prosim o kontrolu logu...diky

jaboos · Příspěvekod **jaboos** » 25 úno 2007 17:06

Logfile of HijackThis v1.99.1
Scan saved at 17:05:34, on 25.3.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
I:\Program Files\Avast4\aswUpdSv.exe
I:\Program Files\Avast4\ashServ.exe
I:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
H:\WINDOWS\System32\nvsvc32.exe
H:\WINDOWS\System32\svchost.exe
I:\Program Files\Avast4\ashWebSv.exe
I:\Program Files\Avast4\ashMaiSv.exe
I:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
I:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\System32\RUNDLL32.EXE
I:\Program Files\Winamp\winampa.exe
H:\WINDOWS\System32\rundll32.exe
I:\PROGRA~1\Avast4\ashDisp.exe
I:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
H:\WINDOWS\SOUNDMAN.EXE
I:\Program Files\ICQLite\ICQLite.exe
H:\Program Files\Common Files\Real\Update_OB\realsched.exe
I:\Program Files\TopDesk\topdesk.exe
H:\WINDOWS\System32\ctfmon.exe
H:\Program Files\Internet Explorer\iexplore.exe
h:\progra~1\intern~1\iexplore.exe
H:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
I:\Program Files\Adobe\Acrobat 5.0 CE\Reader\AcroRd32.exe
I:\Program Files\Winamp\Winamp.exe
H:\Documents and Settings\Dušan.JABOOS\Plocha\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - I:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - I:\Program Files\GetRight\xx2gr.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - H:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - h:\program files\google\googletoolbar3.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - H:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - H:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - H:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - I:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - H:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] I:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "H:\WINDOWS\TEMP\E_S8A.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [avast!] I:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RemoteControl] "I:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ICQ Lite] "I:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [TkBellExe] "H:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TopDesk] I:\Program Files\TopDesk\topdesk.exe
O4 - HKLM\..\Run: [proc setup bows burn] H:\Documents and Settings\All Users\Data aplikací\ace dale proc setup\TestExtra.exe
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4000 Series] H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "H:\DOCUME~1\DUŠAN~1.JAB\LOCALS~1\Temp\E_SD.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Skype] "I:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [RealPlayer] "I:\PROGRA~1\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [swg] H:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Dash Live] H:\DOCUME~1\DUŠAN~1.JAB\DATAAP~1\MAGSSO~1\INTERNETCHINTOOL.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] I:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: GetRight - Tray Icon.lnk = I:\Program Files\GetRight\getright.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://I:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Download with GetRight Pro - I:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://I:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Pro Browser - I:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - I:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - I:\Program Files\ICQLite\ICQLite.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - I:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - I:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - I:\Program Files\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - I:\Program Files\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - I:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\System32\nvsvc32.exe

Reklama

sakiri · Příspěvekod **sakiri** » 25 úno 2007 18:12

prosím tě otestuj tyto soubory na Virustotalu:
H:\Documents and Settings\All Users\Data aplikací\ace dale proc setup\TestExtra.exe
H:\DOCUME~1\DUŠAN~1.JAB\DATAAP~1\MAGSSO~1\INTERNETCHINTOOL.exe

Pro lepší nalezení si zapni zobrazovat skryté a systémové soubory.
A zkopíruj sem výsledky.

jaboos · Příspěvekod **jaboos** » 25 úno 2007 19:38

Complete scanning result of "TestExtra.exe_", received in VirusTotal at 02.25.2007, 19:22:46 (CET).

Antivirus Version Update Result
AntiVir 7.3.1.38 02.25.2007 TR/Dldr.Swizzor.Gen
Authentium 4.93.8 02.25.2007 no virus found
Avast 4.7.936.0 02.23.2007 no virus found
AVG 386 02.25.2007 no virus found
BitDefender 7.2 02.25.2007 Trojan.FatObfus.Gen
CAT-QuickHeal 9.00 02.24.2007 no virus found
ClamAV devel-20060426 02.25.2007 no virus found
DrWeb 4.33 02.25.2007 no virus found
eSafe 7.0.14.0 02.25.2007 no virus found
eTrust-Vet 30.4.3424 02.23.2007 no virus found
Ewido 4.0 02.25.2007 no virus found
FileAdvisor 1 02.25.2007 no virus found
Fortinet 2.85.0.0 02.25.2007 suspicious
F-Prot 4.3.1.45 02.25.2007 no virus found
F-Secure 6.70.13030.0 02.25.2007 no virus found
Ikarus T3.1.0.31 02.25.2007 not-a-virus:AdWare.Win32.Lop.ag
Kaspersky 4.0.2.24 02.25.2007 no virus found
McAfee 4970 02.23.2007 no virus found
Microsoft 1.2204 02.25.2007 no virus found
NOD32v2 2080 02.25.2007 no virus found
Norman 5.80.02 02.23.2007 no virus found
Panda 9.0.0.4 02.25.2007 Adware/Lop
Prevx1 V2 02.25.2007 Adware.Lop
Sophos 4.14.0 02.24.2007 no virus found
Sunbelt 2.2.907.0 02.24.2007 no virus found
Symantec 10 02.25.2007 no virus found
TheHacker 6.1.6.064 02.25.2007 no virus found
UNA 1.83 02.23.2007 no virus found
VBA32 3.11.2 02.24.2007 suspected of Trojan-Downloader.Obfuscated.1 (paranoid heuristics)
VirusBuster 4.3.19:9 02.25.2007 Adware.Lop.Gen

Aditional Information
File size: 557568 bytes
MD5: 8ce1daf7ce0db5750335c68e16b43e51
SHA1: 6cca5df033e3f14fb9e84035d256c71e462a4103
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PXC=b28677396946

jaboos · Příspěvekod **jaboos** » 25 úno 2007 19:54

Complete scanning result of "INTERNETCHINTOOL.exe_", received in VirusTotal at 02.25.2007, 19:46:07 (CET).

Antivirus Version Update Result
AntiVir 7.3.1.38 02.25.2007 TR/Dldr.Swizzor.Gen
Authentium 4.93.8 02.25.2007 no virus found
Avast 4.7.936.0 02.23.2007 no virus found
AVG 386 02.25.2007 no virus found
BitDefender 7.2 02.25.2007 Trojan.FatObfus.Gen
CAT-QuickHeal 9.00 02.24.2007 (Suspicious) - DNAScan
ClamAV devel-20060426 02.25.2007 no virus found
DrWeb 4.33 02.25.2007 no virus found
eSafe 7.0.14.0 02.25.2007 no virus found
eTrust-Vet 30.4.3424 02.23.2007 no virus found
Ewido 4.0 02.25.2007 no virus found
FileAdvisor 1 02.25.2007 no virus found
Fortinet 2.85.0.0 02.25.2007 suspicious
F-Prot 4.3.1.45 02.25.2007 no virus found
F-Secure 6.70.13030.0 02.25.2007 no virus found
Ikarus T3.1.0.31 02.25.2007 not-a-virus:AdWare.Win32.Lop.ag
Kaspersky 4.0.2.24 02.25.2007 no virus found
McAfee 4970 02.23.2007 no virus found
Microsoft 1.2204 02.25.2007 no virus found
NOD32v2 2080 02.25.2007 no virus found
Norman 5.80.02 02.23.2007 no virus found
Panda 9.0.0.4 02.25.2007 Adware/Lop
Prevx1 V2 02.25.2007 no virus found
Sophos 4.14.0 02.24.2007 no virus found
Sunbelt 2.2.907.0 02.24.2007 no virus found
Symantec 10 02.25.2007 no virus found
TheHacker 6.1.6.064 02.25.2007 no virus found
UNA 1.83 02.23.2007 no virus found
VBA32 3.11.2 02.25.2007 suspected of Trojan-Downloader.Obfuscated.1 (paranoid heuristics)
VirusBuster 4.3.19:9 02.25.2007 Adware.Lop.Gen

Aditional Information
File size: 451072 bytes
MD5: a116f291540a1be5e354841443b22930
SHA1: 58b02bc63fae4bbce69ee9bde7f97a1d0ec5afcc

Příspěvekod **fredik** » 25 úno 2007 20:03

sakiri tu momentálně není tak se mu tu jemně nabourám použij toto podle návodu jak je zmíněno: Nolop

jaboos · Příspěvekod **jaboos** » 25 úno 2007 20:21

NoLop! Log by Skate_Punk_21

Fix running from: H:\Program Files\Mozilla Firefox
[25.3.2007]
[20:13:51]

---Infection Files Found/Removed---
H:\WINDOWS\tasks\A594C5CE91A379E2.job

Beginning Removal...
Rebooting...
Removing Lop's Leftover Files/Folders...
Editing Registry...
**Fix Complete!**

---Listing AppData sub directories---

Logfile of HijackThis v1.99.1
Scan saved at 20:20:22, on 25.3.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
I:\Program Files\Avast4\aswUpdSv.exe
I:\Program Files\Avast4\ashServ.exe
I:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
H:\WINDOWS\System32\nvsvc32.exe
H:\WINDOWS\System32\svchost.exe
I:\Program Files\Avast4\ashMaiSv.exe
I:\Program Files\Avast4\ashWebSv.exe
I:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
H:\WINDOWS\Explorer.EXE
I:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
H:\WINDOWS\System32\RUNDLL32.EXE
H:\WINDOWS\System32\rundll32.exe
I:\Program Files\Winamp\winampa.exe
I:\PROGRA~1\Avast4\ashDisp.exe
I:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
H:\WINDOWS\SOUNDMAN.EXE
I:\Program Files\ICQLite\ICQLite.exe
H:\Program Files\Common Files\Real\Update_OB\realsched.exe
I:\Program Files\TopDesk\topdesk.exe
H:\WINDOWS\System32\ctfmon.exe
H:\Program Files\Internet Explorer\iexplore.exe
h:\progra~1\intern~1\iexplore.exe
I:\Program Files\Skype\Phone\Skype.exe
H:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
I:\Program Files\GetRight\getright.exe
I:\Program Files\Skype\Plugin Manager\SkypePM.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\Documents and Settings\Dušan.JABOOS\Plocha\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - I:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - I:\Program Files\GetRight\xx2gr.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - H:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - h:\program files\google\googletoolbar3.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - H:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - H:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - H:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - I:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - H:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] I:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "H:\WINDOWS\TEMP\E_S8A.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [avast!] I:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RemoteControl] "I:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ICQ Lite] "I:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [TkBellExe] "H:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TopDesk] I:\Program Files\TopDesk\topdesk.exe
O4 - HKLM\..\Run: [proc setup bows burn] H:\Documents and Settings\All Users\Data aplikací\ace dale proc setup\TestExtra.exe
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4000 Series] H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "H:\DOCUME~1\DUŠAN~1.JAB\LOCALS~1\Temp\E_SD.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Skype] "I:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [RealPlayer] "I:\PROGRA~1\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [swg] H:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Dash Live] H:\DOCUME~1\DUŠAN~1.JAB\DATAAP~1\MAGSSO~1\INTERNETCHINTOOL.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] I:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: GetRight - Tray Icon.lnk = I:\Program Files\GetRight\getright.exe
O4 - Global Startup: NoLop.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://I:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Download with GetRight Pro - I:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://I:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Pro Browser - I:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - I:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - I:\Program Files\ICQLite\ICQLite.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - I:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - I:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - I:\Program Files\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - I:\Program Files\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - I:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\System32\nvsvc32.exe

Příspěvekod **fredik** » 25 úno 2007 20:36

Ještě pro jistoto udělej toto:
Stáhni si aplikaci LopFind - http://sweb.cz/Marinus/LopFind.bat
Spusť ji a vlož sem log, který se objeví.

jaboos · Příspěvekod **jaboos** » 25 úno 2007 20:38

******************************************

1) Výpis obsahů Application Data složek pro zjištění podezřelých adresářů:

Svazek v jednotce H nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je 1801-C356.

Věpis adres ýe H:\Documents and Settings\All Users\DATAAP~1

21.02.2007 10:50 <DIR> ace dale proc setup
17.02.2007 18:20 <DIR> Google
11.02.2007 10:05 <DIR> Skype
04.02.2007 14:35 <DIR> nView_Profiles
03.02.2007 13:22 <DIR> Martau
01.02.2007 18:09 <DIR> CyberLink
30.01.2007 15:12 <DIR> UDL
26.01.2007 17:28 <DIR> QuickTime
28.12.2006 16:10 62 desktop.ini
28.12.2006 16:09 <DIR> Microsoft
28.12.2006 16:09 <DIR> .
28.12.2006 16:09 <DIR> ..
1 soubor…, 62 bajt…
Adres ý…: 11, Volněch bajt…: 74113024
Svazek v jednotce H nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je 1801-C356.

Věpis adres ýe H:\Documents and Settings\Duçan.JABOOS\DATAAP~1

24.03.2007 12:40 34 pcouffin.log
24.03.2007 12:40 1074 pcouffin.cat
24.03.2007 12:40 47360 pcouffin.sys
24.03.2007 12:40 1144 pcouffin.inf
24.03.2007 12:40 87608 ezpinst.exe
24.03.2007 12:40 <DIR> Vso
21.02.2007 19:34 <DIR> RapidGet
21.02.2007 10:50 <DIR> Mags Software Time
21.02.2007 10:50 <DIR> NetPumper
20.02.2007 14:01 <DIR> WNR
14.02.2007 19:14 <DIR> Google
14.02.2007 13:41 <DIR> Help
13.02.2007 19:21 <DIR> Sun
13.02.2007 11:26 <DIR> Mozilla
12.02.2007 22:01 <DIR> MegauploadToolbar
12.02.2007 16:25 <DIR> Adobe
12.02.2007 13:17 <DIR> ICQLite
12.02.2007 13:15 <DIR> Macromedia
12.02.2007 12:58 <DIR> Mikrotik
11.02.2007 10:12 <DIR> XnView
11.02.2007 10:05 <DIR> Skype
11.02.2007 10:01 <DIR> ACD Systems
11.02.2007 09:59 <DIR> uTorrent
10.02.2007 18:57 <DIR> Lavasoft
07.02.2007 17:09 <DIR> Talkback
01.02.2007 18:10 <DIR> CyberLink
30.01.2007 15:31 <DIR> EPSON
23.01.2007 16:24 <DIR> Real
23.01.2007 16:23 <DIR> Identities
23.01.2007 16:23 62 desktop.ini
23.01.2007 16:23 <DIR> ..
23.01.2007 16:23 <DIR> .
23.01.2007 16:23 <DIR> Microsoft
6 soubor…, 137282 bajt…
Adres ý…: 27, Volněch bajt…: 74113024
Svazek v jednotce H nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je 1801-C356.

Věpis adres ýe H:\Documents and Settings\Duçan.JABOOS\DATAAP~1

24.03.2007 12:40 34 pcouffin.log
24.03.2007 12:40 1074 pcouffin.cat
24.03.2007 12:40 47360 pcouffin.sys
24.03.2007 12:40 1144 pcouffin.inf
24.03.2007 12:40 87608 ezpinst.exe
24.03.2007 12:40 <DIR> Vso
21.02.2007 19:34 <DIR> RapidGet
21.02.2007 10:50 <DIR> Mags Software Time
21.02.2007 10:50 <DIR> NetPumper
20.02.2007 14:01 <DIR> WNR
14.02.2007 19:14 <DIR> Google
14.02.2007 13:41 <DIR> Help
13.02.2007 19:21 <DIR> Sun
13.02.2007 11:26 <DIR> Mozilla
12.02.2007 22:01 <DIR> MegauploadToolbar
12.02.2007 16:25 <DIR> Adobe
12.02.2007 13:17 <DIR> ICQLite
12.02.2007 13:15 <DIR> Macromedia
12.02.2007 12:58 <DIR> Mikrotik
11.02.2007 10:12 <DIR> XnView
11.02.2007 10:05 <DIR> Skype
11.02.2007 10:01 <DIR> ACD Systems
11.02.2007 09:59 <DIR> uTorrent
10.02.2007 18:57 <DIR> Lavasoft
07.02.2007 17:09 <DIR> Talkback
01.02.2007 18:10 <DIR> CyberLink
30.01.2007 15:31 <DIR> EPSON
23.01.2007 16:24 <DIR> Real
23.01.2007 16:23 <DIR> Identities
23.01.2007 16:23 62 desktop.ini
23.01.2007 16:23 <DIR> ..
23.01.2007 16:23 <DIR> .
23.01.2007 16:23 <DIR> Microsoft
6 soubor…, 137282 bajt…
Adres ý…: 27, Volněch bajt…: 73981952
Svazek v jednotce H nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je 1801-C356.

Věpis adres ýe H:\Documents and Settings\Default User\DATAAP~1

28.12.2006 16:10 62 desktop.ini
28.12.2006 16:09 <DIR> Microsoft
28.12.2006 16:09 <DIR> ..
28.12.2006 16:09 <DIR> .
1 soubor…, 62 bajt…
Adres ý…: 3, Volněch bajt…: 74108928
Svazek v jednotce H nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je 1801-C356.

Věpis adres ýe H:\Documents and Settings\LocalService\DATAAP~1

28.12.2006 16:19 <DIR> ..
28.12.2006 16:19 <DIR> Microsoft
28.12.2006 16:19 <DIR> .
0 soubor…, 0 bajt…
Adres ý…: 3, Volněch bajt…: 74108928
Svazek v jednotce H nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je 1801-C356.

Věpis adres ýe H:\Documents and Settings\NetworkService\DATAAP~1

28.12.2006 16:19 <DIR> ..
28.12.2006 16:19 <DIR> Microsoft
28.12.2006 16:19 <DIR> .
0 soubor…, 0 bajt…
Adres ý…: 3, Volněch bajt…: 74108928

******************************************

2) Vyhledávání a odstranění podezřelých .job souborů:

a) Soubory přítomné v H:\WINDOWS\tasks\ adresáři:

Svazek v jednotce H nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je 1801-C356.

Věpis adres ýe H:\WINDOWS\Tasks

28.12.2006 16:16 6 SA.DAT
28.12.2006 16:15 65 desktop.ini
28.12.2006 16:15 <DIR> ..
28.12.2006 16:15 <DIR> .
2 soubor…, 71 bajt…
Adres ý…: 2, Volněch bajt…: 74˙108˙928

––––––––––––––––––––––––––––––––––––––––––

b) Nalezené a odstraněné nežádoucí soubory:

––––––––––––––––––––––––––––––––––––––––––

c) Soubory přítomné v adresáři po vymazání:

Svazek v jednotce H nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je 1801-C356.

Věpis adres ýe H:\WINDOWS\Tasks

28.12.2006 16:16 6 SA.DAT
28.12.2006 16:15 65 desktop.ini
28.12.2006 16:15 <DIR> ..
28.12.2006 16:15 <DIR> .
2 soubor…, 71 bajt…
Adres ý…: 2, Volněch bajt…: 74˙100˙736

******************************************

3) Vyhledávání podvodných programů ve složce Program files:

Adresář H:\Program Files\Adv Nepřítomen !

Adresář H:\Program Files\Adverts Nepřítomen !

Adresář H:\Program Files\BitGrabber Nepřítomen !

Adresář H:\Program Files\BitRoll Nepřítomen !

Adresář H:\Program Files\C2Media Nepřítomen !

Adresář H:\Program Files\Download Plugin Nepřítomen !

Adresář H:\Program Files\Messenger Plus! 3 Nepřítomen !

Adresář H:\Program Files\NetPumper Nepřítomen !

Adresář H:\Program Files\Proxy download Nepřítomen !

Adresář H:\Program Files\SuperTorrent Nepřítomen !

Adresář H:\Program Files\Torrent101 Nepřítomen !

prosim o kontrolu logu...diky

prosim o kontrolu logu...diky

Kdo je online