2007-03-15 10:06 2225208]
"GrooveMonitor"="C:\Program Files\Microsoft Office 2007\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 11:06 77824]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 13:06 40048]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2006-01-13 08:46 196608]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe" [2007-12-04 02:07 61440]
"tsnpstd3"="C:\WINDOWS\tsnpstd3.exe" [ ]
"snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2005-09-05 15:55 339968]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-06-14 19:03 413696]
"3cf4a8ba"="C:\WINDOWS\system32\gqfgfvdj.dll" [2008-06-21 09:37 79872]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 14:49 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="regsvr32" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"VIDC.YV12"= yv12vfw.dll
"VIDC.ACDV"= ACDV.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office 2007\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office 2007\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office 2007\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Programy\\totalcmd\\TOTALCMD.EXE"=
"C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"C:\\Programy\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"C:\\Program Files\\Autodesk\\3ds Max 2009\\3dsmax.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12558:TCP"= 12558:TCP:BitComet 12558 TCP
"12558:UDP"= 12558:UDP:BitComet 12558 UDP

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2006-07-18 12:02]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2006-07-18 12:02]
R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;"C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe" [2008-03-10 00:04]
R2 PSI_SVC_2;Protexis Licensing V2;"c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe" [2007-07-24 11:15]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 22:04]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 22:08]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]
S3 Dot4Usb HPH09;Dot4Usb HPH09;C:\WINDOWS\system32\drivers\hphius09.sys []
S3 usbscan;Ovladač skeneru USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-21 14:35:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\RocketDock\RocketDock.dll
-> C:\WINDOWS\system32\gqfgfvdj.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Completion time: 2008-06-21 14:42:36 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-21 12:42:28

Adresářů: 14, Volných bajtů: 3,897,860,096
Adres ý…: 18, Volněch bajt…: 3,831,693,312

205

hujirek · Příspěvekod **hujirek** » 21 čer 2008 15:01

A Kerio - log od 12:42

[21/Jun/2008 13:42:24] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\rundll32.exe (code address: 0x7C801D77)
[21/Jun/2008 14:06:55] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:07:00] Last message repeated 4 times
[21/Jun/2008 14:07:01] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:07:57] Last message repeated 4 times
[21/Jun/2008 14:07:58] "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\WINDOWS\vsnpstd3.exe injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:08:03] Last message repeated 4 times
[21/Jun/2008 14:08:10] "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\WINDOWS\vsnpstd3.exe injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:08:12] "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\WINDOWS\system32\svchost.exe injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:08:15] "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\WINDOWS\system32\svchost.exe injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:08:15] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:08:21] Last message repeated 5 times
[21/Jun/2008 14:08:21] "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\WINDOWS\system32\svchost.exe injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:08:22] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:08:28] Last message repeated 4 times
[21/Jun/2008 14:08:28] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:08:33] Last message repeated 4 times
[21/Jun/2008 14:08:33] "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\WINDOWS\system32\Ati2evxx.exe injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:08:34] "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:08:35] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:08:41] Last message repeated 6 times
[21/Jun/2008 14:08:42] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:08:47] Last message repeated 5 times
[21/Jun/2008 14:08:47] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:08:53] Last message repeated 6 times
[21/Jun/2008 14:08:54] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:08:59] Last message repeated 5 times
[21/Jun/2008 14:08:59] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:09:05] Last message repeated 6 times
[21/Jun/2008 14:09:06] "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\WINDOWS\vsnpstd3.exe injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:09:11] Last message repeated 5 times
[21/Jun/2008 14:09:11] "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\WINDOWS\vsnpstd3.exe injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:09:17] Last message repeated 6 times
[21/Jun/2008 14:09:18] "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\WINDOWS\vsnpstd3.exe injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:09:19] "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\WINDOWS\vsnpstd3.exe injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:09:19] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:09:25] Last message repeated 5 times
[21/Jun/2008 14:09:25] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:09:31] Last message repeated 5 times
[21/Jun/2008 14:09:31] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:09:37] Last message repeated 6 times
[21/Jun/2008 14:09:37] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:09:43] Last message repeated 5 times
[21/Jun/2008 14:09:43] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:09:49] Last message repeated 6 times
[21/Jun/2008 14:09:49] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:09:55] Last message repeated 5 times
[21/Jun/2008 14:09:55] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:10:01] Last message repeated 6 times
[21/Jun/2008 14:10:01] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:10:07] Last message repeated 5 times
[21/Jun/2008 14:10:07] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:10:13] Last message repeated 6 times
[21/Jun/2008 14:10:13] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:10:18] Last message repeated 4 times
[21/Jun/2008 14:10:18] "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\WINDOWS\vsnpstd3.exe injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:10:18] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:10:19] "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\WINDOWS\vsnpstd3.exe injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:10:25] Last message repeated 6 times
[21/Jun/2008 14:10:25] "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\WINDOWS\vsnpstd3.exe injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:10:31] Last message repeated 5 times
[21/Jun/2008 14:10:31] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:10:37] Last message repeated 6 times
[21/Jun/2008 14:10:37] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:10:43] Last message repeated 5 times
[21/Jun/2008 14:10:43] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:10:49] Last message repeated 6 times
[21/Jun/2008 14:10:49] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:10:51] "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\WINDOWS\system32\Ati2evxx.exe injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:10:55] Last message repeated 4 times
[21/Jun/2008 14:10:55] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:11:01] Last message repeated 6 times
[21/Jun/2008 14:11:01] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:11:07] Last message repeated 5 times
[21/Jun/2008 14:11:31] Last message repeated 5 times
[21/Jun/2008 14:11:31] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:11:37] Last message repeated 6 times
[21/Jun/2008 14:11:37] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:11:43] Last message repeated 5 times
[21/Jun/2008 14:11:43] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:11:46] Last message repeated 3 times
[21/Jun/2008 14:11:46] "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\WINDOWS\system32\svchost.exe injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:11:47] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:11:53] Last message repeated 6 times
[21/Jun/2008 14:11:54] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:11:59] Last message repeated 5 times
[21/Jun/2008 14:11:59] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:12:05] Last message repeated 6 times
[21/Jun/2008 14:12:06] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:12:11] Last message repeated 5 times
[21/Jun/2008 14:12:11] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:12:17] Last message repeated 6 times
[21/Jun/2008 14:12:18] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:12:23] Last message repeated 5 times
[21/Jun/2008 14:12:23] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:12:29] Last message repeated 6 times
[21/Jun/2008 14:12:30] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:12:35] Last message repeated 5 times
[21/Jun/2008 14:12:35] "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\WINDOWS\vsnpstd3.exe injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:12:41] Last message repeated 6 times
[21/Jun/2008 14:12:42] "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\WINDOWS\vsnpstd3.exe injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:12:46] Last message repeated 4 times
[21/Jun/2008 14:12:46] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:12:47] "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\WINDOWS\system32\svchost.exe injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:12:51] Last message repeated 3 times
[21/Jun/2008 14:12:51] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:12:57] Last message repeated 7 times
[21/Jun/2008 14:12:58] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:13:03] Last message repeated 5 times
[21/Jun/2008 14:13:03] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:13:09] Last message repeated 5 times
[21/Jun/2008 14:13:09] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:13:15] Last message repeated 5 times
[21/Jun/2008 14:13:15] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:13:21] Last message repeated 6 times
[21/Jun/2008 14:13:21] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:13:27] Last message repeated 5 times
[21/Jun/2008 14:13:27] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:13:33] Last message repeated 6 times
[21/Jun/2008 14:13:33] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:13:39] Last message repeated 5 times
[21/Jun/2008 14:13:39] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:13:45] Last message repeated 6 times
[21/Jun/2008 14:13:45] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:13:51] Last message repeated 5 times
[21/Jun/2008 14:13:51] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:13:57] Last message repeated 6 times
[21/Jun/2008 14:13:57] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:14:03] Last message repeated 5 times
[21/Jun/2008 14:14:03] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:14:09] Last message repeated 6 times
[21/Jun/2008 14:14:09] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:14:15] Last message repeated 5 times
[21/Jun/2008 14:14:15] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:14:21] Last message repeated 6 times
[21/Jun/2008 14:14:21] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:14:27] Last message repeated 5 times
[21/Jun/2008 14:14:27] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:14:33] Last message repeated 6 times
[21/Jun/2008 14:14:33] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:14:39] Last message repeated 5 times
[21/Jun/2008 14:14:39] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:14:45] Last message repeated 6 times
[21/Jun/2008 14:14:45] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:14:51] Last message repeated 5 times
[21/Jun/2008 14:14:51] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:14:57] Last message repeated 6 times
[21/Jun/2008 14:14:57] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:15:03] Last message repeated 5 times
[21/Jun/2008 14:15:03] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:15:09] Last message repeated 6 times
[21/Jun/2008 14:15:09] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:15:15] Last message repeated 5 times
[21/Jun/2008 14:15:15] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:15:21] Last message repeated 6 times
[21/Jun/2008 14:15:21] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:15:27] Last message repeated 5 times
[21/Jun/2008 14:15:27] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:15:33] Last message repeated 6 times
[21/Jun/2008 14:15:33] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:15:39] Last message repeated 5 times
[21/Jun/2008 14:15:39] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:15:45] Last message repeated 6 times
[21/Jun/2008 14:15:45] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:15:51] Last message repeated 5 times
[21/Jun/2008 14:15:51] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:15:57] Last message repeated 6 times
[21/Jun/2008 14:15:57] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:16:03] Last message repeated 5 times
[21/Jun/2008 14:16:03] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:16:09] Last message repeated 6 times
[21/Jun/2008 14:16:09] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:16:15] Last message repeated 5 times
[21/Jun/2008 14:16:15] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:16:21] Last message repeated 6 times
[21/Jun/2008 14:16:21] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:16:27] Last message repeated 5 times
[21/Jun/2008 14:16:27] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:16:33] Last message repeated 6 times
[21/Jun/2008 14:16:33] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:16:39] Last message repeated 5 times
[21/Jun/2008 14:16:39] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:16:45] Last message repeated 6 times
[21/Jun/2008 14:16:45] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:16:51] Last message repeated 5 times
[21/Jun/2008 14:16:51] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:16:57] Last message repeated 6 times
[21/Jun/2008 14:16:57] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:17:03] Last message repeated 5 times
[21/Jun/2008 14:17:03] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:17:09] Last message repeated 6 times
[21/Jun/2008 14:17:09] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:17:15] Last message repeated 5 times
[21/Jun/2008 14:17:15] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:17:21] Last message repeated 6 times
[21/Jun/2008 14:17:21] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:17:27] Last message repeated 5 times
[21/Jun/2008 14:17:27] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:17:33] Last message repeated 6 times
[21/Jun/2008 14:17:33] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:17:39] Last message repeated 5 times
[21/Jun/2008 14:17:39] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:17:45] Last message repeated 6 times
[21/Jun/2008 14:17:45] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:17:51] Last message repeated 5 times
[21/Jun/2008 14:17:51] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:17:57] Last message repeated 6 times
[21/Jun/2008 14:17:57] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:18:03] Last message repeated 5 times
[21/Jun/2008 14:18:03] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:18:09] Last message repeated 6 times
[21/Jun/2008 14:18:09] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:18:15] Last message repeated 5 times
[21/Jun/2008 14:18:15] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:18:21] Last message repeated 6 times
[21/Jun/2008 14:18:21] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:18:27] Last message repeated 5 times
[21/Jun/2008 14:18:27] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:18:33] Last message repeated 6 times
[21/Jun/2008 14:18:33] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:18:39] Last message repeated 5 times
[21/Jun/2008 14:18:39] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:18:45] Last message repeated 6 times
[21/Jun/2008 14:18:45] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:18:51] Last message repeated 5 times
[21/Jun/2008 14:18:51] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:18:57] Last message repeated 6 times
[21/Jun/2008 14:18:57] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:19:03] Last message repeated 5 times
[21/Jun/2008 14:19:03] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:19:09] Last message repeated 6 times
[21/Jun/2008 14:19:09] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:19:15] Last message repeated 5 times
[21/Jun/2008 14:19:15] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:19:21] Last message repeated 6 times
[21/Jun/2008 14:19:21] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:19:27] Last message repeated 5 times
[21/Jun/2008 14:19:27] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:19:33] Last message repeated 6 times
[21/Jun/2008 14:19:33] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:19:39] Last message repeated 5 times
[21/Jun/2008 14:19:39] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:19:45] Last message repeated 6 times
[21/Jun/2008 14:19:45] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:19:51] Last message repeated 5 times
[21/Jun/2008 14:19:51] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:19:57] Last message repeated 6 times
[21/Jun/2008 14:19:57] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:20:03] Last message repeated 5 times
[21/Jun/2008 14:20:03] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:20:09] Last message repeated 6 times
[21/Jun/2008 14:20:09] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:20:15] Last message repeated 5 times
[21/Jun/2008 14:20:15] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:20:21] Last message repeated 6 times
[21/Jun/2008 14:20:21] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:20:27] Last message repeated 5 times
[21/Jun/2008 14:20:27] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:20:33] Last message repeated 6 times
[21/Jun/2008 14:20:33] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:20:39] Last message repeated 5 times
[21/Jun/2008 14:20:39] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:20:45] Last message repeated 6 times
[21/Jun/2008 14:20:45] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:20:51] Last message repeated 5 times
[21/Jun/2008 14:20:51] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:20:57] Last message repeated 6 times
[21/Jun/2008 14:20:57] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:21:03] Last message repeated 5 times
[21/Jun/2008 14:21:03] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:21:09] Last message repeated 6 times
[21/Jun/2008 14:21:09] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:21:15] Last message repeated 5 times
[21/Jun/2008 14:21:15] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:21:21] Last message repeated 6 times
[21/Jun/2008 14:21:21] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:21:27] Last message repeated 5 times
[21/Jun/2008 14:21:27] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:21:33] Last message repeated 6 times
[21/Jun/2008 14:21:33] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:21:39] Last message repeated 5 times
[21/Jun/2008 14:21:39] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:21:45] Last message repeated 6 times
[21/Jun/2008 14:21:45] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:21:51] Last message repeated 5 times
[21/Jun/2008 14:21:51] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:21:57] Last message repeated 6 times
[21/Jun/2008 14:21:57] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:22:03] Last message repeated 5 times
[21/Jun/2008 14:22:03] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:22:09] Last message repeated 6 times
[21/Jun/2008 14:22:09] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:22:15] Last message repeated 5 times
[21/Jun/2008 14:22:15] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:22:21] Last message repeated 6 times
[21/Jun/2008 14:22:21] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:22:27] Last message repeated 5 times
[21/Jun/2008 14:22:27] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:22:33] Last message repeated 6 times
[21/Jun/2008 14:22:33] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:22:39] Last message repeated 5 times
[21/Jun/2008 14:22:39] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:22:45] Last message repeated 6 times
[21/Jun/2008 14:22:45] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:22:51] Last message repeated 5 times
[21/Jun/2008 14:22:51] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:22:57] Last message repeated 6 times
[21/Jun/2008 14:22:57] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:23:03] Last message repeated 5 times
[21/Jun/2008 14:23:03] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:23:09] Last message repeated 6 times
[21/Jun/2008 14:23:09] "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\WINDOWS\system32\Ati2evxx.exe injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:23:13] Last message repeated 4 times
[21/Jun/2008 14:23:13] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:23:19] Last message repeated 4 times
[21/Jun/2008 14:23:19] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:23:24] Last message repeated 3 times
[21/Jun/2008 14:23:24] "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\WINDOWS\system32\Ati2evxx.exe injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:23:25] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:23:30] Last message repeated 3 times
[21/Jun/2008 14:23:30] "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\WINDOWS\system32\Ati2evxx.exe injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:23:32] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:23:38] Last message repeated 4 times
[21/Jun/2008 14:23:38] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:23:44] Last message repeated 4 times
[21/Jun/2008 14:23:44] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:23:50] Last message repeated 4 times
[21/Jun/2008 14:23:50] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:23:56] Last message repeated 4 times
[21/Jun/2008 14:23:56] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:24:02] Last message repeated 4 times
[21/Jun/2008 14:24:02] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:24:08] Last message repeated 4 times
[21/Jun/2008 14:24:09] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:24:14] Last message repeated 4 times
[21/Jun/2008 14:24:15] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:24:20] Last message repeated 4 times
[21/Jun/2008 14:24:21] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:24:26] Last message repeated 4 times
[21/Jun/2008 14:24:27] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:24:32] Last message repeated 4 times
[21/Jun/2008 14:24:33] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:24:38] Last message repeated 4 times
[21/Jun/2008 14:24:39] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:24:44] Last message repeated 4 times
[21/Jun/2008 14:24:45] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:24:50] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:24:50] "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\ComboFix\grep.cfexe injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:24:51] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:24:57] Last message repeated 4 times
[21/Jun/2008 14:25:00] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:25:03] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:25:03] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:25:09] Last message repeated 4 times
[21/Jun/2008 14:25:09] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:25:09] "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\WINDOWS\system32\rundll32.exe injected dangerous code into C:\WINDOWS\explorer.exe (code address: 0x00C7A1B2)
[21/Jun/2008 14:25:11] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:25:17] Last message repeated 4 times
[21/Jun/2008 14:25:17] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:25:23] Last message repeated 4 times
[21/Jun/2008 14:25:23] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:25:29] Last message repeated 4 times
[21/Jun/2008 14:25:29] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:25:35] Last message repeated 4 times
[21/Jun/2008 14:25:35] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:25:41] Last message repeated 4 times
[21/Jun/2008 14:25:41] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:25:47] Last message repeated 4 times
[21/Jun/2008 14:25:47] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:25:53] Last message repeated 4 times
[21/Jun/2008 14:25:53] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:25:59] Last message repeated 4 times
[21/Jun/2008 14:25:59] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:26:05] Last message repeated 4 times
[21/Jun/2008 14:26:05] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:26:11] Last message repeated 4 times
[21/Jun/2008 14:26:11] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:26:17] Last message repeated 4 times
[21/Jun/2008 14:26:17] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:26:23] Last message repeated 4 times
[21/Jun/2008 14:26:23] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:26:29] Last message repeated 4 times
[21/Jun/2008 14:26:29] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:26:35] Last message repeated 4 times
[21/Jun/2008 14:26:35] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:26:36] "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\WINDOWS\system32\svchost.exe injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:26:38] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:26:44] Last message repeated 4 times
[21/Jun/2008 14:26:44] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:26:50] Last message repeated 4 times
[21/Jun/2008 14:26:50] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:26:53] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:26:53] "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\WINDOWS\system32\svchost.exe injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:26:59] Last message repeated 4 times
[21/Jun/2008 14:26:59] "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\WINDOWS\system32\svchost.exe injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:27:00] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:27:06] Last message repeated 4 times
[21/Jun/2008 14:27:06] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:27:12] Last message repeated 4 times
[21/Jun/2008 14:27:12] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:27:18] Last message repeated 4 times
[21/Jun/2008 14:27:18] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:27:24] Last message repeated 4 times
[21/Jun/2008 14:27:24] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:27:30] Last message repeated 4 times
[21/Jun/2008 14:27:30] "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\WINDOWS\system32\svchost.exe injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:27:36] Last message repeated 4 times
[21/Jun/2008 14:27:36] "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\WINDOWS\system32\svchost.exe injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:27:42] Last message repeated 4 times
[21/Jun/2008 14:27:42] "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\WINDOWS\system32\svchost.exe injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:27:48] Last message repeated 4 times
[21/Jun/2008 14:27:48] "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\WINDOWS\system32\svchost.exe injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:27:50] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:27:56] Last message repeated 4 times
[21/Jun/2008 14:27:56] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:28:02] Last message repeated 4 times
[21/Jun/2008 14:28:02] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:28:08] Last message repeated 4 times
[21/Jun/2008 14:28:08] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:28:14] Last message repeated 4 times
[21/Jun/2008 14:28:14] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:28:20] Last message repeated 4 times
[21/Jun/2008 14:28:20] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:28:26] Last message repeated 4 times
[21/Jun/2008 14:28:27] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:28:32] Last message repeated 3 times
[21/Jun/2008 14:28:33] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:28:38] Last message repeated 3 times
[21/Jun/2008 14:28:39] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:28:44] Last message repeated 3 times
[21/Jun/2008 14:28:44] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:28:50] Last message repeated 4 times
[21/Jun/2008 14:28:51] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:29:20] Last message repeated 4 times
[21/Jun/2008 14:29:21] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:29:26] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\WINDOWS\system32\lsass.exe (code address: 0x7C801D77)
[21/Jun/2008 14:35:46] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\ComboFix\Catchme.tmp (code address: 0x7C801D77)
[21/Jun/2008 14:35:55] "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\WINDOWS\system32\rundll32.exe injected dangerous code into C:\WINDOWS\Explorer.EXE (code address: 0x1000A1B2)
[21/Jun/2008 14:36:20] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\ComboFix\Catchme.tmp (code address: 0x7C801D77)
[21/Jun/2008 14:36:21] "Hips" type = 'Code injection', action = 'denied', descr = 'Process <unknown> injected dangerous code into C:\ComboFix\Catchme.tmp (code address: 0x7C801D77)
[21/Jun/2008 14:36:27] Last message repeated 4 times
[21/Jun/2008 14:42:41] "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\WINDOWS\system32\rundll32.exe injected dangerous code into C:\WINDOWS\explorer.exe (code address: 0x00C7A1B2)

bellatrix · Příspěvekod **bellatrix** » 21 čer 2008 15:09

esteze to Kerio blokuje..

spusti poznamkovy blok - skopiruj donho:

Kód: Vybrat vše

File::
C:\WINDOWS\system32\gqfgfvdj.dll

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"3cf4a8ba"=-

uloz pod nazvom CFScript tak, aby mal koncovku txt a podla spodneho obrazku ho presun nad combofix - spusti sa combofix, log z neho vloz sem
Obrázek

prescnauj s mwav (je v mojom podpise) a log z jeho spodneho okna vloz sem

hujirek · Příspěvekod **hujirek** » 21 čer 2008 15:27

ComboFix 08-06-20.4 - Pižla 2008-06-21 15:10:22.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.1456 [GMT 2:00]
Running from: C:\Documents and Settings\Pižla\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\Pižla\Plocha\CFScript.txt
* Created a new restore point
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\gqfgfvdj.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\gqfgfvdj.dll

.
((((((((((((((((((((((((( Files Created from 2008-05-21 to 2008-06-21 )))))))))))))))))))))))))))))))
.

2008-06-21 14:42 . 2008-06-21 14:42 <DIR> d-------- C:\Documents and Settings\Pi×la
2008-06-21 14:29 . 2008-06-21 14:29 39,795 --a------ C:\Documents and Settings\Picatchme.zip
2008-06-21 13:31 . 2008-06-21 13:31 <DIR> d-------- C:\Documents and Settings\Pižla\Rossmann Foto-Shop
2008-06-21 13:31 . 2008-06-21 13:31 <DIR> d-------- C:\Documents and Settings\Pižla\Rossmann Foto-Shop
2008-06-21 12:05 . 2008-06-21 12:05 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-21 11:27 . 2008-06-21 11:27 <DIR> d-------- C:\!KillBox
2008-06-21 09:41 . 2008-06-21 09:41 <DIR> d-------- C:\Documents and Settings\Pižla\Data aplikací\Lavasoft
2008-06-20 18:35 . 2008-06-20 18:35 <DIR> d-------- C:\Program Files\Rossmann Foto-Shop Client
2008-06-14 19:03 . 2008-06-14 19:03 <DIR> d-------- C:\Program Files\QuickTime
2008-06-14 19:00 . 2008-06-14 19:00 <DIR> d-------- C:\Documents and Settings\Pižla\Data aplikací\Autodesk
2008-06-14 18:52 . 2008-06-14 18:53 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-06-14 18:52 . 2008-06-14 18:52 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Autodesk
2008-06-14 18:51 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2008-06-14 18:51 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2008-06-14 18:51 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2008-06-14 18:47 . 2008-06-14 18:47 <DIR> d-------- C:\Autodesk
2008-06-14 18:31 . 2008-06-14 18:51 <DIR> d-------- C:\Program Files\Autodesk
2008-06-12 07:07 . 2008-06-12 07:07 <DIR> d-------- C:\Documents and Settings\Pižla\Data aplikací\ATI
2008-06-12 07:07 . 2008-06-12 07:07 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\ATI
2008-06-12 00:02 . 2008-06-12 00:03 <DIR> d-------- C:\Program Files\ATI Technologies
2008-06-12 00:02 . 2008-06-12 00:02 <DIR> d-------- C:\ATI
2008-05-30 21:28 . 2004-07-09 05:26 83,968 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2008-05-30 21:28 . 2004-07-09 05:26 18,688 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2008-05-30 21:28 . 2004-07-09 05:26 16,384 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2008-05-30 21:28 . 2002-12-12 01:14 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2008-05-30 21:28 . 2008-05-30 21:30 156 --a------ C:\WINDOWS\Twunk001.MTX
2008-05-30 21:28 . 2008-05-30 21:30 4 --a------ C:\WINDOWS\Twain001.Mtx
2008-05-30 21:28 . 2008-05-30 21:28 0 --a------ C:\WINDOWS\Twunk002.MTX
2008-05-30 21:27 . 2005-11-23 13:55 53,248 --a------ C:\WINDOWS\system32\csnpstd3.dll
2008-05-30 21:23 . 2008-05-30 21:45 <DIR> d-------- C:\Program Files\V-Gear BEE
2008-05-30 21:23 . 2008-05-30 21:23 796,672 --a------ C:\WINDOWS\GPInstall.exe
2008-05-30 21:22 . 2008-05-30 21:22 <DIR> d-------- C:\Program Files\Common Files\snpstd3
2008-05-30 21:22 . 2006-04-12 12:11 147,456 --a------ C:\WINDOWS\system32\rsnpstd3.dll
2008-05-30 21:22 . 2004-08-09 17:43 94,208 --a------ C:\WINDOWS\amcap.exe
2008-05-30 21:22 . 2004-12-08 18:40 20,480 --a------ C:\WINDOWS\usnpstd3.exe
2008-05-27 21:47 . 2008-06-08 18:09 <DIR> d-------- C:\Program Files\IKEA HomePlanner
2008-05-27 21:45 . 2008-05-27 21:45 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-26 19:03 . 2008-05-26 19:03 <DIR> d-------- C:\Documents and Settings\Pižla\Data aplikací\UFOAI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-21 10:15 --------- d-----w C:\Documents and Settings\Pižla\Data aplikací\uTorrent
2008-06-11 22:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-07 20:20 --------- d-----w C:\Documents and Settings\Pižla\Data aplikací\Skype
2008-06-04 16:07 2,828 --sha-w C:\Documents and Settings\All Users\Data aplikací\KGyGaAvL.sys
2008-05-13 17:08 --------- d-----w C:\Documents and Settings\Pižla\Data aplikací\Vso
2008-05-13 17:01 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-05-13 17:01 47,360 ----a-w C:\Documents and Settings\Pižla\Data aplikací\pcouffin.sys
2008-05-13 17:01 --------- d-----w C:\Program Files\DVDFab 5
2008-05-12 16:30 3,007,488 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-05-12 15:56 397,312 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-05-12 15:54 305,152 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-05-12 15:53 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-05-12 15:45 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-05-12 15:45 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-05-12 15:45 180,224 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-05-12 15:45 139,264 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-05-12 15:44 139,264 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-05-12 15:43 540,672 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-05-12 15:43 10,153,984 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-05-12 15:41 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-05-12 15:32 3,203,168 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-05-12 15:22 1,999,616 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-05-12 15:09 47,104 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-05-12 15:05 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-05-12 15:05 327,680 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-05-12 15:03 19,968 ----a-w C:\WINDOWS\system32\atiadlxx.dll
2008-05-12 15:03 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-05-12 15:02 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-05-12 15:02 241,664 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-05-12 14:57 548,864 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-05-12 08:49 593,920 ----a-w C:\WINDOWS\system32\ati2sgag.exe
2008-04-29 16:42 --------- d-----w C:\Program Files\Exifer
2008-04-29 16:36 30 ----a-w C:\Program Files\Exiferupdate.ini
2008-04-25 21:03 --------- d-----w C:\Program Files\DynamicPhotoHDR
2008-04-25 10:52 --------- d-----w C:\Documents and Settings\Pižla\Data aplikací\OpenOffice.org2
2008-04-25 10:34 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2008-03-31 18:14 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-03-30 16:50 8 --sh--r C:\Documents and Settings\All Users\Data aplikací\8278C6EC99.sys
2008-03-29 23:02 298,104 ----a-w C:\WINDOWS\system32\imon.dll
2004-03-11 12:27 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
2005-05-13 15:12 217,073 --sha-r C:\WINDOWS\meta4.exe
2005-10-24 09:13 66,560 --sha-r C:\WINDOWS\MOTA113.exe
2005-10-13 19:27 422,400 --sha-r C:\WINDOWS\x2.64.exe
2005-10-07 17:14 308,224 --sha-r C:\WINDOWS\system32\avisynth.dll
2005-07-14 10:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 13:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-21 20:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2004-01-24 22:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll
2006-04-27 08:24 2,945,024 --sha-r C:\WINDOWS\system32\Smab.dll
2005-02-28 11:16 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
2004-01-24 22:00 217,088 --sha-r C:\WINDOWS\system32\yv12vfw.dll
.

------- Sigcheck -------

2007-12-27 12:47 359040 1745b00fc1141404b28f4b94f69a8871 C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 14:49 15360]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 14:58 495616]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 03:23 443968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acronis True Image Monitor"="C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe" [2002-02-18 23:01 419416]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2002-02-18 23:01 69632]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 18:35 32768]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-03-30 01:02 949376]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-04 11:44 16120832 C:\WINDOWS\RTHDCPL.exe]
"OSSelectorReinstall"="C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2007-03-15 10:06 2225208]
"GrooveMonitor"="C:\Program Files\Microsoft Office 2007\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 11:06 77824]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 13:06 40048]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2006-01-13 08:46 196608]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe" [2007-12-04 02:07 61440]
"tsnpstd3"="C:\WINDOWS\tsnpstd3.exe" [ ]
"snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2005-09-05 15:55 339968]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-06-14 19:03 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 14:49 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="regsvr32" []

C:\Documents and Settings\Pi§la\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"VIDC.YV12"= yv12vfw.dll
"VIDC.ACDV"= ACDV.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office 2007\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office 2007\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office 2007\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Programy\\totalcmd\\TOTALCMD.EXE"=
"C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"C:\\Programy\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"C:\\Program Files\\Autodesk\\3ds Max 2009\\3dsmax.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12558:TCP"= 12558:TCP:BitComet 12558 TCP
"12558:UDP"= 12558:UDP:BitComet 12558 UDP

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2006-07-18 12:02]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2006-07-18 12:02]
R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;"C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe" [2008-03-10 00:04]
R2 PSI_SVC_2;Protexis Licensing V2;"c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe" [2007-07-24 11:15]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 22:04]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 22:08]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]
S3 Dot4Usb HPH09;Dot4Usb HPH09;C:\WINDOWS\system32\drivers\hphius09.sys []
S3 usbscan;Ovladač skeneru USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-21 15:15:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
.
Completion time: 2008-06-21 15:17:03
ComboFix-quarantined-files.txt 2008-06-21 13:16:57
ComboFix2.txt 2008-06-21 12:42:38

Adresářů: 14, Volných bajtů: 3,802,193,920
Adresářů: 17, Volných bajtů: 3,787,456,512

199

hujirek · Příspěvekod **hujirek** » 21 čer 2008 17:00

Objekt "kazaa Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "conducent flexpak Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "savenow Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "backdoor (ircbot) trojans Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "backdoor (ircbot) trojans Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "spyware.expresskeylog Corrupted Adware/Spyware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "combo Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCR\AcroPDF.Runtime.3" odkazuje na neplatný objekt "{08E6D34C-15FC-D264-A677-28138F6F5628}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCR\ComEvents.FHistCtrl.3" odkazuje na neplatný objekt "{80820752-9F25-2087-49A9-21DA23669A77}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCR\ITIR.Collections" odkazuje na neplatný objekt "{AB9F6B4D-6F2D-DB6B-1C8C-9A47E5B2AA12}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCR\MailFileAtt" odkazuje na neplatný objekt "{00020D05-0000-0000-C000-000000000046}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCR\mapifvbx.object" odkazuje na neplatný objekt "{41116C00-8B90-101B-96CD-00AA003B14FC}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCR\mapifvbx.object.1" odkazuje na neplatný objekt "{41116C00-8B90-101B-96CD-00AA003B14FC}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCR\Plenoptic.Plenoptic" odkazuje na neplatný objekt "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCR\Plenoptic.Plenoptic.1" odkazuje na neplatný objekt "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCR\RTCCore.RTCClient" odkazuje na neplatný objekt "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCR\RTCCore.RTCClient.1" odkazuje na neplatný objekt "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCR\System.DirectMusic.3" odkazuje na neplatný objekt "{4E16D2E3-8113-9E79-480F-9360931D901F}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCR\WMPPublsihCntr.WMPPublsihCntr" odkazuje na neplatný objekt "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" odkazuje na neplatný objekt "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCR\WMPShell.HWEventHandler" odkazuje na neplatný objekt "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCR\WMPShell.HWEventHandler.1" odkazuje na neplatný objekt "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\Program Files\Ahead\CoverDesigner\NeroCoverDesigner_fra.chm". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\Program Files\Ahead\CoverDesigner\covered-deu.nls". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\Program Files\Ahead\CoverDesigner\covered-jpn.nls". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\Program Files\Ahead\Nero BackItUp\BackItUp-Deu.nls". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\Program Files\Ahead\Nero BackItUp\NeroBackItUp_Fra.chm". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart_deu.chm". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart_fra.chm". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart_jpn.chm". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\Program Files\Ahead\Nero BackItUp\BackItUp-Jpn.nls". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Windows.Forms.tlb". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.tlb". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.tlb". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscoree.tlb". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Drawing.tlb". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.EnterpriseServices.tlb". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.JScript.tlb". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.Vsa.tlb". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Drawing.tlb". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscoree.tlb". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.tlb". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.tlb". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.tlb". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.tlb". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.Vb.CodeDOMProcessor.tlb". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorlib.tlb". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.tlb". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.Vsa.Vb.CodeDOMProcessor.tlb". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\WINDOWS\system32\pxwma.dll". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" odkazuje na neplatný objekt "C:\Documents and Settings\All Users\Nabídka Start\Programy\Imagenomic\Portraiture Plug-in\". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" odkazuje na neplatný objekt "C:\Documents and Settings\All Users\Nabídka Start\Programy\Imagenomic\". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" odkazuje na neplatný objekt "C:\Documents and Settings\All Users\Nabídka Start\Programy\Imagenomic\RealGrain Plug-in\". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" odkazuje na neplatný objekt "C:\Documents and Settings\All Users\Nabídka Start\Programy\Adobe Photoshop Lightroom 1.3\". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".acr". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".b3d". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".cam". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".dcm". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".dds". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".ecw". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".fsh". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".g3". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".gsm". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".iw44". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".jng". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".jpm". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".kdc". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".ldf". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".lic". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".lng". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".lwf". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".mng". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".ngg". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".nlm". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".nol". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".psp". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".sff". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".sfw". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".sid". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".sun". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".v10o". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".v10p". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".v10pf". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "BitComet". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "IrfanView". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "Microsoft .NET Framework 2.0". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "Mozilla Firefox (2.0.0.13)". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "Mozilla Firefox (2.0.0.14)". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "Mozilla Firefox (2.0.0.9)". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{125F0ACC-D3FC-402B-8D96-27F6E46D00D5}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{45D68F08-56A0-4412-BB0F-8492BE978AC7}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{558CD0A7-0548-4220-88FE-01CC1477DF61}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{5AC9F44E-06C7-41E3-A464-37177AB9105D}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{7C3E3706-8FBD-4169-9726-0A47FBF9D32A}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{901C63FD-6673-47A6-9B5F-B13E3EBFA470}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{A49F249F-0C91-497F-86DF-B2585E8E76B7}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{AC76BA86-7AD7-1029-7B44-A80000000000}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{C3CE4CED-46B0-407E-A703-7A83AAE02A36}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{DBE84DB2-1794-4244-9859-9B720CA89B4D}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{F68E3631-68ED-4970-8D77-B81FE83AA6A1}". Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\WINDOWS\cmdow.exe indentifikován jako "not-a-virus:RiskTool.Win32.HideWindows". Provedené akce: Ponecháno, neodstraněno!.

hujirek · Příspěvekod **hujirek** » 21 čer 2008 17:11

Soubor C:\WINDOWS\cmdow.exe indentifikován jako "not-a-virus:RiskTool.Win32.HideWindows". Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Program Files\Eset\infected\2BTN3LCA.NQF//PE-Crypt.XorPE//data0000.cab/WINDOW~1.EXE je infikovaný virem Backdoor.Win32.Rbot.gen !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Program Files\Eset\infected\2W2MNIAA.NQF//PE-Crypt.XorPE//data0000.cab/crack.exe je infikovaný virem Backdoor.Win32.Rbot.bwh !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Program Files\Eset\infected\2W3YGKDA.NQF//PE-Crypt.XorPE//data0000.cab/WINDOW~1.EXE je infikovaný virem Backdoor.Win32.Rbot.gen !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Program Files\Eset\infected\BRUTTSCA.NQF//PE-Crypt.XorPE/hosts\hosts.exe je infikovaný virem Backdoor.Win32.Small.cvt !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Program Files\Eset\infected\E5IXLWAA.NQF//PE-Crypt.XorPE//data0000.cab/manokiss.exe//PE_Patch//MEW//PE_Patch.AvSpoof//PE_Patch//NiceProtect je infikovaný virem Trojan.Win32.Pakes.cgn !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Program Files\Eset\infected\EBSMELDA.NQF//PE-Crypt.XorPE//data0000.cab/CREDIT~1.EXE//Armadillo je infikovaný virem Virus.Win32.Parite.b !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Program Files\Eset\infected\UTLF0FDA.NQF//PE-Crypt.XorPE//data0000.cab/rBot.exe je infikovaný virem Backdoor.Win32.Rbot.aea !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Program Files\Eset\infected\V3R5CQBA.NQF//PE-Crypt.XorPE indentifikován jako "not-a-virus:AdWare.Win32.Virtumonde.poj". Provedené akce: Ponecháno, neodstraněno!.

bellatrix · Příspěvekod **bellatrix** » 21 čer 2008 17:56

log z combofixu vyzera cisto, mwav nic extra nenasiel..
problem pretrvava? ak ano, vies mi povedat, kedy presne to zacalo?

hujirek · Příspěvekod **hujirek** » 21 čer 2008 17:57

Objekt "kazaa Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "conducent flexpak Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "savenow Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "backdoor (ircbot) trojans Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "backdoor (ircbot) trojans Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "spyware.expresskeylog Corrupted Adware/Spyware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "combo Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCR\AcroPDF.Runtime.3" odkazuje na neplatný objekt "{08E6D34C-15FC-D264-A677-28138F6F5628}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCR\ComEvents.FHistCtrl.3" odkazuje na neplatný objekt "{80820752-9F25-2087-49A9-21DA23669A77}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCR\ITIR.Collections" odkazuje na neplatný objekt "{AB9F6B4D-6F2D-DB6B-1C8C-9A47E5B2AA12}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCR\MailFileAtt" odkazuje na neplatný objekt "{00020D05-0000-0000-C000-000000000046}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCR\mapifvbx.object" odkazuje na neplatný objekt "{41116C00-8B90-101B-96CD-00AA003B14FC}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCR\mapifvbx.object.1" odkazuje na neplatný objekt "{41116C00-8B90-101B-96CD-00AA003B14FC}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCR\Plenoptic.Plenoptic" odkazuje na neplatný objekt "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCR\Plenoptic.Plenoptic.1" odkazuje na neplatný objekt "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCR\RTCCore.RTCClient" odkazuje na neplatný objekt "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCR\RTCCore.RTCClient.1" odkazuje na neplatný objekt "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCR\System.DirectMusic.3" odkazuje na neplatný objekt "{4E16D2E3-8113-9E79-480F-9360931D901F}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCR\WMPPublsihCntr.WMPPublsihCntr" odkazuje na neplatný objekt "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" odkazuje na neplatný objekt "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCR\WMPShell.HWEventHandler" odkazuje na neplatný objekt "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCR\WMPShell.HWEventHandler.1" odkazuje na neplatný objekt "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\Program Files\Ahead\CoverDesigner\NeroCoverDesigner_fra.chm". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\Program Files\Ahead\CoverDesigner\covered-deu.nls". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\Program Files\Ahead\CoverDesigner\covered-jpn.nls". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\Program Files\Ahead\Nero BackItUp\BackItUp-Deu.nls". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\Program Files\Ahead\Nero BackItUp\NeroBackItUp_Fra.chm". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart_deu.chm". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart_fra.chm". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart_jpn.chm". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\Program Files\Ahead\Nero BackItUp\BackItUp-Jpn.nls". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Windows.Forms.tlb". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.tlb". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.tlb". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscoree.tlb". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Drawing.tlb". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.EnterpriseServices.tlb". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.JScript.tlb". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.Vsa.tlb". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Drawing.tlb". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscoree.tlb". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.tlb". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.tlb". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.tlb". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.tlb". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.Vb.CodeDOMProcessor.tlb". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorlib.tlb". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.tlb". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.Vsa.Vb.CodeDOMProcessor.tlb". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\WINDOWS\system32\pxwma.dll". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" odkazuje na neplatný objekt "C:\Documents and Settings\All Users\Nabídka Start\Programy\Imagenomic\Portraiture Plug-in\". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" odkazuje na neplatný objekt "C:\Documents and Settings\All Users\Nabídka Start\Programy\Imagenomic\". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" odkazuje na neplatný objekt "C:\Documents and Settings\All Users\Nabídka Start\Programy\Imagenomic\RealGrain Plug-in\". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" odkazuje na neplatný objekt "C:\Documents and Settings\All Users\Nabídka Start\Programy\Adobe Photoshop Lightroom 1.3\". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".acr". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".b3d". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".cam". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".dcm". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".dds". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".ecw". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".fsh". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".g3". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".gsm". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".iw44". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".jng". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".jpm". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".kdc". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".ldf". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".lic". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".lng". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".lwf". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".mng". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".ngg". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".nlm". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".nol". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".psp". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".sff". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".sfw". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".sid". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".sun". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".v10o". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".v10p". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".v10pf". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "BitComet". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "IrfanView". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "Microsoft .NET Framework 2.0". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "Mozilla Firefox (2.0.0.13)". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "Mozilla Firefox (2.0.0.14)". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "Mozilla Firefox (2.0.0.9)". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{125F0ACC-D3FC-402B-8D96-27F6E46D00D5}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{45D68F08-56A0-4412-BB0F-8492BE978AC7}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{558CD0A7-0548-4220-88FE-01CC1477DF61}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{5AC9F44E-06C7-41E3-A464-37177AB9105D}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{7C3E3706-8FBD-4169-9726-0A47FBF9D32A}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{901C63FD-6673-47A6-9B5F-B13E3EBFA470}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{A49F249F-0C91-497F-86DF-B2585E8E76B7}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{AC76BA86-7AD7-1029-7B44-A80000000000}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{C3CE4CED-46B0-407E-A703-7A83AAE02A36}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{DBE84DB2-1794-4244-9859-9B720CA89B4D}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{F68E3631-68ED-4970-8D77-B81FE83AA6A1}". Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\WINDOWS\cmdow.exe indentifikován jako "not-a-virus:RiskTool.Win32.HideWindows". Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Program Files\Eset\infected\2BTN3LCA.NQF//PE-Crypt.XorPE//data0000.cab/WINDOW~1.EXE je infikovaný virem Backdoor.Win32.Rbot.gen !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Program Files\Eset\infected\2W2MNIAA.NQF//PE-Crypt.XorPE//data0000.cab/crack.exe je infikovaný virem Backdoor.Win32.Rbot.bwh !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Program Files\Eset\infected\2W3YGKDA.NQF//PE-Crypt.XorPE//data0000.cab/WINDOW~1.EXE je infikovaný virem Backdoor.Win32.Rbot.gen !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Program Files\Eset\infected\BRUTTSCA.NQF//PE-Crypt.XorPE/hosts\hosts.exe je infikovaný virem Backdoor.Win32.Small.cvt !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Program Files\Eset\infected\E5IXLWAA.NQF//PE-Crypt.XorPE//data0000.cab/manokiss.exe//PE_Patch//MEW//PE_Patch.AvSpoof//PE_Patch//NiceProtect je infikovaný virem Trojan.Win32.Pakes.cgn !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Program Files\Eset\infected\EBSMELDA.NQF//PE-Crypt.XorPE//data0000.cab/CREDIT~1.EXE//Armadillo je infikovaný virem Virus.Win32.Parite.b !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Program Files\Eset\infected\UTLF0FDA.NQF//PE-Crypt.XorPE//data0000.cab/rBot.exe je infikovaný virem Backdoor.Win32.Rbot.aea !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Program Files\Eset\infected\V3R5CQBA.NQF//PE-Crypt.XorPE indentifikován jako "not-a-virus:AdWare.Win32.Virtumonde.poj". Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Program Files\Trend Micro\HijackThis\backups\backup-20080621-134109-804.dll je infikovaný virem Trojan.Win32.Monder.gen !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Program Files\Trend Micro\HijackThis\backups\backup-20080621-134219-517.dll je infikovaný virem Trojan.Win32.Monder.gen !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Program Files\Trend Micro\HijackThis\backups\backup-20080621-140851-245.dll je infikovaný virem Trojan.Win32.Monder.gen !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Program Files\Trend Micro\HijackThis\backups\backup-20080621-140915-899.dll je infikovaný virem Trojan.Win32.Monder.gen !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Program Files\Trend Micro\HijackThis\backups\backup-20080621-140931-697.dll je infikovaný virem Trojan.Win32.Monder.gen !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Program Files\Trend Micro\HijackThis\backups\backup-20080621-140951-641.dll je infikovaný virem Trojan.Win32.Monder.gen !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Programy\DVD\virtuald\DivX\DivXPro5GAINBundle.exe//Gain_Trickler.exe indentifikován jako "not-a-virus:AdWare.Win32.Gator.3102". Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\QooBox\Quarantine\C\WINDOWS\system32\rqRLdDUL.dll.vir je infikovaný virem Trojan.Win32.Monder.gen !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\System Volume Information\_restore{5DB34985-5DFB-4361-840C-855B3ED1469C}\RP69\A0026165.exe je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\System Volume Information\_restore{5DB34985-5DFB-4361-840C-855B3ED1469C}\RP83\A0029460.dll je infikovaný virem Trojan.Win32.Monder.gen !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\WINDOWS\cmdow.exe indentifikován jako "not-a-virus:RiskTool.Win32.HideWindows". Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\WINDOWS\Installer\{90280405-6000-11D3-8CFE-0050048383C9}\accicons.exe je infikovaný virem Exe.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\WINDOWS\Installer\{90280405-6000-11D3-8CFE-0050048383C9}\cagicon.exe je infikovaný virem Exe.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\WINDOWS\Installer\{90280405-6000-11D3-8CFE-0050048383C9}\fpicon.exe je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\WINDOWS\Installer\{90280405-6000-11D3-8CFE-0050048383C9}\misc.exe je infikovaný virem Exe.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\WINDOWS\Installer\{90280405-6000-11D3-8CFE-0050048383C9}\PEicons.exe je infikovaný virem Exe.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\WINDOWS\Installer\{90280405-6000-11D3-8CFE-0050048383C9}\pptico.exe je infikovaný virem Exe.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\WINDOWS\Installer\{90280405-6000-11D3-8CFE-0050048383C9}\wordicon.exe je infikovaný virem Exe.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\WINDOWS\Installer\{90280405-6000-11D3-8CFE-0050048383C9}\xlicons.exe je infikovaný virem Exe.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.

bellatrix · Příspěvekod **bellatrix** » 21 čer 2008 18:01

tiez nic nebezpecne - zmaz karantenu esetu (C:\Program Files\Eset\infected), zalohu (C:\Program Files\Trend Micro\HijackThis\backups) z hijackthis aj karantenu combofixu (C:\QooBox\Quarantine)

hujirek · Příspěvekod **hujirek** » 21 čer 2008 18:04

Díky moc.
Tady je novej hjlog

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:55:09, on 21. 6. 2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Eset\nod32krn.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Office 2007\Office12\GrooveMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\CF21247.exe
C:\WINDOWS\explorer.exe
C:\DOCUME~1\PILA~1\LOCALS~1\Temp\mexe.com
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Acronis True Image Monitor] "C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office 2007\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe"
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net ... plugin.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver - Unknown owner - C:\WINDOWS\system32\HPHipm09.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

--
End of file - 7968 bytes

Prosím o kontrolu - vyskakuje Kerio pokus o průnik

Prosím o kontrolu - vyskakuje Kerio pokus o průnik

Re: Prosím o kontrolu - vyskakuje Kerio pokus o průnik

LOG

Re: Prosím o kontrolu - vyskakuje Kerio pokus o průnik

Re: Prosím o kontrolu - vyskakuje Kerio pokus o průnik

LOG

LOG z MWAV

Další LOG

Re: Prosím o kontrolu - vyskakuje Kerio pokus o průnik

Doplněk... log MWAV

Re: Prosím o kontrolu - vyskakuje Kerio pokus o průnik

Re: Prosím o kontrolu - vyskakuje Kerio pokus o průnik

Kdo je online