TrojanDownloader - prosim kontrolu

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

Odpovědět
BiScHop
Level 3
Level 3
Příspěvky: 591
Registrován: leden 09
Bydliště: Děčín
Pohlaví: Muž
Stav:
Offline
Kontakt:
Kontaktovat uživatele BiScHop

TrojanDownloader - prosim kontrolu

Příspěvekod BiScHop » 20 črc 2009 14:18

Furt mi vskakuje u nodu TrojanDownloader
tak prosim kontrolu logu hjt

dik


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:15:39, on 20.7.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
D:\Programy\TotalCommander\TOTALCMD.EXE
C:\Windows\SysWOW64\ctfmon.exe
D:\Programy\Opera\opera.exe
C:\Windows\SysWOW64\conime.exe
C:\Users\Jakub\AppData\Local\Temp\b.exe
D:\Programy\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\SysWOW64\dvmurl.dll
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Cognac] C:\Users\Jakub\AppData\Local\Temp\b.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programy\ICQ 6.5\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programy\ICQ 6.5\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7323 bytes
Nahoru
Reklama
Top
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43294
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: TrojanDownloader - prosim kontrolu

Příspěvekod jaro3 » 20 črc 2009 15:41

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Nahoru
BiScHop
Level 3
Level 3
Příspěvky: 591
Registrován: leden 09
Bydliště: Děčín
Pohlaví: Muž
Stav:
Offline
Kontakt:
Kontaktovat uživatele BiScHop

Re: TrojanDownloader - prosim kontrolu

Příspěvekod BiScHop » 20 črc 2009 16:09

Malwarebytes' Anti-Malware 1.39
Verze databáze: 2466
Windows 6.0.6001 Service Pack 1

20.7.2009 16:09:16
mbam-log-2009-07-20 (16-09-08).txt
a
Typ skenu: Rychlý sken
Objektu skenováno: 77049
Uplynulý cas: 3 minute(s), 6 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 3
Infikované hodnoty registru: 0
Infikované položky dat registru: 1
Infikované složky: 0
Infikované soubory: 2

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\ColdWare (Malware.Trace) -> No action taken.

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
c:\Windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> No action taken.
C:\Windows\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job (Trojan.Downloader) -> No action taken.
Nahoru
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43294
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: TrojanDownloader - prosim kontrolu

Příspěvekod jaro3 » 20 črc 2009 16:13

Odinstaluj:
DAEMON Tools Toolbar

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit log z MbAM.


Stáhni si OTL
na plochu. Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Output klikni na minimal Output.Pod Standard Registry změň na All.. Zatrhni LOP Check a Purity Check. Klikni na Run Scan. Všechny ostatní nastavení ponech jak jsou. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTListIt.Txt
Extras.Txt
Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Nahoru
BiScHop
Level 3
Level 3
Příspěvky: 591
Registrován: leden 09
Bydliště: Děčín
Pohlaví: Muž
Stav:
Offline
Kontakt:
Kontaktovat uživatele BiScHop

Re: TrojanDownloader - prosim kontrolu

Příspěvekod BiScHop » 20 črc 2009 19:16

log z mbam

Malwarebytes' Anti-Malware 1.39
Verze databáze: 2466
Windows 6.0.6001 Service Pack 1

20.7.2009 16:09:16
mbam-log-2009-07-20 (16-09-08).txt
a
Typ skenu: Rychlý sken
Objektu skenováno: 77049
Uplynulý cas: 3 minute(s), 6 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 3
Infikované hodnoty registru: 0
Infikované položky dat registru: 1
Infikované složky: 0
Infikované soubory: 2

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\ColdWare (Malware.Trace) -> No action taken.

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
c:\Windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> No action taken.
C:\Windows\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job (Trojan.Downloader) -> No action taken.


logy z otl

Extras

OTL Extras logfile created on: 20.7.2009 19:10:44 - Run 1
OTL by OldTimer - Version 3.0.9.2 Folder = C:\Users\Jakub\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18783)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

4,00 Gb Total Physical Memory | 3,07 Gb Available Physical Memory | 76,72% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74,50 Gb Total Space | 38,59 Gb Free Space | 51,79% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 356,28 Gb Free Space | 76,49% Space Free | Partition Type: NTFS
Drive E: | 403,61 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC-POKOJ
Current User Name: Jakub
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe ()
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html[@ = Opera.HTML] -- D:\Programy\Opera\opera.exe (Opera Software)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE ()
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE ()
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe ()
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe ()
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE ()
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe ()
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe ()
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe ()
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- D:\Programy\Opera\opera.exe (Opera Software)
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 30 55 50 35 A6 08 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{BC02737B-6632-4B29-872B-9C4A6EE8CF36}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00CDE41B-BDDE-40CF-AD49-273F136749CC}" = protocol=6 | dir=in | app=d:\games\assassin's creed\assassinscreed_launcher.exe |
"{029A0788-9E97-4316-A92C-E7A9C2B6438E}" = protocol=6 | dir=in | app=d:\games\assassin's creed\assassinscreed_dx10.exe |
"{042FBA65-022D-479F-8D2B-8F210E203BE1}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{055E7FE8-9BD5-42B7-B0B0-AF4D5B7574E0}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{0ACDF198-B03E-4940-AB63-072726681BD6}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{1DDA8363-80B3-4C13-9660-F6EEBEC14A33}" = protocol=6 | dir=in | app=d:\games\gta iv\rockstar games social club\rgsclauncher.exe |
"{386E213A-5D80-4496-9CFC-9654166EAF7A}" = protocol=17 | dir=in | app=d:\games\assassin's creed\assassinscreed_dx10.exe |
"{45ADE6BA-5D37-4F0C-A0A1-193BE7E29953}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{48A7E930-4466-4BC1-8625-8243E4CDCB7F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{6314767D-0A51-4EB5-ABE8-A5ABD6C14667}" = protocol=6 | dir=out | app=c:\program files (x86)\windows media player\wmplayer.exe |
"{6651BAAE-7ACE-4D88-B64E-C6AF3C8F393A}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{68974A48-3ABC-466E-B189-83E758EA10E2}" = protocol=17 | dir=in | app=d:\games\assassin's creed\assassinscreed_launcher.exe |
"{6D21C972-67DC-4046-8710-2E93B96DC922}" = protocol=17 | dir=in | app=d:\games\gta iv\rockstar games social club\rgsclauncher.exe |
"{8FAF2A0A-6E76-4F25-B1FB-6A4E527BED1F}" = protocol=17 | dir=in | app=c:\program files (x86)\windows media player\wmplayer.exe |
"{9767A469-22EE-4ADC-B4AE-109306783842}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{A6953A45-5B35-4B0A-AD0A-950AC6C51187}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{B3CF2F5F-A6D3-4537-B39F-B3635A92A99C}" = protocol=17 | dir=out | app=c:\program files (x86)\windows media player\wmplayer.exe |
"{CE308B57-FA7E-4B2F-9ABC-D85A55242743}" = protocol=6 | dir=in | app=d:\games\assassin's creed\assassinscreed_dx9.exe |
"{DAE20433-B22E-44EE-9256-2DEBFDB3950D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{DDCE8AC2-1AD8-4178-8FDA-37B903F9098F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{E71B8693-F36B-4A51-85CB-FDF76267A6A4}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{E8BE27AD-5017-4CE4-B3F9-0D2B246CD389}" = protocol=17 | dir=in | app=d:\games\assassin's creed\assassinscreed_dx9.exe |
"{EE561469-BDB7-4F02-855C-6E96DC6A8F4B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{EF482486-011D-4A2D-9144-5BFF62D13B6F}" = dir=in | app=d:\programy\skype\phone\skype.exe |
"{FAEE4177-C2B1-4531-AA7C-528F5DCC2B93}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"TCP Query User{0F5CDA9B-0003-40BF-ABE1-A04EC305B24A}D:\programy\icq 6.5\icq6.5\icq.exe" = protocol=6 | dir=in | app=d:\programy\icq 6.5\icq6.5\icq.exe |
"TCP Query User{6A74D669-009E-478D-B397-A28C0EE229E2}D:\instalace\hry\gta iv\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=d:\instalace\hry\gta iv\rockstar games\grand theft auto iv\gtaiv.exe |
"TCP Query User{8CF2F3BA-0564-4505-8AF2-D1F1BF1BC6AE}D:\games\battlestations pacific\bsp.exe" = protocol=6 | dir=in | app=d:\games\battlestations pacific\bsp.exe |
"TCP Query User{9FBE3345-64AB-4DC7-A86C-77887D1F6A51}D:\programy\icq6.5\icq.exe" = protocol=6 | dir=in | app=d:\programy\icq6.5\icq.exe |
"TCP Query User{B11DBF16-BA9C-470A-8A60-0E46B629B7F3}D:\games\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=d:\games\rockstar games\grand theft auto iv\gtaiv.exe |
"TCP Query User{BB09E402-24FA-4623-9A85-BBD28BAD0685}D:\games\battlestations\bsp.exe" = protocol=6 | dir=in | app=d:\games\battlestations\bsp.exe |
"TCP Query User{D0F87802-591D-42EC-A48D-FA428BE73525}D:\games\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=d:\games\call of duty 2\cod2mp_s.exe |
"UDP Query User{38557F50-1626-48A6-B52F-99785DBF0396}D:\games\battlestations\bsp.exe" = protocol=17 | dir=in | app=d:\games\battlestations\bsp.exe |
"UDP Query User{478DCE24-4880-4EE2-8E73-BBEB7628FECE}D:\programy\icq 6.5\icq6.5\icq.exe" = protocol=17 | dir=in | app=d:\programy\icq 6.5\icq6.5\icq.exe |
"UDP Query User{7A2D7BF5-BA8A-40FF-9B1A-958AED30FC7E}D:\games\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=d:\games\rockstar games\grand theft auto iv\gtaiv.exe |
"UDP Query User{A61A9511-BE0E-425D-BF20-0F35BAAD37C9}D:\programy\icq6.5\icq.exe" = protocol=17 | dir=in | app=d:\programy\icq6.5\icq.exe |
"UDP Query User{A6963521-EAB9-4FEE-846D-3A2EDDDEEF4C}D:\games\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=d:\games\call of duty 2\cod2mp_s.exe |
"UDP Query User{B0199844-855E-415F-903B-FB6DDA90C827}D:\games\battlestations pacific\bsp.exe" = protocol=17 | dir=in | app=d:\games\battlestations pacific\bsp.exe |
"UDP Query User{B41E7012-10B5-4495-8025-E583AD59CB83}D:\instalace\hry\gta iv\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=d:\instalace\hry\gta iv\rockstar games\grand theft auto iv\gtaiv.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP140_series" = Canon MP140 series
"{4B89C2AC-01E9-E43F-AF2F-B31417738ECF}" = ccc-utility64
"{52784483-7088-4A4C-81E2-808303AD98F5}" = Apple Mobile Device Support
"{8187A70D-6128-4D53-B1D5-7ACE977421A4}" = ESET NOD32 Antivirus
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0405-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Czech) 2007
"{A199A422-181A-AC10-9924-8A93C3CAFBC9}" = ATI Catalyst Install Manager
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1EF69B7-7A97-40FC-9AF1-6D6656FF874F}" = ATI AVIVO64 Codecs
"{DD73CA82-EA82-38AA-863D-9A24A018DC96}" = Microsoft .NET Framework 3.5 Language Pack SP1 - csy
"Microsoft .NET Framework 3.5 Language Pack SP1 - csy" = Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{1F55A4A2-E6F2-BB7C-4FE8-E974307B5139}" = Skins
"{216DFC20-539C-3580-4BC0-56FC3B86B77C}" = Catalyst Control Center Graphics Full Existing
"{2242AE36-597E-3F40-6CEC-A4A2ADFE7C7C}" = CCC Help Danish
"{2300EE96-0A41-4FAB-BD03-989EC44577A0}" = Acronis Disk Director Suite
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{2BC019B5-5BED-3D59-FD12-8A749D603711}" = Catalyst Control Center InstallProxy
"{3DC9AB06-E15F-C08C-29CC-6800211EFF88}" = CCC Help Thai
"{3E68F081-A1B6-6D0D-F18A-FD282794A31A}" = Catalyst Control Center Graphics Previews Vista
"{46F29895-7150-490C-DD8F-7D14EFBE3647}" = Catalyst Control Center Core Implementation
"{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}" = Microsoft Games for Windows - LIVE
"{4EDB23D5-E470-5EBB-E9AA-57E8A8E3F027}" = CCC Help Chinese Traditional
"{5324C4B8-8FEF-BBF2-3AF4-A84BE704CAE7}" = Catalyst Control Center Localization All
"{5D0D9DAA-0B40-CD7D-2105-9B06A2395A4C}" = CCC Help Czech
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{63AFACBC-4795-4A1B-8037-5085DC03FC54}" = Microsoft LifeCam
"{66DD0CFA-BE81-690F-5010-196F0690F60D}" = Catalyst Control Center Graphics Full New
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AAC3D10-BFC1-E120-BB90-899100C2378F}" = CCC Help Korean
"{6B1D7AF4-66A5-C8CB-0B12-FA098E05D364}" = CCC Help Dutch
"{6C2EEBE0-ABBD-3788-BDB3-CFDF608FF4C3}" = CCC Help Norwegian
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{79B094A9-3057-304C-AAAD-538740D5499F}" = CCC Help Portuguese
"{7ED169D4-5053-4166-93DF-53B12AE6C539}" = Energy Saver Advance B8.0711.1
"{8219CCD5-F180-E9A5-4C9F-182DE487481C}" = CCC Help Chinese Standard
"{869613B5-A810-3824-A21B-793DC2162B3B}" = CCC Help Hungarian
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{91C999BC-B75F-9A0A-D7EB-7ED7DE80D9FB}" = CCC Help Italian
"{9B99E43D-17A7-9FCE-D75C-9DD75DCD17C5}" = CCC Help English
"{A21A680B-247A-BCA9-0A9E-5697A7762D0D}" = Catalyst Control Center Graphics Light
"{A3D9DC5F-EE44-0DB6-285E-9E5B0D14F538}" = CCC Help German
"{AC76BA86-7AD7-1029-7B44-A91000000001}" = Adobe Reader 9.1 - Czech
"{B4F00577-506C-8D49-B403-938B5EE4E48A}" = CCC Help Spanish
"{BBAB6D5D-1DD4-4D46-B5D9-121DCAB17DEC}" = Battlestations: Pacific
"{BC329EF3-480F-B21D-043E-BA200DE278B4}" = CCC Help Turkish
"{BF025B72-15EF-326D-9D23-3F62C0DD11C1}" = HydraVision
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C9D70E19-9BBA-EDA6-93CD-D8003384E023}" = CCC Help Russian
"{CF760669-E69E-6D7D-6ACE-296A3542308C}" = CCC Help Greek
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D3CAE573-EE40-662D-FCDE-765A2BD5A48A}" = Catalyst Control Center HydraVision Full
"{D40860F1-29A2-BC5B-DC4B-C015D5A049BF}" = CCC Help Japanese
"{E1BBBAC5-2857-4155-82A6-54492CE88620}" = Opera 9.64
"{E31EB198-FD4C-905C-F59D-AC427EC7243D}" = CCC Help Polish
"{E3D6180E-D82F-FF98-D1C3-B42365A0F08E}" = Catalyst Control Center Graphics Previews Common
"{E57E6C57-6861-5621-DFE8-F584FA06DA6A}" = CCC Help Swedish
"{E8AEA11B-E60A-455E-B008-E4E763604612}" = Browser Configuration Utility
"{E9E53D25-D56D-F165-4067-12DB24F4E19C}" = ccc-core-static
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"{F4C5CDA5-A1C2-1A34-3074-A40D583FCB92}" = CCC Help French
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FD052FB9-FE90-4438-B355-15EDC89D8FB1}" = Microsoft Games for Windows - LIVE Redistributable
"{FE6862FE-2A9A-73F7-5FFB-5D8F47DC8611}" = CCC Help Finnish
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AuranTS2009_is1" = Trainz Simulator 2009: World Builder Edition
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.00
"GameParkClient_is1" = GamePark
"HijackThis" = HijackThis 2.0.2
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Project: Snowblind" = Project: Snowblind 1.0
"Totalcmd" = Total Commander (Remove or Repair)
"WinRAR archiver" = WinRAR
"winscp3_is1" = WinSCP 4.1.7

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 20.7.2009 6:49:11 | Computer Name = PC-pokoj | Source = Application Hang | ID = 1002
Description = Program gtaiv.exe verze 1.0.2.0 přestal spolupracovat se systémem
Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto
problému, vyhledejte historii problému v ovládacím panelu Oznámení a řešení problémů.
ID
procesu: 16f0 Čas zahájení: 01ca0927411c9353 Čas ukončení: 83

Error - 20.7.2009 7:00:46 | Computer Name = PC-pokoj | Source = System Restore | ID = 8193
Description =

Error - 20.7.2009 7:27:41 | Computer Name = PC-pokoj | Source = Application Error | ID = 1000
Description = Chybující aplikace gtaiv.exe, verze 1.0.2.0, časové razítko 0x494ff743,
chybující modul gtaiv.exe, verze 1.0.2.0, časové razítko 0x494ff743, kód výjimky
0xc0000005, posun chyby 0x003a834b, ID procesu 0x1124, čas spuštění aplikace 0x01ca0927e2c75323.

Error - 20.7.2009 7:29:05 | Computer Name = PC-pokoj | Source = Perflib | ID = 1023
Description =

Error - 20.7.2009 7:29:05 | Computer Name = PC-pokoj | Source = Perflib | ID = 1023
Description =

Error - 20.7.2009 8:14:07 | Computer Name = PC-pokoj | Source = System Restore | ID = 8193
Description =

Error - 20.7.2009 9:00:48 | Computer Name = PC-pokoj | Source = System Restore | ID = 8193
Description =

Error - 20.7.2009 10:14:16 | Computer Name = PC-pokoj | Source = System Restore | ID = 8193
Description =

Error - 20.7.2009 10:17:46 | Computer Name = PC-pokoj | Source = Application Error | ID = 1000
Description = Chybující aplikace opera.exe, verze 9.64.10487.0, časové razítko 0x49a6659c,
chybující modul Opera.dll, verze 9.64.10487.0, časové razítko 0x49a665ae, kód výjimky
0xc0000005, posun chyby 0x000cfa39, ID procesu 0x3f8, čas spuštění aplikace 0x01ca0944d2c8efce.

Error - 20.7.2009 13:07:25 | Computer Name = PC-pokoj | Source = Application Error | ID = 1000
Description = Chybující aplikace GSvr.exe, verze 0.0.0.0, časové razítko 0x48773c29,
chybující modul GSvr.exe, verze 0.0.0.0, časové razítko 0x48773c29, kód výjimky
0xc0000005, posun chyby 0x000025e5, ID procesu 0x894, čas spuštění aplikace 0x01ca093e36707d1e.

[ System Events ]
Error - 17.7.2009 19:42:13 | Computer Name = Jakub-PC | Source = Ntfs | ID = 262281
Description = Výchozí správce prostředků transakcí na svazku E: zaznamenal neopakovatelnou
chybu a nemohl být spuštěn. Data obsahují kód chyby.

Error - 17.7.2009 19:42:45 | Computer Name = Jakub-PC | Source = Ntfs | ID = 262281
Description = Výchozí správce prostředků transakcí na svazku F: zaznamenal neopakovatelnou
chybu a nemohl být spuštěn. Data obsahují kód chyby.

Error - 17.7.2009 19:43:07 | Computer Name = Jakub-PC | Source = Ntfs | ID = 262281
Description = Výchozí správce prostředků transakcí na svazku F: zaznamenal neopakovatelnou
chybu a nemohl být spuštěn. Data obsahují kód chyby.

Error - 17.7.2009 19:43:07 | Computer Name = Jakub-PC | Source = Ntfs | ID = 262281
Description = Výchozí správce prostředků transakcí na svazku H: zaznamenal neopakovatelnou
chybu a nemohl být spuštěn. Data obsahují kód chyby.

Error - 17.7.2009 19:43:34 | Computer Name = Jakub-PC | Source = Ntfs | ID = 262281
Description = Výchozí správce prostředků transakcí na svazku H: zaznamenal neopakovatelnou
chybu a nemohl být spuštěn. Data obsahují kód chyby.

Error - 17.7.2009 19:45:12 | Computer Name = Jakub-PC | Source = Ntfs | ID = 262281
Description = Výchozí správce prostředků transakcí na svazku H: zaznamenal neopakovatelnou
chybu a nemohl být spuštěn. Data obsahují kód chyby.

Error - 17.7.2009 19:45:12 | Computer Name = Jakub-PC | Source = Ntfs | ID = 262281
Description = Výchozí správce prostředků transakcí na svazku F: zaznamenal neopakovatelnou
chybu a nemohl být spuštěn. Data obsahují kód chyby.

Error - 18.7.2009 4:25:46 | Computer Name = Jakub-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 18.7.2009 9:43:17 | Computer Name = Jakub-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 18.7.2009 12:37:01 | Computer Name = PC-pokoj | Source = Service Control Manager | ID = 7034
Description =


< End of report >
Nahoru
BiScHop
Level 3
Level 3
Příspěvky: 591
Registrován: leden 09
Bydliště: Děčín
Pohlaví: Muž
Stav:
Offline
Kontakt:
Kontaktovat uživatele BiScHop

Re: TrojanDownloader - prosim kontrolu

Příspěvekod BiScHop » 20 črc 2009 19:16

log z mbam

Malwarebytes' Anti-Malware 1.39
Verze databáze: 2466
Windows 6.0.6001 Service Pack 1

20.7.2009 16:09:16
mbam-log-2009-07-20 (16-09-08).txt
a
Typ skenu: Rychlý sken
Objektu skenováno: 77049
Uplynulý cas: 3 minute(s), 6 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 3
Infikované hodnoty registru: 0
Infikované položky dat registru: 1
Infikované složky: 0
Infikované soubory: 2

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\ColdWare (Malware.Trace) -> No action taken.

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
c:\Windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> No action taken.
C:\Windows\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job (Trojan.Downloader) -> No action taken.


logy z otl

Extras

OTL Extras logfile created on: 20.7.2009 19:10:44 - Run 1
OTL by OldTimer - Version 3.0.9.2 Folder = C:\Users\Jakub\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18783)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

4,00 Gb Total Physical Memory | 3,07 Gb Available Physical Memory | 76,72% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74,50 Gb Total Space | 38,59 Gb Free Space | 51,79% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 356,28 Gb Free Space | 76,49% Space Free | Partition Type: NTFS
Drive E: | 403,61 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC-POKOJ
Current User Name: Jakub
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe ()
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html[@ = Opera.HTML] -- D:\Programy\Opera\opera.exe (Opera Software)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE ()
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE ()
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe ()
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe ()
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE ()
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe ()
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe ()
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe ()
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- D:\Programy\Opera\opera.exe (Opera Software)
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 30 55 50 35 A6 08 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{BC02737B-6632-4B29-872B-9C4A6EE8CF36}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00CDE41B-BDDE-40CF-AD49-273F136749CC}" = protocol=6 | dir=in | app=d:\games\assassin's creed\assassinscreed_launcher.exe |
"{029A0788-9E97-4316-A92C-E7A9C2B6438E}" = protocol=6 | dir=in | app=d:\games\assassin's creed\assassinscreed_dx10.exe |
"{042FBA65-022D-479F-8D2B-8F210E203BE1}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{055E7FE8-9BD5-42B7-B0B0-AF4D5B7574E0}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{0ACDF198-B03E-4940-AB63-072726681BD6}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{1DDA8363-80B3-4C13-9660-F6EEBEC14A33}" = protocol=6 | dir=in | app=d:\games\gta iv\rockstar games social club\rgsclauncher.exe |
"{386E213A-5D80-4496-9CFC-9654166EAF7A}" = protocol=17 | dir=in | app=d:\games\assassin's creed\assassinscreed_dx10.exe |
"{45ADE6BA-5D37-4F0C-A0A1-193BE7E29953}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{48A7E930-4466-4BC1-8625-8243E4CDCB7F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{6314767D-0A51-4EB5-ABE8-A5ABD6C14667}" = protocol=6 | dir=out | app=c:\program files (x86)\windows media player\wmplayer.exe |
"{6651BAAE-7ACE-4D88-B64E-C6AF3C8F393A}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{68974A48-3ABC-466E-B189-83E758EA10E2}" = protocol=17 | dir=in | app=d:\games\assassin's creed\assassinscreed_launcher.exe |
"{6D21C972-67DC-4046-8710-2E93B96DC922}" = protocol=17 | dir=in | app=d:\games\gta iv\rockstar games social club\rgsclauncher.exe |
"{8FAF2A0A-6E76-4F25-B1FB-6A4E527BED1F}" = protocol=17 | dir=in | app=c:\program files (x86)\windows media player\wmplayer.exe |
"{9767A469-22EE-4ADC-B4AE-109306783842}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{A6953A45-5B35-4B0A-AD0A-950AC6C51187}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{B3CF2F5F-A6D3-4537-B39F-B3635A92A99C}" = protocol=17 | dir=out | app=c:\program files (x86)\windows media player\wmplayer.exe |
"{CE308B57-FA7E-4B2F-9ABC-D85A55242743}" = protocol=6 | dir=in | app=d:\games\assassin's creed\assassinscreed_dx9.exe |
"{DAE20433-B22E-44EE-9256-2DEBFDB3950D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{DDCE8AC2-1AD8-4178-8FDA-37B903F9098F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{E71B8693-F36B-4A51-85CB-FDF76267A6A4}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{E8BE27AD-5017-4CE4-B3F9-0D2B246CD389}" = protocol=17 | dir=in | app=d:\games\assassin's creed\assassinscreed_dx9.exe |
"{EE561469-BDB7-4F02-855C-6E96DC6A8F4B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{EF482486-011D-4A2D-9144-5BFF62D13B6F}" = dir=in | app=d:\programy\skype\phone\skype.exe |
"{FAEE4177-C2B1-4531-AA7C-528F5DCC2B93}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"TCP Query User{0F5CDA9B-0003-40BF-ABE1-A04EC305B24A}D:\programy\icq 6.5\icq6.5\icq.exe" = protocol=6 | dir=in | app=d:\programy\icq 6.5\icq6.5\icq.exe |
"TCP Query User{6A74D669-009E-478D-B397-A28C0EE229E2}D:\instalace\hry\gta iv\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=d:\instalace\hry\gta iv\rockstar games\grand theft auto iv\gtaiv.exe |
"TCP Query User{8CF2F3BA-0564-4505-8AF2-D1F1BF1BC6AE}D:\games\battlestations pacific\bsp.exe" = protocol=6 | dir=in | app=d:\games\battlestations pacific\bsp.exe |
"TCP Query User{9FBE3345-64AB-4DC7-A86C-77887D1F6A51}D:\programy\icq6.5\icq.exe" = protocol=6 | dir=in | app=d:\programy\icq6.5\icq.exe |
"TCP Query User{B11DBF16-BA9C-470A-8A60-0E46B629B7F3}D:\games\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=d:\games\rockstar games\grand theft auto iv\gtaiv.exe |
"TCP Query User{BB09E402-24FA-4623-9A85-BBD28BAD0685}D:\games\battlestations\bsp.exe" = protocol=6 | dir=in | app=d:\games\battlestations\bsp.exe |
"TCP Query User{D0F87802-591D-42EC-A48D-FA428BE73525}D:\games\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=d:\games\call of duty 2\cod2mp_s.exe |
"UDP Query User{38557F50-1626-48A6-B52F-99785DBF0396}D:\games\battlestations\bsp.exe" = protocol=17 | dir=in | app=d:\games\battlestations\bsp.exe |
"UDP Query User{478DCE24-4880-4EE2-8E73-BBEB7628FECE}D:\programy\icq 6.5\icq6.5\icq.exe" = protocol=17 | dir=in | app=d:\programy\icq 6.5\icq6.5\icq.exe |
"UDP Query User{7A2D7BF5-BA8A-40FF-9B1A-958AED30FC7E}D:\games\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=d:\games\rockstar games\grand theft auto iv\gtaiv.exe |
"UDP Query User{A61A9511-BE0E-425D-BF20-0F35BAAD37C9}D:\programy\icq6.5\icq.exe" = protocol=17 | dir=in | app=d:\programy\icq6.5\icq.exe |
"UDP Query User{A6963521-EAB9-4FEE-846D-3A2EDDDEEF4C}D:\games\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=d:\games\call of duty 2\cod2mp_s.exe |
"UDP Query User{B0199844-855E-415F-903B-FB6DDA90C827}D:\games\battlestations pacific\bsp.exe" = protocol=17 | dir=in | app=d:\games\battlestations pacific\bsp.exe |
"UDP Query User{B41E7012-10B5-4495-8025-E583AD59CB83}D:\instalace\hry\gta iv\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=d:\instalace\hry\gta iv\rockstar games\grand theft auto iv\gtaiv.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP140_series" = Canon MP140 series
"{4B89C2AC-01E9-E43F-AF2F-B31417738ECF}" = ccc-utility64
"{52784483-7088-4A4C-81E2-808303AD98F5}" = Apple Mobile Device Support
"{8187A70D-6128-4D53-B1D5-7ACE977421A4}" = ESET NOD32 Antivirus
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0405-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Czech) 2007
"{A199A422-181A-AC10-9924-8A93C3CAFBC9}" = ATI Catalyst Install Manager
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1EF69B7-7A97-40FC-9AF1-6D6656FF874F}" = ATI AVIVO64 Codecs
"{DD73CA82-EA82-38AA-863D-9A24A018DC96}" = Microsoft .NET Framework 3.5 Language Pack SP1 - csy
"Microsoft .NET Framework 3.5 Language Pack SP1 - csy" = Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{1F55A4A2-E6F2-BB7C-4FE8-E974307B5139}" = Skins
"{216DFC20-539C-3580-4BC0-56FC3B86B77C}" = Catalyst Control Center Graphics Full Existing
"{2242AE36-597E-3F40-6CEC-A4A2ADFE7C7C}" = CCC Help Danish
"{2300EE96-0A41-4FAB-BD03-989EC44577A0}" = Acronis Disk Director Suite
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{2BC019B5-5BED-3D59-FD12-8A749D603711}" = Catalyst Control Center InstallProxy
"{3DC9AB06-E15F-C08C-29CC-6800211EFF88}" = CCC Help Thai
"{3E68F081-A1B6-6D0D-F18A-FD282794A31A}" = Catalyst Control Center Graphics Previews Vista
"{46F29895-7150-490C-DD8F-7D14EFBE3647}" = Catalyst Control Center Core Implementation
"{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}" = Microsoft Games for Windows - LIVE
"{4EDB23D5-E470-5EBB-E9AA-57E8A8E3F027}" = CCC Help Chinese Traditional
"{5324C4B8-8FEF-BBF2-3AF4-A84BE704CAE7}" = Catalyst Control Center Localization All
"{5D0D9DAA-0B40-CD7D-2105-9B06A2395A4C}" = CCC Help Czech
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{63AFACBC-4795-4A1B-8037-5085DC03FC54}" = Microsoft LifeCam
"{66DD0CFA-BE81-690F-5010-196F0690F60D}" = Catalyst Control Center Graphics Full New
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AAC3D10-BFC1-E120-BB90-899100C2378F}" = CCC Help Korean
"{6B1D7AF4-66A5-C8CB-0B12-FA098E05D364}" = CCC Help Dutch
"{6C2EEBE0-ABBD-3788-BDB3-CFDF608FF4C3}" = CCC Help Norwegian
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{79B094A9-3057-304C-AAAD-538740D5499F}" = CCC Help Portuguese
"{7ED169D4-5053-4166-93DF-53B12AE6C539}" = Energy Saver Advance B8.0711.1
"{8219CCD5-F180-E9A5-4C9F-182DE487481C}" = CCC Help Chinese Standard
"{869613B5-A810-3824-A21B-793DC2162B3B}" = CCC Help Hungarian
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{91C999BC-B75F-9A0A-D7EB-7ED7DE80D9FB}" = CCC Help Italian
"{9B99E43D-17A7-9FCE-D75C-9DD75DCD17C5}" = CCC Help English
"{A21A680B-247A-BCA9-0A9E-5697A7762D0D}" = Catalyst Control Center Graphics Light
"{A3D9DC5F-EE44-0DB6-285E-9E5B0D14F538}" = CCC Help German
"{AC76BA86-7AD7-1029-7B44-A91000000001}" = Adobe Reader 9.1 - Czech
"{B4F00577-506C-8D49-B403-938B5EE4E48A}" = CCC Help Spanish
"{BBAB6D5D-1DD4-4D46-B5D9-121DCAB17DEC}" = Battlestations: Pacific
"{BC329EF3-480F-B21D-043E-BA200DE278B4}" = CCC Help Turkish
"{BF025B72-15EF-326D-9D23-3F62C0DD11C1}" = HydraVision
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C9D70E19-9BBA-EDA6-93CD-D8003384E023}" = CCC Help Russian
"{CF760669-E69E-6D7D-6ACE-296A3542308C}" = CCC Help Greek
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D3CAE573-EE40-662D-FCDE-765A2BD5A48A}" = Catalyst Control Center HydraVision Full
"{D40860F1-29A2-BC5B-DC4B-C015D5A049BF}" = CCC Help Japanese
"{E1BBBAC5-2857-4155-82A6-54492CE88620}" = Opera 9.64
"{E31EB198-FD4C-905C-F59D-AC427EC7243D}" = CCC Help Polish
"{E3D6180E-D82F-FF98-D1C3-B42365A0F08E}" = Catalyst Control Center Graphics Previews Common
"{E57E6C57-6861-5621-DFE8-F584FA06DA6A}" = CCC Help Swedish
"{E8AEA11B-E60A-455E-B008-E4E763604612}" = Browser Configuration Utility
"{E9E53D25-D56D-F165-4067-12DB24F4E19C}" = ccc-core-static
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"{F4C5CDA5-A1C2-1A34-3074-A40D583FCB92}" = CCC Help French
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FD052FB9-FE90-4438-B355-15EDC89D8FB1}" = Microsoft Games for Windows - LIVE Redistributable
"{FE6862FE-2A9A-73F7-5FFB-5D8F47DC8611}" = CCC Help Finnish
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AuranTS2009_is1" = Trainz Simulator 2009: World Builder Edition
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.00
"GameParkClient_is1" = GamePark
"HijackThis" = HijackThis 2.0.2
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Project: Snowblind" = Project: Snowblind 1.0
"Totalcmd" = Total Commander (Remove or Repair)
"WinRAR archiver" = WinRAR
"winscp3_is1" = WinSCP 4.1.7

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 20.7.2009 6:49:11 | Computer Name = PC-pokoj | Source = Application Hang | ID = 1002
Description = Program gtaiv.exe verze 1.0.2.0 přestal spolupracovat se systémem
Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto
problému, vyhledejte historii problému v ovládacím panelu Oznámení a řešení problémů.
ID
procesu: 16f0 Čas zahájení: 01ca0927411c9353 Čas ukončení: 83

Error - 20.7.2009 7:00:46 | Computer Name = PC-pokoj | Source = System Restore | ID = 8193
Description =

Error - 20.7.2009 7:27:41 | Computer Name = PC-pokoj | Source = Application Error | ID = 1000
Description = Chybující aplikace gtaiv.exe, verze 1.0.2.0, časové razítko 0x494ff743,
chybující modul gtaiv.exe, verze 1.0.2.0, časové razítko 0x494ff743, kód výjimky
0xc0000005, posun chyby 0x003a834b, ID procesu 0x1124, čas spuštění aplikace 0x01ca0927e2c75323.

Error - 20.7.2009 7:29:05 | Computer Name = PC-pokoj | Source = Perflib | ID = 1023
Description =

Error - 20.7.2009 7:29:05 | Computer Name = PC-pokoj | Source = Perflib | ID = 1023
Description =

Error - 20.7.2009 8:14:07 | Computer Name = PC-pokoj | Source = System Restore | ID = 8193
Description =

Error - 20.7.2009 9:00:48 | Computer Name = PC-pokoj | Source = System Restore | ID = 8193
Description =

Error - 20.7.2009 10:14:16 | Computer Name = PC-pokoj | Source = System Restore | ID = 8193
Description =

Error - 20.7.2009 10:17:46 | Computer Name = PC-pokoj | Source = Application Error | ID = 1000
Description = Chybující aplikace opera.exe, verze 9.64.10487.0, časové razítko 0x49a6659c,
chybující modul Opera.dll, verze 9.64.10487.0, časové razítko 0x49a665ae, kód výjimky
0xc0000005, posun chyby 0x000cfa39, ID procesu 0x3f8, čas spuštění aplikace 0x01ca0944d2c8efce.

Error - 20.7.2009 13:07:25 | Computer Name = PC-pokoj | Source = Application Error | ID = 1000
Description = Chybující aplikace GSvr.exe, verze 0.0.0.0, časové razítko 0x48773c29,
chybující modul GSvr.exe, verze 0.0.0.0, časové razítko 0x48773c29, kód výjimky
0xc0000005, posun chyby 0x000025e5, ID procesu 0x894, čas spuštění aplikace 0x01ca093e36707d1e.

[ System Events ]
Error - 17.7.2009 19:42:13 | Computer Name = Jakub-PC | Source = Ntfs | ID = 262281
Description = Výchozí správce prostředků transakcí na svazku E: zaznamenal neopakovatelnou
chybu a nemohl být spuštěn. Data obsahují kód chyby.

Error - 17.7.2009 19:42:45 | Computer Name = Jakub-PC | Source = Ntfs | ID = 262281
Description = Výchozí správce prostředků transakcí na svazku F: zaznamenal neopakovatelnou
chybu a nemohl být spuštěn. Data obsahují kód chyby.

Error - 17.7.2009 19:43:07 | Computer Name = Jakub-PC | Source = Ntfs | ID = 262281
Description = Výchozí správce prostředků transakcí na svazku F: zaznamenal neopakovatelnou
chybu a nemohl být spuštěn. Data obsahují kód chyby.

Error - 17.7.2009 19:43:07 | Computer Name = Jakub-PC | Source = Ntfs | ID = 262281
Description = Výchozí správce prostředků transakcí na svazku H: zaznamenal neopakovatelnou
chybu a nemohl být spuštěn. Data obsahují kód chyby.

Error - 17.7.2009 19:43:34 | Computer Name = Jakub-PC | Source = Ntfs | ID = 262281
Description = Výchozí správce prostředků transakcí na svazku H: zaznamenal neopakovatelnou
chybu a nemohl být spuštěn. Data obsahují kód chyby.

Error - 17.7.2009 19:45:12 | Computer Name = Jakub-PC | Source = Ntfs | ID = 262281
Description = Výchozí správce prostředků transakcí na svazku H: zaznamenal neopakovatelnou
chybu a nemohl být spuštěn. Data obsahují kód chyby.

Error - 17.7.2009 19:45:12 | Computer Name = Jakub-PC | Source = Ntfs | ID = 262281
Description = Výchozí správce prostředků transakcí na svazku F: zaznamenal neopakovatelnou
chybu a nemohl být spuštěn. Data obsahují kód chyby.

Error - 18.7.2009 4:25:46 | Computer Name = Jakub-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 18.7.2009 9:43:17 | Computer Name = Jakub-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 18.7.2009 12:37:01 | Computer Name = PC-pokoj | Source = Service Control Manager | ID = 7034
Description =


< End of report >
Nahoru
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43294
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: TrojanDownloader - prosim kontrolu

Příspěvekod jaro3 » 20 črc 2009 19:57

MbAM , špatně , měl si nákazy smazat , dáváš jen sken, zkus to znovu:

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit log z MbAM.

Stáhni si RSIT (by random/random)
- spusť ho, objeví se ti okno, tak pro pokračování klikni na Continue
- počkej až program proběhne a zobrazí se ti log jinak ho najdeš zde: C:\rsit\log.txt zkopíruj sem prosím celý jeho obsah
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Nahoru
Odpovědět

Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 102 hostů