Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:57:09, on 23.11.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdmds.exe] C:\WINDOWS\system32\kdmds.exe
O4 - HKLM\..\Run: [c472db4e] rundll32.exe "C:\WINDOWS\system32\xyhhoyvp.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKLM\..\Policies\Explorer\Run: [QuickTimeTask] C:\Program Files\Applications\wcs.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 7356404959
O17 - HKLM\System\CCS\Services\Tcpip\..\{0B8BE353-1799-427C-9BCE-99ECB2D6D740}: NameServer = 85.255.115.38,85.255.112.9
O17 - HKLM\System\CCS\Services\Tcpip\..\{1595BD0E-564A-471A-B43B-E06A385D16FA}: NameServer = 85.255.115.38,85.255.112.9
O17 - HKLM\System\CCS\Services\Tcpip\..\{6E118A31-4AB3-4459-80E7-1883A88BBDC4}: NameServer = 85.255.115.38,85.255.112.9
O17 - HKLM\System\CCS\Services\Tcpip\..\{F8A75FD4-BDD4-4A59-A7BD-00CBA52B1559}: NameServer = 85.255.115.38,85.255.112.9
O17 - HKLM\System\CS1\Services\Tcpip\..\{0B8BE353-1799-427C-9BCE-99ECB2D6D740}: NameServer = 85.255.115.38,85.255.112.9
O17 - HKLM\System\CS2\Services\Tcpip\..\{0B8BE353-1799-427C-9BCE-99ECB2D6D740}: NameServer = 85.255.115.38,85.255.112.9
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
--
End of file - 6081 bytes
prosím o kontrolu logu dík Vyřešeno
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: prosím o kontrolu logu dík
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Ještě je tam Wareout, ten potom.
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Ještě je tam Wareout, ten potom.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: prosím o kontrolu logu dík
Malwarebytes' Anti-Malware 1.30
Verze databáze: 1419
Windows 5.1.2600 Service Pack 2
23.11.2008 20:35:50
mbam-log-2008-11-23 (20-35-36).txt
Typ skenu: Rychlý sken
Objektu skenováno: 58879
Uplynulý cas: 6 minute(s), 26 second(s)
Infikované procesy pameti: 0
Infikované pametové moduly: 2
Infikované klíce registru: 18
Infikované hodnoty registru: 4
Infikované položky dat registru: 15
Infikované složky: 1
Infikované soubory: 27
Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)
Infikované pametové moduly:
C:\WINDOWS\system32\tuvWqPfE.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\xyhhoyvp.dll (Trojan.Vundo.H) -> No action taken.
Infikované klíce registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2c7d70ab-c281-45d2-8a52-fba8ef01cd47} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{2c7d70ab-c281-45d2-8a52-fba8ef01cd47} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\toolband.xttbpos00 (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{77d6ddfa-7834-4541-b2b3-a8b0fb0e3924} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4bd2d6c3-31dc-b947-23d0-dc52ec4f0c4c} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{855f3b16-6d32-4fe6-8a56-bbb695989046} (Adware.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{855f3b16-6d32-4fe6-8a56-bbb695989046} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\toolband.xttbpos00.1 (Adware.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2c7d70ab-c281-45d2-8a52-fba8ef01cd47} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Warning Center (Trojan.Zlob) -> No action taken.
HKEY_CLASSES_ROOT\multimediaControls.chl (Trojan.Zlob) -> No action taken.
Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c472db4e (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{855f3b16-6d32-4fe6-8a56-bbb695989046} (Adware.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{855f3b16-6d32-4fe6-8a56-bbb695989046} (Adware.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{855f3b16-6d32-4fe6-8a56-bbb695989046} (Adware.BHO) -> No action taken.
Infikované položky dat registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\tuvwqpfe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System (Rootkit.DNSChanger.H) -> Data: kdmds.exe -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\tuvwqpfe -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0b8be353-1799-427c-9bce-99ecb2d6d740}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.38,85.255.112.9 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1595bd0e-564a-471a-b43b-e06a385d16fa}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.38,85.255.112.9 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6e118a31-4ab3-4459-80e7-1883a88bbdc4}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.38,85.255.112.9 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f8a75fd4-bdd4-4a59-a7bd-00cba52b1559}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.38,85.255.112.9 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0b8be353-1799-427c-9bce-99ecb2d6d740}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.38,85.255.112.9 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1595bd0e-564a-471a-b43b-e06a385d16fa}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.38,85.255.112.9 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6e118a31-4ab3-4459-80e7-1883a88bbdc4}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.38,85.255.112.9 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{f8a75fd4-bdd4-4a59-a7bd-00cba52b1559}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.38,85.255.112.9 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{0b8be353-1799-427c-9bce-99ecb2d6d740}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.38,85.255.112.9 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{1595bd0e-564a-471a-b43b-e06a385d16fa}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.38,85.255.112.9 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{6e118a31-4ab3-4459-80e7-1883a88bbdc4}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.38,85.255.112.9 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{f8a75fd4-bdd4-4a59-a7bd-00cba52b1559}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.38,85.255.112.9 -> No action taken.
Infikované složky:
C:\resycled (Trojan.DNSChanger) -> No action taken.
Infikované soubory:
C:\WINDOWS\system32\tuvWqPfE.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\EfPqWvut.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\EfPqWvut.ini2 (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\jpbqdgbf.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\fbgdqbpj.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\lvurdrvi.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ivrdruvl.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\xyhhoyvp.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\pvyohhyx.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\kdmds.exe (Rootkit.DNSChanger.H) -> No action taken.
C:\Program Files\ICQToolbar\toolbaru.dll (Adware.BHO) -> No action taken.
C:\WINDOWS\system32\lcapyslx.dll (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Michal.MICHAL-5D758661\Local Settings\Temp\jtydbgpu.dll (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Michal.MICHAL-5D758661\Local Settings\Temporary Internet Files\Content.IE5\MD3CPSV6\zc113432[2] (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> No action taken.
C:\Program Files\Applications\wcu.exe (Trojan.Zlob) -> No action taken.
C:\Documents and Settings\Michal\Data aplikací\TmpRecentIcons\Vista Antivirus 2008.lnk (Rogue.Link) -> No action taken.
C:\WINDOWS\Temp\tempo-9B.tmp (Trojan.DNSChanger) -> No action taken.
C:\WINDOWS\Temp\tempo-053.tmp (Trojan.DNSChanger) -> No action taken.
C:\WINDOWS\Temp\tempo-415.tmp (Trojan.DNSChanger) -> No action taken.
C:\WINDOWS\Temp\tempo-42F.tmp (Trojan.DNSChanger) -> No action taken.
C:\Documents and Settings\Michal\Plocha\Spyware&Malware Protection.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Michal\Plocha\Privacy Protector.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Michal\Plocha\Error Cleaner.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Michal\Oblíbené položky\Error Cleaner.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Michal\Oblíbené položky\Privacy Protector.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Michal\Oblíbené položky\Spyware&Malware Protection.url (Rogue.Link) -> No action taken.
Verze databáze: 1419
Windows 5.1.2600 Service Pack 2
23.11.2008 20:35:50
mbam-log-2008-11-23 (20-35-36).txt
Typ skenu: Rychlý sken
Objektu skenováno: 58879
Uplynulý cas: 6 minute(s), 26 second(s)
Infikované procesy pameti: 0
Infikované pametové moduly: 2
Infikované klíce registru: 18
Infikované hodnoty registru: 4
Infikované položky dat registru: 15
Infikované složky: 1
Infikované soubory: 27
Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)
Infikované pametové moduly:
C:\WINDOWS\system32\tuvWqPfE.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\xyhhoyvp.dll (Trojan.Vundo.H) -> No action taken.
Infikované klíce registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2c7d70ab-c281-45d2-8a52-fba8ef01cd47} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{2c7d70ab-c281-45d2-8a52-fba8ef01cd47} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\toolband.xttbpos00 (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{77d6ddfa-7834-4541-b2b3-a8b0fb0e3924} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4bd2d6c3-31dc-b947-23d0-dc52ec4f0c4c} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{855f3b16-6d32-4fe6-8a56-bbb695989046} (Adware.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{855f3b16-6d32-4fe6-8a56-bbb695989046} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\toolband.xttbpos00.1 (Adware.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2c7d70ab-c281-45d2-8a52-fba8ef01cd47} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Warning Center (Trojan.Zlob) -> No action taken.
HKEY_CLASSES_ROOT\multimediaControls.chl (Trojan.Zlob) -> No action taken.
Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c472db4e (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{855f3b16-6d32-4fe6-8a56-bbb695989046} (Adware.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{855f3b16-6d32-4fe6-8a56-bbb695989046} (Adware.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{855f3b16-6d32-4fe6-8a56-bbb695989046} (Adware.BHO) -> No action taken.
Infikované položky dat registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\tuvwqpfe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System (Rootkit.DNSChanger.H) -> Data: kdmds.exe -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\tuvwqpfe -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0b8be353-1799-427c-9bce-99ecb2d6d740}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.38,85.255.112.9 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1595bd0e-564a-471a-b43b-e06a385d16fa}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.38,85.255.112.9 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6e118a31-4ab3-4459-80e7-1883a88bbdc4}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.38,85.255.112.9 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f8a75fd4-bdd4-4a59-a7bd-00cba52b1559}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.38,85.255.112.9 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0b8be353-1799-427c-9bce-99ecb2d6d740}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.38,85.255.112.9 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1595bd0e-564a-471a-b43b-e06a385d16fa}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.38,85.255.112.9 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6e118a31-4ab3-4459-80e7-1883a88bbdc4}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.38,85.255.112.9 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{f8a75fd4-bdd4-4a59-a7bd-00cba52b1559}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.38,85.255.112.9 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{0b8be353-1799-427c-9bce-99ecb2d6d740}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.38,85.255.112.9 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{1595bd0e-564a-471a-b43b-e06a385d16fa}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.38,85.255.112.9 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{6e118a31-4ab3-4459-80e7-1883a88bbdc4}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.38,85.255.112.9 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{f8a75fd4-bdd4-4a59-a7bd-00cba52b1559}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.38,85.255.112.9 -> No action taken.
Infikované složky:
C:\resycled (Trojan.DNSChanger) -> No action taken.
Infikované soubory:
C:\WINDOWS\system32\tuvWqPfE.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\EfPqWvut.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\EfPqWvut.ini2 (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\jpbqdgbf.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\fbgdqbpj.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\lvurdrvi.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ivrdruvl.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\xyhhoyvp.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\pvyohhyx.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\kdmds.exe (Rootkit.DNSChanger.H) -> No action taken.
C:\Program Files\ICQToolbar\toolbaru.dll (Adware.BHO) -> No action taken.
C:\WINDOWS\system32\lcapyslx.dll (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Michal.MICHAL-5D758661\Local Settings\Temp\jtydbgpu.dll (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Michal.MICHAL-5D758661\Local Settings\Temporary Internet Files\Content.IE5\MD3CPSV6\zc113432[2] (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> No action taken.
C:\Program Files\Applications\wcu.exe (Trojan.Zlob) -> No action taken.
C:\Documents and Settings\Michal\Data aplikací\TmpRecentIcons\Vista Antivirus 2008.lnk (Rogue.Link) -> No action taken.
C:\WINDOWS\Temp\tempo-9B.tmp (Trojan.DNSChanger) -> No action taken.
C:\WINDOWS\Temp\tempo-053.tmp (Trojan.DNSChanger) -> No action taken.
C:\WINDOWS\Temp\tempo-415.tmp (Trojan.DNSChanger) -> No action taken.
C:\WINDOWS\Temp\tempo-42F.tmp (Trojan.DNSChanger) -> No action taken.
C:\Documents and Settings\Michal\Plocha\Spyware&Malware Protection.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Michal\Plocha\Privacy Protector.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Michal\Plocha\Error Cleaner.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Michal\Oblíbené položky\Error Cleaner.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Michal\Oblíbené položky\Privacy Protector.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Michal\Oblíbené položky\Spyware&Malware Protection.url (Rogue.Link) -> No action taken.
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: prosím o kontrolu logu dík
. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Můžeš sem pak vložit log + nový log z HJT.
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Můžeš sem pak vložit log + nový log z HJT.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: prosím o kontrolu logu dík
Malwarebytes' Anti-Malware 1.30
Verze databáze: 1419
Windows 5.1.2600 Service Pack 2
23.11.2008 21:20:02
mbam-log-2008-11-23 (21-20-02).txt
Typ skenu: Rychlý sken
Objektu skenováno: 58970
Uplynulý cas: 5 minute(s), 45 second(s)
Infikované procesy pameti: 0
Infikované pametové moduly: 2
Infikované klíce registru: 18
Infikované hodnoty registru: 4
Infikované položky dat registru: 15
Infikované složky: 1
Infikované soubory: 27
Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)
Infikované pametové moduly:
C:\WINDOWS\system32\tuvWqPfE.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\xyhhoyvp.dll (Trojan.Vundo.H) -> Delete on reboot.
Infikované klíce registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2c7d70ab-c281-45d2-8a52-fba8ef01cd47} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{2c7d70ab-c281-45d2-8a52-fba8ef01cd47} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\toolband.xttbpos00 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{77d6ddfa-7834-4541-b2b3-a8b0fb0e3924} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4bd2d6c3-31dc-b947-23d0-dc52ec4f0c4c} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{855f3b16-6d32-4fe6-8a56-bbb695989046} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{855f3b16-6d32-4fe6-8a56-bbb695989046} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolband.xttbpos00.1 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2c7d70ab-c281-45d2-8a52-fba8ef01cd47} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Warning Center (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\multimediaControls.chl (Trojan.Zlob) -> Quarantined and deleted successfully.
Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c472db4e (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{855f3b16-6d32-4fe6-8a56-bbb695989046} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{855f3b16-6d32-4fe6-8a56-bbb695989046} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{855f3b16-6d32-4fe6-8a56-bbb695989046} (Adware.BHO) -> Quarantined and deleted successfully.
Infikované položky dat registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\tuvwqpfe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System (Rootkit.DNSChanger.H) -> Data: kdmds.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\tuvwqpfe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0b8be353-1799-427c-9bce-99ecb2d6d740}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.38,85.255.112.9 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1595bd0e-564a-471a-b43b-e06a385d16fa}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.38,85.255.112.9 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6e118a31-4ab3-4459-80e7-1883a88bbdc4}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.38,85.255.112.9 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f8a75fd4-bdd4-4a59-a7bd-00cba52b1559}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.38,85.255.112.9 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0b8be353-1799-427c-9bce-99ecb2d6d740}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.38,85.255.112.9 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1595bd0e-564a-471a-b43b-e06a385d16fa}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.38,85.255.112.9 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6e118a31-4ab3-4459-80e7-1883a88bbdc4}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.38,85.255.112.9 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{f8a75fd4-bdd4-4a59-a7bd-00cba52b1559}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.38,85.255.112.9 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{0b8be353-1799-427c-9bce-99ecb2d6d740}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.38,85.255.112.9 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{1595bd0e-564a-471a-b43b-e06a385d16fa}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.38,85.255.112.9 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{6e118a31-4ab3-4459-80e7-1883a88bbdc4}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.38,85.255.112.9 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{f8a75fd4-bdd4-4a59-a7bd-00cba52b1559}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.38,85.255.112.9 -> Quarantined and deleted successfully.
Infikované složky:
C:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully.
Infikované soubory:
C:\WINDOWS\system32\tuvWqPfE.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\EfPqWvut.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\EfPqWvut.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jpbqdgbf.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fbgdqbpj.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lvurdrvi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ivrdruvl.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xyhhoyvp.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\pvyohhyx.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kdmds.exe (Rootkit.DNSChanger.H) -> Delete on reboot.
C:\Program Files\ICQToolbar\toolbaru.dll (Adware.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lcapyslx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michal.MICHAL-5D758661\Local Settings\Temp\jtydbgpu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michal.MICHAL-5D758661\Local Settings\Temporary Internet Files\Content.IE5\MD3CPSV6\zc113432[2] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\Program Files\Applications\wcu.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michal\Data aplikací\TmpRecentIcons\Vista Antivirus 2008.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tempo-9B.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tempo-053.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tempo-415.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tempo-42F.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michal\Plocha\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michal\Plocha\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michal\Plocha\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michal\Oblíbené položky\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michal\Oblíbené položky\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michal\Oblíbené položky\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
Verze databáze: 1419
Windows 5.1.2600 Service Pack 2
23.11.2008 21:20:02
mbam-log-2008-11-23 (21-20-02).txt
Typ skenu: Rychlý sken
Objektu skenováno: 58970
Uplynulý cas: 5 minute(s), 45 second(s)
Infikované procesy pameti: 0
Infikované pametové moduly: 2
Infikované klíce registru: 18
Infikované hodnoty registru: 4
Infikované položky dat registru: 15
Infikované složky: 1
Infikované soubory: 27
Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)
Infikované pametové moduly:
C:\WINDOWS\system32\tuvWqPfE.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\xyhhoyvp.dll (Trojan.Vundo.H) -> Delete on reboot.
Infikované klíce registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2c7d70ab-c281-45d2-8a52-fba8ef01cd47} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{2c7d70ab-c281-45d2-8a52-fba8ef01cd47} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\toolband.xttbpos00 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{77d6ddfa-7834-4541-b2b3-a8b0fb0e3924} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4bd2d6c3-31dc-b947-23d0-dc52ec4f0c4c} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{855f3b16-6d32-4fe6-8a56-bbb695989046} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{855f3b16-6d32-4fe6-8a56-bbb695989046} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolband.xttbpos00.1 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2c7d70ab-c281-45d2-8a52-fba8ef01cd47} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Warning Center (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\multimediaControls.chl (Trojan.Zlob) -> Quarantined and deleted successfully.
Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c472db4e (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{855f3b16-6d32-4fe6-8a56-bbb695989046} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{855f3b16-6d32-4fe6-8a56-bbb695989046} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{855f3b16-6d32-4fe6-8a56-bbb695989046} (Adware.BHO) -> Quarantined and deleted successfully.
Infikované položky dat registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\tuvwqpfe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System (Rootkit.DNSChanger.H) -> Data: kdmds.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\tuvwqpfe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0b8be353-1799-427c-9bce-99ecb2d6d740}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.38,85.255.112.9 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1595bd0e-564a-471a-b43b-e06a385d16fa}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.38,85.255.112.9 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6e118a31-4ab3-4459-80e7-1883a88bbdc4}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.38,85.255.112.9 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f8a75fd4-bdd4-4a59-a7bd-00cba52b1559}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.38,85.255.112.9 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0b8be353-1799-427c-9bce-99ecb2d6d740}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.38,85.255.112.9 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1595bd0e-564a-471a-b43b-e06a385d16fa}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.38,85.255.112.9 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6e118a31-4ab3-4459-80e7-1883a88bbdc4}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.38,85.255.112.9 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{f8a75fd4-bdd4-4a59-a7bd-00cba52b1559}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.38,85.255.112.9 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{0b8be353-1799-427c-9bce-99ecb2d6d740}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.38,85.255.112.9 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{1595bd0e-564a-471a-b43b-e06a385d16fa}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.38,85.255.112.9 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{6e118a31-4ab3-4459-80e7-1883a88bbdc4}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.38,85.255.112.9 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{f8a75fd4-bdd4-4a59-a7bd-00cba52b1559}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.38,85.255.112.9 -> Quarantined and deleted successfully.
Infikované složky:
C:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully.
Infikované soubory:
C:\WINDOWS\system32\tuvWqPfE.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\EfPqWvut.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\EfPqWvut.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jpbqdgbf.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fbgdqbpj.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lvurdrvi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ivrdruvl.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xyhhoyvp.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\pvyohhyx.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kdmds.exe (Rootkit.DNSChanger.H) -> Delete on reboot.
C:\Program Files\ICQToolbar\toolbaru.dll (Adware.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lcapyslx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michal.MICHAL-5D758661\Local Settings\Temp\jtydbgpu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michal.MICHAL-5D758661\Local Settings\Temporary Internet Files\Content.IE5\MD3CPSV6\zc113432[2] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\Program Files\Applications\wcu.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michal\Data aplikací\TmpRecentIcons\Vista Antivirus 2008.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tempo-9B.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tempo-053.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tempo-415.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tempo-42F.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michal\Plocha\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michal\Plocha\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michal\Plocha\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michal\Oblíbené položky\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michal\Oblíbené položky\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michal\Oblíbené položky\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: prosím o kontrolu logu dík
Pokud proběhl restart, pošli nový log z HJT.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: prosím o kontrolu logu dík
- Restart se provedl
- MbAM report je přiložen níže
- HJT nevím co je, prosím o link a instrukce, jestli bude potřeba s tím zacházet
- NOD mi při každém scenování vyskakuje a zjistí nějaký Trojský kůň, mám to nechat Nodem mazat?
zde je ten nový report:
Malwarebytes' Anti-Malware 1.30
Verze databáze: 1419
Windows 5.1.2600 Service Pack 2
23.11.2008 21:39:17
mbam-log-2008-11-23 (21-39-06).txt
Typ skenu: Rychlý sken
Objektu skenováno: 58695
Uplynulý cas: 6 minute(s), 46 second(s)
Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 4
Infikované hodnoty registru: 1
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 1
Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)
Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)
Infikované klíce registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c472db4e (Trojan.Vundo) -> No action taken.
Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované složky:
(Žádné zákerné položky nebyly zjišteny)
Infikované soubory:
C:\WINDOWS\system32\twveivmt.dll (Trojan.Vundo) -> No action taken.
- MbAM report je přiložen níže
- HJT nevím co je, prosím o link a instrukce, jestli bude potřeba s tím zacházet
- NOD mi při každém scenování vyskakuje a zjistí nějaký Trojský kůň, mám to nechat Nodem mazat?
zde je ten nový report:
Malwarebytes' Anti-Malware 1.30
Verze databáze: 1419
Windows 5.1.2600 Service Pack 2
23.11.2008 21:39:17
mbam-log-2008-11-23 (21-39-06).txt
Typ skenu: Rychlý sken
Objektu skenováno: 58695
Uplynulý cas: 6 minute(s), 46 second(s)
Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 4
Infikované hodnoty registru: 1
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 1
Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)
Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)
Infikované klíce registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c472db4e (Trojan.Vundo) -> No action taken.
Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované složky:
(Žádné zákerné položky nebyly zjišteny)
Infikované soubory:
C:\WINDOWS\system32\twveivmt.dll (Trojan.Vundo) -> No action taken.
Re: prosím o kontrolu logu dík
Jo už vím, co je HJT. Zde je ten report:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:50:30, on 23.11.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Michal.MICHAL-5D758661\Data aplikací\Microsoft\Internet Explorer\Quick Launch\TOTALCMD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - Default URLSearchHook is missing
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdmds.exe] C:\WINDOWS\system32\kdmds.exe
O4 - HKLM\..\Run: [c472db4e] rundll32.exe "C:\WINDOWS\system32\twveivmt.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKLM\..\Policies\Explorer\Run: [QuickTimeTask] C:\Program Files\Applications\wcs.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 7356404959
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
--
End of file - 5233 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:50:30, on 23.11.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Michal.MICHAL-5D758661\Data aplikací\Microsoft\Internet Explorer\Quick Launch\TOTALCMD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - Default URLSearchHook is missing
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdmds.exe] C:\WINDOWS\system32\kdmds.exe
O4 - HKLM\..\Run: [c472db4e] rundll32.exe "C:\WINDOWS\system32\twveivmt.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKLM\..\Policies\Explorer\Run: [QuickTimeTask] C:\Program Files\Applications\wcs.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 7356404959
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
--
End of file - 5233 bytes
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: prosím o kontrolu logu dík
. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Můžeš sem pak vložit log .
Stáhni si SDFix
- Spusť ho a rozbalí se ti na disk kde je nainstalovaný Windows (typicky to je C:\SDfix)
- Pak restartuj PC do nouzového režimu (zvol možnost: Stav nouze, ne Stav nouze s práci v síti)
- Otevři adresář kde je vybalený SDFix a spusť soubor RunThis.bat tím spustíš program.
* Pak stiskni klávesu Y a pak Enter pro zahájení čistícího procesu.
* Pro dokončení kontroly budeš vyzván ke stisknutí libovolné klávesy a počítač se restartuje.
* Při nabíhání operačního systému se program spustí znovu a dokončí čistící proces. Až se objeví Finish, budeš muset po vyzvání stisknout libovolnou klávesu, tim se ukončí program a zobrazí se ti ikony na ploše
- Když se skončí načítání ikon na ploše, otevře se ti na obrazovce log z SDFix a zároveň ho uloží do adresáře kde je rozbalený SDFix jako soubor Report.txt
Pak sem zkopíruj jeho obsah + nový log z HJT+ mrkni se jestli ti pod Startem nechybí nějaké ikony, zobrazují se ti disky pod Tento počítač....
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Můžeš sem pak vložit log .
Stáhni si SDFix
- Spusť ho a rozbalí se ti na disk kde je nainstalovaný Windows (typicky to je C:\SDfix)
- Pak restartuj PC do nouzového režimu (zvol možnost: Stav nouze, ne Stav nouze s práci v síti)
- Otevři adresář kde je vybalený SDFix a spusť soubor RunThis.bat tím spustíš program.
* Pak stiskni klávesu Y a pak Enter pro zahájení čistícího procesu.
* Pro dokončení kontroly budeš vyzván ke stisknutí libovolné klávesy a počítač se restartuje.
* Při nabíhání operačního systému se program spustí znovu a dokončí čistící proces. Až se objeví Finish, budeš muset po vyzvání stisknout libovolnou klávesu, tim se ukončí program a zobrazí se ti ikony na ploše
- Když se skončí načítání ikon na ploše, otevře se ti na obrazovce log z SDFix a zároveň ho uloží do adresáře kde je rozbalený SDFix jako soubor Report.txt
Pak sem zkopíruj jeho obsah + nový log z HJT+ mrkni se jestli ti pod Startem nechybí nějaké ikony, zobrazují se ti disky pod Tento počítač....
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: prosím o kontrolu logu dík
Po smazání je tento log viz níže:
Já jdu dál bojovat dle návodu s SDFixem.
Malwarebytes' Anti-Malware 1.30
Verze databáze: 1419
Windows 5.1.2600 Service Pack 2
24.11.2008 20:28:44
mbam-log-2008-11-24 (20-28-44).txt
Typ skenu: Rychlý sken
Objektu skenováno: 58741
Uplynulý cas: 5 minute(s), 57 second(s)
Infikované procesy pameti: 0
Infikované pametové moduly: 2
Infikované klíce registru: 7
Infikované hodnoty registru: 1
Infikované položky dat registru: 2
Infikované složky: 0
Infikované soubory: 6
Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)
Infikované pametové moduly:
C:\WINDOWS\system32\ddcBTKAR.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\twveivmt.dll (Trojan.Vundo.H) -> Delete on reboot.
Infikované klíce registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9ebe8704-2fc7-4be6-b968-0ea99410e729} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{9ebe8704-2fc7-4be6-b968-0ea99410e729} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ebe8704-2fc7-4be6-b968-0ea99410e729} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c472db4e (Trojan.Vundo.H) -> Quarantined and deleted successfully.
Infikované položky dat registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\ddcbtkar -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\ddcbtkar -> Delete on reboot.
Infikované složky:
(Žádné zákerné položky nebyly zjišteny)
Infikované soubory:
C:\WINDOWS\system32\ddcBTKAR.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\RAKTBcdd.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\RAKTBcdd.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\twveivmt.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\tmvievwt.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michal.MICHAL-5D758661\Local Settings\Temporary Internet Files\Content.IE5\31HNIEA1\zc113432[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
Já jdu dál bojovat dle návodu s SDFixem.
Malwarebytes' Anti-Malware 1.30
Verze databáze: 1419
Windows 5.1.2600 Service Pack 2
24.11.2008 20:28:44
mbam-log-2008-11-24 (20-28-44).txt
Typ skenu: Rychlý sken
Objektu skenováno: 58741
Uplynulý cas: 5 minute(s), 57 second(s)
Infikované procesy pameti: 0
Infikované pametové moduly: 2
Infikované klíce registru: 7
Infikované hodnoty registru: 1
Infikované položky dat registru: 2
Infikované složky: 0
Infikované soubory: 6
Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)
Infikované pametové moduly:
C:\WINDOWS\system32\ddcBTKAR.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\twveivmt.dll (Trojan.Vundo.H) -> Delete on reboot.
Infikované klíce registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9ebe8704-2fc7-4be6-b968-0ea99410e729} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{9ebe8704-2fc7-4be6-b968-0ea99410e729} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ebe8704-2fc7-4be6-b968-0ea99410e729} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c472db4e (Trojan.Vundo.H) -> Quarantined and deleted successfully.
Infikované položky dat registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\ddcbtkar -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\ddcbtkar -> Delete on reboot.
Infikované složky:
(Žádné zákerné položky nebyly zjišteny)
Infikované soubory:
C:\WINDOWS\system32\ddcBTKAR.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\RAKTBcdd.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\RAKTBcdd.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\twveivmt.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\tmvievwt.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michal.MICHAL-5D758661\Local Settings\Temporary Internet Files\Content.IE5\31HNIEA1\zc113432[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
Re: prosím o kontrolu logu dík
SDFix: Version 1.240
Run by Michal on po 24.11.2008 at 22:06
Microsoft Windows XP [Verze 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\WINDOWS\system32\fccaXPfc.dll - Deleted
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-24 22:23:35
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?é?)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1í?)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\ICQ6\\ICQ.exe"="C:\\Program Files\\ICQ6\\ICQ.exe:*:Enabled:ICQ6"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Mon 18 Feb 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Finished!
Run by Michal on po 24.11.2008 at 22:06
Microsoft Windows XP [Verze 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\WINDOWS\system32\fccaXPfc.dll - Deleted
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-24 22:23:35
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?é?)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1í?)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\ICQ6\\ICQ.exe"="C:\\Program Files\\ICQ6\\ICQ.exe:*:Enabled:ICQ6"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Mon 18 Feb 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Finished!
Re: prosím o kontrolu logu dík
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:50:26, on 24.11.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - Default URLSearchHook is missing
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdmds.exe] C:\WINDOWS\system32\kdmds.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 7356404959
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
--
End of file - 4811 bytes
Scan saved at 22:50:26, on 24.11.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - Default URLSearchHook is missing
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdmds.exe] C:\WINDOWS\system32\kdmds.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 7356404959
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
--
End of file - 4811 bytes
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 132 hostů