nejde mi spustit Malwarebytes' Anti-Malware ani instaler se nespustí a porád se mi spouští proces iexplorer.exe (IEcko).
log z HJT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:34:36, on 7.4.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\PuXpMan2.exe
C:\Program Files\Notebook Hardware Control\nhc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Comodo\Firewall\cfp.exe
C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Webteh\BSplayerPro\bsplayer.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Documents and Settings\Mous\Plocha\přídavky\HiJackThis\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEocx Class - {06ec6572-7280-485a-a712-c380526bc048} - C:\WINDOWS\ieocx.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [mspwr] C:\WINDOWS\system32\PuXpMan2.exe
O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Program Files\Notebook Hardware Control\nhc.exe" -quiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\Comodo\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [OEXPRESS] C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: AutorunsDisabled
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: Stáhnout Free Download Managerem - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Stáhnout video Free Download Managerem - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Stáhnout vybrané Free Download Managerem - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Stáhnout vše Free Download Managerem - file://C:\Program Files\Free Download Manager\dlall.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6 cz\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6 cz\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Update Service (gupdate1c9861fd4020982) (gupdate1c9861fd4020982) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: FrontLine Drivers Auto Removal (v2) (sfrem02) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem02.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: USBest Service Zero (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE
--
End of file - 10758 bytes
HiJackThis log pls kontrola Vyřešeno
HiJackThis log pls kontrola
Nebylo by moudré pobízet ďábla k pokloně.
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: HiJackThis log pls kontrola
Zkus si zde
http://www.edisk.cz/stahni/69993/tools.rar_3.65MB.html
stáhnout některé prográmky co by se nám mohly hodit.
Rozbal si archiv do svého adresáře. Soubory jsou záměrně pojmenované jinak než původní v návodech, tak se nediv.
Zkus pak spustit.
itr - RSIT
buss - DDS
VerTerm= Combofix
Vypni rez. ochranu u NOD32+ deaktivuj Comodo.
Poté zkus spustit VerTerm ( ComboFix):
ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
http://www.edisk.cz/stahni/69993/tools.rar_3.65MB.html
stáhnout některé prográmky co by se nám mohly hodit.
Rozbal si archiv do svého adresáře. Soubory jsou záměrně pojmenované jinak než původní v návodech, tak se nediv.
Zkus pak spustit.
itr - RSIT
buss - DDS
VerTerm= Combofix
Vypni rez. ochranu u NOD32+ deaktivuj Comodo.
Poté zkus spustit VerTerm ( ComboFix):
ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: HiJackThis log pls kontrola
ComboFix 09-04-04.01 - Mous 2009-04-08 21:27:20.5 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.2047.1578 [GMT 2:00]
Spuštěný z: c:\documents and settings\Mous\Plocha\VerTerm.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
FW: COMODO Firewall *disabled*
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-03-08 do 2009-04-08 )))))))))))))))))))))))))))))))
.
2009-04-07 17:23 . 2003-07-08 10:13 28,672 --a------ c:\windows\system32\sizelimit.ocx
2009-04-06 20:49 . 2009-04-07 16:24 155,384 --a------ c:\windows\system32\guard32.dll
2009-04-06 20:49 . 2009-04-07 16:25 110,992 --a------ c:\windows\system32\drivers\cmdguard.sys
2009-04-06 20:49 . 2009-04-07 16:25 24,336 --a------ c:\windows\system32\drivers\cmdhlp.sys
2009-04-03 18:59 . 2009-04-03 18:59 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\RunOff
2009-03-31 17:05 . 2009-04-01 16:19 <DIR> d-------- c:\windows\FFTemp
2009-03-31 17:05 . 2009-03-31 17:05 115,016 --a------ c:\windows\system32\MSINET.OCX
2009-03-31 17:01 . 2009-03-31 17:01 226 --a------ c:\documents and settings\Mous\Data aplikací\asd.bat
2009-03-28 14:16 . 2009-03-28 14:18 <DIR> d-------- C:\rings
2009-03-26 15:12 . 2009-03-26 15:12 <DIR> d-------- c:\program files\Cenega Czech
2009-03-24 17:45 . 2009-03-24 17:46 <DIR> d-------- C:\Warhammer Online - Age of Reckoning
2009-03-21 00:25 . 2009-03-21 00:25 41,808 --a------ c:\windows\system32\xfcodec.dll
2009-03-20 17:05 . 2009-03-20 17:05 <DIR> d-------- c:\windows\ServicePackFiles
2009-03-20 17:02 . 2006-12-29 01:31 19,569 --a------ c:\windows\003080_.tmp
2009-03-20 00:17 . 2005-11-16 17:05 1,056,768 --a------ c:\windows\system32\ROBOEX32.DLL
2009-03-20 00:17 . 2005-11-16 17:05 49,152 --a------ c:\windows\system32\INETWH32.DLL
2009-03-20 00:17 . 2005-11-16 17:05 28,672 --a------ c:\windows\system32\nnr.dll
2009-03-20 00:16 . 2009-03-20 00:16 <DIR> d-------- c:\program files\NetObjects
2009-03-15 22:47 . 2009-03-15 22:47 <DIR> d-------- C:\videooutput
2009-03-15 22:47 . 2009-03-15 22:47 <DIR> d-------- c:\program files\Free FLV to AVI Converter
2009-03-15 22:47 . 2007-03-07 01:45 3,086,336 --a------ c:\windows\system32\NCMedia.dll
2009-03-15 22:47 . 2007-03-07 01:45 3,086,336 --a------ c:\windows\system32\flvvideo.dll
2009-03-15 22:47 . 2006-11-01 15:52 765,952 --a------ c:\windows\system32\xvidcore.dll
2009-03-15 22:47 . 2007-02-25 16:36 383,238 --a------ c:\windows\system32\libmp3lame-0.dll
2009-03-15 21:31 . 2009-03-15 21:31 <DIR> d-------- c:\program files\Moyea
2009-03-15 21:31 . 2009-03-15 21:31 <DIR> d-------- c:\documents and settings\Mous\Data aplikací\Moyea
2009-03-13 22:01 . 2009-03-13 22:01 <DIR> d-------- c:\program files\Blast! Entertainment Ltd
2009-03-13 21:59 . 2009-02-22 21:25 329,959,728 --a------ c:\temp\rld-bean.bin
2009-03-12 23:43 . 2009-03-12 23:43 <DIR> d-------- c:\program files\MySQL
2009-03-11 20:31 . 2009-03-11 20:31 <DIR> d-------- c:\program files\PremiumSoft
2009-03-11 20:31 . 2006-04-13 12:30 1,073,152 --a------ c:\windows\system32\libmysql_c.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-08 17:16 --------- d-----w c:\documents and settings\All Users\Data aplikací\Google Updater
2009-04-08 17:00 --------- d-----w c:\documents and settings\Mous\Data aplikací\Hamachi
2009-04-08 16:59 22,528 ----a-w c:\windows\system32\drivers\nhcDriver.sys
2009-04-07 17:25 --------- d-----w c:\documents and settings\All Users\Data aplikací\Comodo
2009-04-06 18:49 --------- d-----w c:\documents and settings\Mous\Data aplikací\Comodo
2009-04-06 18:37 --------- d-----w c:\program files\VoipCheapCom
2009-04-06 17:50 --------- d-----w c:\program files\Doom 3
2009-04-06 12:38 --------- d-----w c:\program files\Kopie - WoW
2009-04-05 12:20 --------- d-----w c:\program files\Java
2009-04-03 12:18 --------- d-----w c:\documents and settings\Mous\Data aplikací\Free Download Manager
2009-04-02 21:14 --------- d-----w c:\program files\World of Warcraft
2009-03-31 14:59 25,280 ----a-w c:\windows\system32\drivers\hamachi.sys
2009-03-31 14:48 --------- d-----r c:\program files\Age Of Empires 2 & The Conquerors Expansion - Full Game - [HUSSEY]
2009-03-31 14:05 --------- d-----w c:\documents and settings\Mous\Data aplikací\Xfire
2009-03-31 13:56 --------- d-----w c:\program files\Teamspeak2_RC2
2009-03-28 10:53 --------- d-----w c:\program files\Xfire
2009-03-19 22:16 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-15 11:46 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-03-14 21:07 --------- d-----w c:\program files\ICQ6 cz
2009-03-14 20:57 --------- d-----w c:\documents and settings\Mous\Data aplikací\Skype
2009-03-14 20:56 --------- d-----w c:\documents and settings\Mous\Data aplikací\skypePM
2009-03-13 14:38 --------- d-----w c:\program files\Warcraft III
2009-03-09 03:19 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-03-04 14:23 --------- d-----w c:\program files\Common Files\Blizzard Entertainment
2009-02-27 12:45 --------- d-----w c:\program files\MobMapUpdater
2009-02-25 20:53 --------- d-----w c:\documents and settings\Mous\Data aplikací\MobMapUpdater
2009-02-12 18:36 --------- d-----w c:\program files\Pět kouzelných amuletů
2009-02-11 09:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 09:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-02-09 13:44 --------- d-----w c:\program files\Google
2008-09-01 22:32 1,935,872 ----a-w c:\program files\tvsetup.msi
2008-01-26 10:48 32 ----a-r c:\documents and settings\All Users\hash.dat
2007-11-25 19:02 22,328 ----a-w c:\documents and settings\Mous\Data aplikací\PnkBstrK.sys
2007-10-13 22:36 47,360 ----a-w c:\documents and settings\Mous\Data aplikací\pcouffin.sys
2007-06-04 12:37 56 --sha-r c:\windows\system32\4DE33A8182.sys
2007-06-04 12:37 1,890 -csha-w c:\windows\system32\KGyGaAvL.sys
.
------- Sigcheck -------
2007-02-19 17:23 666624 1b6588693895000623b366cd4d4786cc c:\windows\$hf_mig$\KB931768\SP2QFE\wininet.dll
2007-04-18 14:46 666624 0c48ac2ab588fa90689c01ff40f6984c c:\windows\$hf_mig$\KB933566\SP2QFE\wininet.dll
2007-06-26 16:53 666624 59f33ed26e4f253dc4eb4e7cea766953 c:\windows\$hf_mig$\KB937143\SP2QFE\wininet.dll
2007-08-22 14:58 666624 3d3a44493bbe48699abb77cd7a30c790 c:\windows\$hf_mig$\KB939653\SP2QFE\wininet.dll
2007-12-07 02:48 667136 b29c19b8d0a01d408229d07972ec8001 c:\windows\$hf_mig$\KB944533\SP2QFE\wininet.dll
2007-12-07 03:59 825344 32cc73f851f377b035a5b8216cac63ce c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
2004-08-17 16:49 657408 50d263e3454e8357d13bb598129185ad c:\windows\$NtUninstallKB931768$\wininet.dll
2007-02-19 17:05 659968 be49f3f390b3ed242c2abcab2f1350a4 c:\windows\$NtUninstallKB933566$\wininet.dll
2007-04-18 14:32 659968 5a3872496fb8baa611f1174b56c8d627 c:\windows\$NtUninstallKB937143$\wininet.dll
2007-06-26 16:15 659968 b81b32f9e43bb5bea755ae11e9196d12 c:\windows\$NtUninstallKB939653$\wininet.dll
2007-08-22 15:18 659968 81f70e1d35f41c034b92fdf24af12cab c:\windows\$NtUninstallKB944533$\wininet.dll
2008-04-14 09:52 667136 3fe5e65a7ed9ec98aee9167ca07812d3 c:\windows\ServicePackFiles\i386\wininet.dll
2007-10-11 01:50 824832 c543cc3d7a05fb0d23107c89115811a0 c:\windows\SoftwareDistribution\Download\1b2d1e82f1d52f1e15e78edb3a426c24\SP2GDR\wininet.dll
2007-10-11 01:41 825344 3c48d8efa3ffa68f7aeaaaffab6b9cb3 c:\windows\SoftwareDistribution\Download\1b2d1e82f1d52f1e15e78edb3a426c24\SP2QFE\wininet.dll
2007-12-07 04:14 824832 e9b04b01d5a1ecc47b2e4364d171cf23 c:\windows\system32\wininet.dll
2007-12-07 04:14 824832 e9b04b01d5a1ecc47b2e4364d171cf23 c:\windows\system32\dllcache\wininet.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"OEXPRESS"="c:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE" [2008-02-27 26624]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"mspwr"="c:\windows\system32\PuXpMan2.exe" [2005-09-29 110592]
"NotebookHardwareControl"="c:\program files\Notebook Hardware Control\nhc.exe" [2007-05-04 2629632]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"COMODO Firewall Pro"="c:\program files\Comodo\Firewall\cfp.exe" [2009-04-07 1851128]
"COMODO Internet Security"="c:\program files\Comodo\Firewall\cfp.exe" [2009-04-07 1851128]
"nwiz"="nwiz.exe" [2008-05-16 c:\windows\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-05-17 c:\windows\SOUNDMAN.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Mous\Nabˇdka Start\Programy\Po spuçtŘnˇ\
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2007-08-27 624416]
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-04-04 3450608]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.asv2"= asusasv2.dll
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0crcnat.exe
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="1"
"UpdatesDisableNotify"="1"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Avant Browser\\avant.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\STRONG+\\StrongDC.exe"=
"c:\\Program Files\\STRONG (Mous)\\StrongDC.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"c:\\Program Files\\Doom 3\\Doom3.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\TrackMania Sunrise\\TmSunrise.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\Free Download Manager\\fdm.exe"=
"c:\\Program Files\\Call of Duty\\CoDUOMP.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"=
"c:\\Program Files\\Electronic Arts\\The Lord of the Rings, The Rise of the Witch-king\\game.dat"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Program Files\\ICQ6 cz\\ICQ.exe"=
"c:\\Program Files\\Flagship Studios\\Hellgate London\\Launcher.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"c:\\Program Files\\THQ\\Frontlines-Fuel of War\\Binaries\\FFOW.exe"=
"c:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"80:UDP"= 80:UDP:127.0.0.1
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"3306:TCP"= 3306:TCP:MySQL Server
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-04-06 110992]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-04-06 24336]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2007-12-21 33800]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [2008-02-01 17:24:04 41456]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-12-21 468224]
R3 ncfvsbus;NCF Virtual Serial Bus Enumerator;c:\windows\system32\drivers\ncfvsbus.sys [2008-09-03 25088]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2004-08-04 69120]
S2 gupdate1c9861fd4020982;Google Update Service (gupdate1c9861fd4020982);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 133104]
S2 sfrem02;FrontLine Drivers Auto Removal (v2);c:\windows\system32\sfrem02.exe svc --> c:\windows\system32\sfrem02.exe svc [?]
S3 WLAN; Wireless LAN Driver;c:\windows\system32\DRIVERS\wlanNDS.sys --> c:\windows\system32\DRIVERS\wlanNDS.sys [?]
S4 FAH@C:+DOCUME~1+Mous+LOCALS~1+Temp+Rar$EX06.625+FAH.exe;FAH@C:+DOCUME~1+Mous+LOCALS~1+Temp+Rar$EX06.625+FAH.exe;c:\docume~1\Mous\LOCALS~1\Temp\Rar$EX06.625\FAH.exe -svcstart --> c:\docume~1\Mous\LOCALS~1\Temp\Rar$EX06.625\FAH.exe -svcstart [?]
S4 FAH@C:+Program Files+Fallout 3+FAH.exe;FAH@C:+Program Files+Fallout 3+FAH.exe;c:\program files\Fallout 3\FAH.exe -svcstart --> c:\program files\Fallout 3\FAH.exe -svcstart [?]
.
Obsah adresáře 'Naplánované úlohy'
2009-04-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-179605362-839522115-1003.job
- c:\documents and settings\Mous\Local Settings\Data aplikac []
.
.
------- Doplňkový sken -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Stáhnout Free Download Managerem - file://c:\program files\Free Download Manager\dllink.htm
IE: Stáhnout video Free Download Managerem - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://c:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://c:\program files\Free Download Manager\dlall.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - c:\program files\Free Download Manager\FUM\fumiebtn.dll
FF - ProfilePath - c:\documents and settings\Mous\Data aplikací\Mozilla\Firefox\Profiles\q5s4rbic.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.tiscali.cz/home/
FF - component: c:\documents and settings\Mous\Data aplikací\Mozilla\Firefox\Profiles\q5s4rbic.default\extensions\{003D3EDC-99B9-4a34-9C20-60CB94F7E829}\components\nsWebFF15.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.proxy.type - 0
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-08 21:28:47
Windows 5.1.2600 Service Pack 3 NTFS
detected NTDLL code modification:
ZwClose, ZwOpenFile
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
"ServiceDll"="c:\windows\system32\es.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FAH@C:+DOCUME~1+Mous+LOCALS~1+Temp+Rar$EX06.625+FAH.exe]
"ImagePath"="c:\docume~1\Mous\LOCALS~1\Temp\Rar$EX06.625\FAH.exe -svcstart"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FAH@C:+Program Files+Fallout 3+FAH.exe]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(888)
c:\windows\system32\guard32.dll
- - - - - - - > 'lsass.exe'(952)
c:\windows\system32\guard32.dll
.
Celkový čas: 2009-04-08 21:30:23
ComboFix-quarantined-files.txt 2009-04-08 19:30:13
ComboFix2.txt 2009-04-08 19:23:49
Před spuštěním: Volných bajtů: 10 024 968 192
Po spuštění: Volných bajtů: 10,009,608,192
256 --- E O F --- 2008-09-20 08:09:01
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.2047.1578 [GMT 2:00]
Spuštěný z: c:\documents and settings\Mous\Plocha\VerTerm.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
FW: COMODO Firewall *disabled*
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-03-08 do 2009-04-08 )))))))))))))))))))))))))))))))
.
2009-04-07 17:23 . 2003-07-08 10:13 28,672 --a------ c:\windows\system32\sizelimit.ocx
2009-04-06 20:49 . 2009-04-07 16:24 155,384 --a------ c:\windows\system32\guard32.dll
2009-04-06 20:49 . 2009-04-07 16:25 110,992 --a------ c:\windows\system32\drivers\cmdguard.sys
2009-04-06 20:49 . 2009-04-07 16:25 24,336 --a------ c:\windows\system32\drivers\cmdhlp.sys
2009-04-03 18:59 . 2009-04-03 18:59 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\RunOff
2009-03-31 17:05 . 2009-04-01 16:19 <DIR> d-------- c:\windows\FFTemp
2009-03-31 17:05 . 2009-03-31 17:05 115,016 --a------ c:\windows\system32\MSINET.OCX
2009-03-31 17:01 . 2009-03-31 17:01 226 --a------ c:\documents and settings\Mous\Data aplikací\asd.bat
2009-03-28 14:16 . 2009-03-28 14:18 <DIR> d-------- C:\rings
2009-03-26 15:12 . 2009-03-26 15:12 <DIR> d-------- c:\program files\Cenega Czech
2009-03-24 17:45 . 2009-03-24 17:46 <DIR> d-------- C:\Warhammer Online - Age of Reckoning
2009-03-21 00:25 . 2009-03-21 00:25 41,808 --a------ c:\windows\system32\xfcodec.dll
2009-03-20 17:05 . 2009-03-20 17:05 <DIR> d-------- c:\windows\ServicePackFiles
2009-03-20 17:02 . 2006-12-29 01:31 19,569 --a------ c:\windows\003080_.tmp
2009-03-20 00:17 . 2005-11-16 17:05 1,056,768 --a------ c:\windows\system32\ROBOEX32.DLL
2009-03-20 00:17 . 2005-11-16 17:05 49,152 --a------ c:\windows\system32\INETWH32.DLL
2009-03-20 00:17 . 2005-11-16 17:05 28,672 --a------ c:\windows\system32\nnr.dll
2009-03-20 00:16 . 2009-03-20 00:16 <DIR> d-------- c:\program files\NetObjects
2009-03-15 22:47 . 2009-03-15 22:47 <DIR> d-------- C:\videooutput
2009-03-15 22:47 . 2009-03-15 22:47 <DIR> d-------- c:\program files\Free FLV to AVI Converter
2009-03-15 22:47 . 2007-03-07 01:45 3,086,336 --a------ c:\windows\system32\NCMedia.dll
2009-03-15 22:47 . 2007-03-07 01:45 3,086,336 --a------ c:\windows\system32\flvvideo.dll
2009-03-15 22:47 . 2006-11-01 15:52 765,952 --a------ c:\windows\system32\xvidcore.dll
2009-03-15 22:47 . 2007-02-25 16:36 383,238 --a------ c:\windows\system32\libmp3lame-0.dll
2009-03-15 21:31 . 2009-03-15 21:31 <DIR> d-------- c:\program files\Moyea
2009-03-15 21:31 . 2009-03-15 21:31 <DIR> d-------- c:\documents and settings\Mous\Data aplikací\Moyea
2009-03-13 22:01 . 2009-03-13 22:01 <DIR> d-------- c:\program files\Blast! Entertainment Ltd
2009-03-13 21:59 . 2009-02-22 21:25 329,959,728 --a------ c:\temp\rld-bean.bin
2009-03-12 23:43 . 2009-03-12 23:43 <DIR> d-------- c:\program files\MySQL
2009-03-11 20:31 . 2009-03-11 20:31 <DIR> d-------- c:\program files\PremiumSoft
2009-03-11 20:31 . 2006-04-13 12:30 1,073,152 --a------ c:\windows\system32\libmysql_c.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-08 17:16 --------- d-----w c:\documents and settings\All Users\Data aplikací\Google Updater
2009-04-08 17:00 --------- d-----w c:\documents and settings\Mous\Data aplikací\Hamachi
2009-04-08 16:59 22,528 ----a-w c:\windows\system32\drivers\nhcDriver.sys
2009-04-07 17:25 --------- d-----w c:\documents and settings\All Users\Data aplikací\Comodo
2009-04-06 18:49 --------- d-----w c:\documents and settings\Mous\Data aplikací\Comodo
2009-04-06 18:37 --------- d-----w c:\program files\VoipCheapCom
2009-04-06 17:50 --------- d-----w c:\program files\Doom 3
2009-04-06 12:38 --------- d-----w c:\program files\Kopie - WoW
2009-04-05 12:20 --------- d-----w c:\program files\Java
2009-04-03 12:18 --------- d-----w c:\documents and settings\Mous\Data aplikací\Free Download Manager
2009-04-02 21:14 --------- d-----w c:\program files\World of Warcraft
2009-03-31 14:59 25,280 ----a-w c:\windows\system32\drivers\hamachi.sys
2009-03-31 14:48 --------- d-----r c:\program files\Age Of Empires 2 & The Conquerors Expansion - Full Game - [HUSSEY]
2009-03-31 14:05 --------- d-----w c:\documents and settings\Mous\Data aplikací\Xfire
2009-03-31 13:56 --------- d-----w c:\program files\Teamspeak2_RC2
2009-03-28 10:53 --------- d-----w c:\program files\Xfire
2009-03-19 22:16 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-15 11:46 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-03-14 21:07 --------- d-----w c:\program files\ICQ6 cz
2009-03-14 20:57 --------- d-----w c:\documents and settings\Mous\Data aplikací\Skype
2009-03-14 20:56 --------- d-----w c:\documents and settings\Mous\Data aplikací\skypePM
2009-03-13 14:38 --------- d-----w c:\program files\Warcraft III
2009-03-09 03:19 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-03-04 14:23 --------- d-----w c:\program files\Common Files\Blizzard Entertainment
2009-02-27 12:45 --------- d-----w c:\program files\MobMapUpdater
2009-02-25 20:53 --------- d-----w c:\documents and settings\Mous\Data aplikací\MobMapUpdater
2009-02-12 18:36 --------- d-----w c:\program files\Pět kouzelných amuletů
2009-02-11 09:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 09:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-02-09 13:44 --------- d-----w c:\program files\Google
2008-09-01 22:32 1,935,872 ----a-w c:\program files\tvsetup.msi
2008-01-26 10:48 32 ----a-r c:\documents and settings\All Users\hash.dat
2007-11-25 19:02 22,328 ----a-w c:\documents and settings\Mous\Data aplikací\PnkBstrK.sys
2007-10-13 22:36 47,360 ----a-w c:\documents and settings\Mous\Data aplikací\pcouffin.sys
2007-06-04 12:37 56 --sha-r c:\windows\system32\4DE33A8182.sys
2007-06-04 12:37 1,890 -csha-w c:\windows\system32\KGyGaAvL.sys
.
------- Sigcheck -------
2007-02-19 17:23 666624 1b6588693895000623b366cd4d4786cc c:\windows\$hf_mig$\KB931768\SP2QFE\wininet.dll
2007-04-18 14:46 666624 0c48ac2ab588fa90689c01ff40f6984c c:\windows\$hf_mig$\KB933566\SP2QFE\wininet.dll
2007-06-26 16:53 666624 59f33ed26e4f253dc4eb4e7cea766953 c:\windows\$hf_mig$\KB937143\SP2QFE\wininet.dll
2007-08-22 14:58 666624 3d3a44493bbe48699abb77cd7a30c790 c:\windows\$hf_mig$\KB939653\SP2QFE\wininet.dll
2007-12-07 02:48 667136 b29c19b8d0a01d408229d07972ec8001 c:\windows\$hf_mig$\KB944533\SP2QFE\wininet.dll
2007-12-07 03:59 825344 32cc73f851f377b035a5b8216cac63ce c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
2004-08-17 16:49 657408 50d263e3454e8357d13bb598129185ad c:\windows\$NtUninstallKB931768$\wininet.dll
2007-02-19 17:05 659968 be49f3f390b3ed242c2abcab2f1350a4 c:\windows\$NtUninstallKB933566$\wininet.dll
2007-04-18 14:32 659968 5a3872496fb8baa611f1174b56c8d627 c:\windows\$NtUninstallKB937143$\wininet.dll
2007-06-26 16:15 659968 b81b32f9e43bb5bea755ae11e9196d12 c:\windows\$NtUninstallKB939653$\wininet.dll
2007-08-22 15:18 659968 81f70e1d35f41c034b92fdf24af12cab c:\windows\$NtUninstallKB944533$\wininet.dll
2008-04-14 09:52 667136 3fe5e65a7ed9ec98aee9167ca07812d3 c:\windows\ServicePackFiles\i386\wininet.dll
2007-10-11 01:50 824832 c543cc3d7a05fb0d23107c89115811a0 c:\windows\SoftwareDistribution\Download\1b2d1e82f1d52f1e15e78edb3a426c24\SP2GDR\wininet.dll
2007-10-11 01:41 825344 3c48d8efa3ffa68f7aeaaaffab6b9cb3 c:\windows\SoftwareDistribution\Download\1b2d1e82f1d52f1e15e78edb3a426c24\SP2QFE\wininet.dll
2007-12-07 04:14 824832 e9b04b01d5a1ecc47b2e4364d171cf23 c:\windows\system32\wininet.dll
2007-12-07 04:14 824832 e9b04b01d5a1ecc47b2e4364d171cf23 c:\windows\system32\dllcache\wininet.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"OEXPRESS"="c:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE" [2008-02-27 26624]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"mspwr"="c:\windows\system32\PuXpMan2.exe" [2005-09-29 110592]
"NotebookHardwareControl"="c:\program files\Notebook Hardware Control\nhc.exe" [2007-05-04 2629632]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"COMODO Firewall Pro"="c:\program files\Comodo\Firewall\cfp.exe" [2009-04-07 1851128]
"COMODO Internet Security"="c:\program files\Comodo\Firewall\cfp.exe" [2009-04-07 1851128]
"nwiz"="nwiz.exe" [2008-05-16 c:\windows\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-05-17 c:\windows\SOUNDMAN.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Mous\Nabˇdka Start\Programy\Po spuçtŘnˇ\
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2007-08-27 624416]
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-04-04 3450608]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.asv2"= asusasv2.dll
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0crcnat.exe
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="1"
"UpdatesDisableNotify"="1"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Avant Browser\\avant.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\STRONG+\\StrongDC.exe"=
"c:\\Program Files\\STRONG (Mous)\\StrongDC.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"c:\\Program Files\\Doom 3\\Doom3.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\TrackMania Sunrise\\TmSunrise.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\Free Download Manager\\fdm.exe"=
"c:\\Program Files\\Call of Duty\\CoDUOMP.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"=
"c:\\Program Files\\Electronic Arts\\The Lord of the Rings, The Rise of the Witch-king\\game.dat"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Program Files\\ICQ6 cz\\ICQ.exe"=
"c:\\Program Files\\Flagship Studios\\Hellgate London\\Launcher.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"c:\\Program Files\\THQ\\Frontlines-Fuel of War\\Binaries\\FFOW.exe"=
"c:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"80:UDP"= 80:UDP:127.0.0.1
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"3306:TCP"= 3306:TCP:MySQL Server
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-04-06 110992]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-04-06 24336]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2007-12-21 33800]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [2008-02-01 17:24:04 41456]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-12-21 468224]
R3 ncfvsbus;NCF Virtual Serial Bus Enumerator;c:\windows\system32\drivers\ncfvsbus.sys [2008-09-03 25088]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2004-08-04 69120]
S2 gupdate1c9861fd4020982;Google Update Service (gupdate1c9861fd4020982);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 133104]
S2 sfrem02;FrontLine Drivers Auto Removal (v2);c:\windows\system32\sfrem02.exe svc --> c:\windows\system32\sfrem02.exe svc [?]
S3 WLAN; Wireless LAN Driver;c:\windows\system32\DRIVERS\wlanNDS.sys --> c:\windows\system32\DRIVERS\wlanNDS.sys [?]
S4 FAH@C:+DOCUME~1+Mous+LOCALS~1+Temp+Rar$EX06.625+FAH.exe;FAH@C:+DOCUME~1+Mous+LOCALS~1+Temp+Rar$EX06.625+FAH.exe;c:\docume~1\Mous\LOCALS~1\Temp\Rar$EX06.625\FAH.exe -svcstart --> c:\docume~1\Mous\LOCALS~1\Temp\Rar$EX06.625\FAH.exe -svcstart [?]
S4 FAH@C:+Program Files+Fallout 3+FAH.exe;FAH@C:+Program Files+Fallout 3+FAH.exe;c:\program files\Fallout 3\FAH.exe -svcstart --> c:\program files\Fallout 3\FAH.exe -svcstart [?]
.
Obsah adresáře 'Naplánované úlohy'
2009-04-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-179605362-839522115-1003.job
- c:\documents and settings\Mous\Local Settings\Data aplikac []
.
.
------- Doplňkový sken -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Stáhnout Free Download Managerem - file://c:\program files\Free Download Manager\dllink.htm
IE: Stáhnout video Free Download Managerem - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://c:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://c:\program files\Free Download Manager\dlall.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - c:\program files\Free Download Manager\FUM\fumiebtn.dll
FF - ProfilePath - c:\documents and settings\Mous\Data aplikací\Mozilla\Firefox\Profiles\q5s4rbic.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.tiscali.cz/home/
FF - component: c:\documents and settings\Mous\Data aplikací\Mozilla\Firefox\Profiles\q5s4rbic.default\extensions\{003D3EDC-99B9-4a34-9C20-60CB94F7E829}\components\nsWebFF15.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.proxy.type - 0
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-08 21:28:47
Windows 5.1.2600 Service Pack 3 NTFS
detected NTDLL code modification:
ZwClose, ZwOpenFile
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
"ServiceDll"="c:\windows\system32\es.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FAH@C:+DOCUME~1+Mous+LOCALS~1+Temp+Rar$EX06.625+FAH.exe]
"ImagePath"="c:\docume~1\Mous\LOCALS~1\Temp\Rar$EX06.625\FAH.exe -svcstart"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FAH@C:+Program Files+Fallout 3+FAH.exe]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(888)
c:\windows\system32\guard32.dll
- - - - - - - > 'lsass.exe'(952)
c:\windows\system32\guard32.dll
.
Celkový čas: 2009-04-08 21:30:23
ComboFix-quarantined-files.txt 2009-04-08 19:30:13
ComboFix2.txt 2009-04-08 19:23:49
Před spuštěním: Volných bajtů: 10 024 968 192
Po spuštění: Volných bajtů: 10,009,608,192
256 --- E O F --- 2008-09-20 08:09:01
Nebylo by moudré pobízet ďábla k pokloně.
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: HiJackThis log pls kontrola
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
File::
c:\windows\003080_.tmp
c:\windows\system32\nnr.dll
c:\windows\system32\4DE33A8182.sys
c:\windows\system32\KGyGaAvL.sys
Driver::
4DE33A8182
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0"
"UpdatesDisableNotify"="0"Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: HiJackThis log pls kontrola
Mam dotaz po Combo Fixu se mi přestaly načítat stránky ale pingnu si na všechni stránky nevíš náhodou čím to je ?
Nebylo by moudré pobízet ďábla k pokloně.
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: HiJackThis log pls kontrola
Ten script jsi neudělal?
Nevím , čím to může být . Proveď ten script.
vyčisti systém CCleanerem
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
Nevím , čím to může být . Proveď ten script.
vyčisti systém CCleanerem
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: HiJackThis log pls kontrola
ComboFix 09-04-04.01 - Mous 2009-04-09 19:01:09.6 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.2047.1399 [GMT 2:00]
Spuštěný z: c:\documents and settings\Mous\Plocha\VerTerm.exe
Použité ovládací přepínače :: c:\documents and settings\Mous\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
FW: COMODO Firewall *disabled*
* Vytvořen nový Bod Obnovení
FILE ::
c:\windows\003080_.tmp
c:\windows\system32\4DE33A8182.sys
c:\windows\system32\KGyGaAvL.sys
c:\windows\system32\nnr.dll
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\Mous\LOCALS~1\Temp\install_flash_player.exe
c:\windows\003080_.tmp
c:\windows\system32\4DE33A8182.sys
c:\windows\system32\KGyGaAvL.sys
c:\windows\system32\kr_done1
c:\windows\system32\nnr.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-03-09 do 2009-04-09 )))))))))))))))))))))))))))))))
.
2009-04-09 08:51 . 2009-04-09 08:51 <DIR> d-------- c:\program files\Plustech Inc
2009-04-09 08:51 . 2000-12-06 00:00 209,608 --a------ c:\windows\system32\TABCTL32.OCX
2009-04-09 08:51 . 2001-04-18 11:32 205,848 --a------ c:\windows\system32\Threed32.ocx
2009-04-09 08:51 . 2000-07-15 00:00 101,888 --a------ c:\windows\system32\VB6STKIT.DLL
2009-04-09 08:51 . 2001-08-27 15:12 19,490 --a------ c:\windows\system32\IPCFLT.VXD
2009-04-09 08:32 . 2009-01-22 02:40 163,840 --a------ c:\windows\system32\SecureNet.dll
2009-04-09 08:31 . 2009-04-09 08:34 <DIR> d-------- c:\program files\Hide My IP 2009
2009-04-09 08:31 . 2008-11-03 05:45 1,126,400 --a------ c:\windows\system32\libeay32.dll
2009-04-09 08:31 . 2008-11-03 05:45 204,800 --a------ c:\windows\system32\ssleay32.dll
2009-04-08 23:41 . 2009-04-08 23:41 33,280 --a------ c:\windows\system32\lkanfl.exe
2009-04-08 23:41 . 2009-04-08 23:41 33,280 ---h----- c:\documents and settings\Mous\mej.exe
2009-04-07 17:23 . 2003-07-08 10:13 28,672 --a------ c:\windows\system32\sizelimit.ocx
2009-04-06 20:49 . 2009-04-07 16:24 155,384 --a------ c:\windows\system32\guard32.dll
2009-04-06 20:49 . 2009-04-07 16:25 110,992 --a------ c:\windows\system32\drivers\cmdguard.sys
2009-04-06 20:49 . 2009-04-07 16:25 24,336 --a------ c:\windows\system32\drivers\cmdhlp.sys
2009-04-03 18:59 . 2009-04-03 18:59 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\RunOff
2009-03-31 17:05 . 2009-04-01 16:19 <DIR> d-------- c:\windows\FFTemp
2009-03-31 17:05 . 2009-03-31 17:05 115,016 --a------ c:\windows\system32\MSINET.OCX
2009-03-31 17:01 . 2009-03-31 17:01 226 --a------ c:\documents and settings\Mous\Data aplikací\asd.bat
2009-03-28 14:16 . 2009-03-28 14:18 <DIR> d-------- C:\rings
2009-03-26 15:12 . 2009-03-26 15:12 <DIR> d-------- c:\program files\Cenega Czech
2009-03-24 17:45 . 2009-03-24 17:46 <DIR> d-------- C:\Warhammer Online - Age of Reckoning
2009-03-21 00:25 . 2009-03-21 00:25 41,808 --a------ c:\windows\system32\xfcodec.dll
2009-03-20 17:05 . 2009-03-20 17:05 <DIR> d-------- c:\windows\ServicePackFiles
2009-03-20 00:17 . 2005-11-16 17:05 1,056,768 --a------ c:\windows\system32\ROBOEX32.DLL
2009-03-20 00:17 . 2005-11-16 17:05 49,152 --a------ c:\windows\system32\INETWH32.DLL
2009-03-20 00:16 . 2009-03-20 00:16 <DIR> d-------- c:\program files\NetObjects
2009-03-15 22:47 . 2009-03-15 22:47 <DIR> d-------- C:\videooutput
2009-03-15 22:47 . 2009-03-15 22:47 <DIR> d-------- c:\program files\Free FLV to AVI Converter
2009-03-15 22:47 . 2007-03-07 01:45 3,086,336 --a------ c:\windows\system32\NCMedia.dll
2009-03-15 22:47 . 2007-03-07 01:45 3,086,336 --a------ c:\windows\system32\flvvideo.dll
2009-03-15 22:47 . 2006-11-01 15:52 765,952 --a------ c:\windows\system32\xvidcore.dll
2009-03-15 22:47 . 2007-02-25 16:36 383,238 --a------ c:\windows\system32\libmp3lame-0.dll
2009-03-15 21:31 . 2009-03-15 21:31 <DIR> d-------- c:\program files\Moyea
2009-03-15 21:31 . 2009-03-15 21:31 <DIR> d-------- c:\documents and settings\Mous\Data aplikací\Moyea
2009-03-13 22:01 . 2009-03-13 22:01 <DIR> d-------- c:\program files\Blast! Entertainment Ltd
2009-03-13 21:59 . 2009-02-22 21:25 329,959,728 --a------ c:\temp\rld-bean.bin
2009-03-12 23:43 . 2009-03-12 23:43 <DIR> d-------- c:\program files\MySQL
2009-03-11 20:31 . 2009-03-11 20:31 <DIR> d-------- c:\program files\PremiumSoft
2009-03-11 20:31 . 2006-04-13 12:30 1,073,152 --a------ c:\windows\system32\libmysql_c.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-09 08:13 --------- d-----w c:\documents and settings\Mous\Data aplikací\Hamachi
2009-04-09 07:43 22,528 ----a-w c:\windows\system32\drivers\nhcDriver.sys
2009-04-08 21:59 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-08 17:16 --------- d-----w c:\documents and settings\All Users\Data aplikací\Google Updater
2009-04-07 17:25 --------- d-----w c:\documents and settings\All Users\Data aplikací\Comodo
2009-04-06 18:49 --------- d-----w c:\documents and settings\Mous\Data aplikací\Comodo
2009-04-06 18:37 --------- d-----w c:\program files\VoipCheapCom
2009-04-06 17:50 --------- d-----w c:\program files\Doom 3
2009-04-06 12:38 --------- d-----w c:\program files\Kopie - WoW
2009-04-05 12:20 --------- d-----w c:\program files\Java
2009-04-03 12:18 --------- d-----w c:\documents and settings\Mous\Data aplikací\Free Download Manager
2009-04-02 21:14 --------- d-----w c:\program files\World of Warcraft
2009-03-31 14:59 25,280 ----a-w c:\windows\system32\drivers\hamachi.sys
2009-03-31 14:48 --------- d-----r c:\program files\Age Of Empires 2 & The Conquerors Expansion - Full Game - [HUSSEY]
2009-03-31 14:05 --------- d-----w c:\documents and settings\Mous\Data aplikací\Xfire
2009-03-31 13:56 --------- d-----w c:\program files\Teamspeak2_RC2
2009-03-28 10:53 --------- d-----w c:\program files\Xfire
2009-03-26 14:49 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-26 14:49 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-03-19 22:16 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-14 21:07 --------- d-----w c:\program files\ICQ6 cz
2009-03-14 20:57 --------- d-----w c:\documents and settings\Mous\Data aplikací\Skype
2009-03-14 20:56 --------- d-----w c:\documents and settings\Mous\Data aplikací\skypePM
2009-03-13 14:38 --------- d-----w c:\program files\Warcraft III
2009-03-09 03:19 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-03-04 14:23 --------- d-----w c:\program files\Common Files\Blizzard Entertainment
2009-02-27 12:45 --------- d-----w c:\program files\MobMapUpdater
2009-02-25 20:53 --------- d-----w c:\documents and settings\Mous\Data aplikací\MobMapUpdater
2009-02-12 18:36 --------- d-----w c:\program files\Pět kouzelných amuletů
2009-02-09 13:44 --------- d-----w c:\program files\Google
2008-09-01 22:32 1,935,872 ----a-w c:\program files\tvsetup.msi
2008-01-26 10:48 32 ----a-r c:\documents and settings\All Users\hash.dat
2007-11-25 19:02 22,328 ----a-w c:\documents and settings\Mous\Data aplikací\PnkBstrK.sys
2007-10-13 22:36 47,360 ----a-w c:\documents and settings\Mous\Data aplikací\pcouffin.sys
.
------- Sigcheck -------
2007-02-19 17:23 666624 1b6588693895000623b366cd4d4786cc c:\windows\$hf_mig$\KB931768\SP2QFE\wininet.dll
2007-04-18 14:46 666624 0c48ac2ab588fa90689c01ff40f6984c c:\windows\$hf_mig$\KB933566\SP2QFE\wininet.dll
2007-06-26 16:53 666624 59f33ed26e4f253dc4eb4e7cea766953 c:\windows\$hf_mig$\KB937143\SP2QFE\wininet.dll
2007-08-22 14:58 666624 3d3a44493bbe48699abb77cd7a30c790 c:\windows\$hf_mig$\KB939653\SP2QFE\wininet.dll
2007-12-07 02:48 667136 b29c19b8d0a01d408229d07972ec8001 c:\windows\$hf_mig$\KB944533\SP2QFE\wininet.dll
2007-12-07 03:59 825344 32cc73f851f377b035a5b8216cac63ce c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
2004-08-17 16:49 657408 50d263e3454e8357d13bb598129185ad c:\windows\$NtUninstallKB931768$\wininet.dll
2007-02-19 17:05 659968 be49f3f390b3ed242c2abcab2f1350a4 c:\windows\$NtUninstallKB933566$\wininet.dll
2007-04-18 14:32 659968 5a3872496fb8baa611f1174b56c8d627 c:\windows\$NtUninstallKB937143$\wininet.dll
2007-06-26 16:15 659968 b81b32f9e43bb5bea755ae11e9196d12 c:\windows\$NtUninstallKB939653$\wininet.dll
2007-08-22 15:18 659968 81f70e1d35f41c034b92fdf24af12cab c:\windows\$NtUninstallKB944533$\wininet.dll
2008-04-14 09:52 667136 3fe5e65a7ed9ec98aee9167ca07812d3 c:\windows\ServicePackFiles\i386\wininet.dll
2007-10-11 01:50 824832 c543cc3d7a05fb0d23107c89115811a0 c:\windows\SoftwareDistribution\Download\1b2d1e82f1d52f1e15e78edb3a426c24\SP2GDR\wininet.dll
2007-10-11 01:41 825344 3c48d8efa3ffa68f7aeaaaffab6b9cb3 c:\windows\SoftwareDistribution\Download\1b2d1e82f1d52f1e15e78edb3a426c24\SP2QFE\wininet.dll
2007-12-07 04:14 824832 e9b04b01d5a1ecc47b2e4364d171cf23 c:\windows\system32\wininet.dll
2007-12-07 04:14 824832 e9b04b01d5a1ecc47b2e4364d171cf23 c:\windows\system32\dllcache\wininet.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-04-08_21.22.14.42 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-05 03:24:02 3,695,008 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2009-02-03 02:15:28 3,771,296 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32.dll
- 2008-10-05 03:24:04 235,936 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2009-02-03 02:15:30 240,544 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
- 2008-11-08 10:13:47 84,661 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-04-09 06:33:37 84,661 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-04-09 16:11:22 16,384 ----atw c:\windows\temp\Perflib_Perfdata_140.dat
+ 2009-04-09 07:40:29 16,384 ----atw c:\windows\temp\Perflib_Perfdata_500.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"OEXPRESS"="c:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE" [2008-02-27 26624]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"mspwr"="c:\windows\system32\PuXpMan2.exe" [2005-09-29 110592]
"NotebookHardwareControl"="c:\program files\Notebook Hardware Control\nhc.exe" [2007-05-04 2629632]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"COMODO Firewall Pro"="c:\program files\Comodo\Firewall\cfp.exe" [2009-04-07 1851128]
"COMODO Internet Security"="c:\program files\Comodo\Firewall\cfp.exe" [2009-04-07 1851128]
"lkanfl"="c:\windows\system32\lkanfl.exe" [2009-04-08 33280]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-03-26 401040]
"nwiz"="nwiz.exe" [2008-05-16 c:\windows\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-05-17 c:\windows\SOUNDMAN.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Mous\Nabˇdka Start\Programy\Po spuçtŘnˇ\
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2007-08-27 624416]
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-04-04 3450608]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.asv2"= asusasv2.dll
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0crcnat.exe
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0"
"UpdatesDisableNotify"="0"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Avant Browser\\avant.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\STRONG+\\StrongDC.exe"=
"c:\\Program Files\\STRONG (Mous)\\StrongDC.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"c:\\Program Files\\Doom 3\\Doom3.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\TrackMania Sunrise\\TmSunrise.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\Free Download Manager\\fdm.exe"=
"c:\\Program Files\\Call of Duty\\CoDUOMP.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"=
"c:\\Program Files\\Electronic Arts\\The Lord of the Rings, The Rise of the Witch-king\\game.dat"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Program Files\\ICQ6 cz\\ICQ.exe"=
"c:\\Program Files\\Flagship Studios\\Hellgate London\\Launcher.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"c:\\Program Files\\THQ\\Frontlines-Fuel of War\\Binaries\\FFOW.exe"=
"c:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Mous\\mej.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"80:UDP"= 80:UDP:127.0.0.1
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"3306:TCP"= 3306:TCP:MySQL Server
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-04-06 110992]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-04-06 24336]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2007-12-21 33800]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [2008-02-01 17:24:04 41456]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-12-21 468224]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-01-06 179856]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-01-06 15504]
R3 ncfvsbus;NCF Virtual Serial Bus Enumerator;c:\windows\system32\drivers\ncfvsbus.sys [2008-09-03 25088]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2004-08-04 69120]
R3 SecureSrv;SecureSrv;c:\program files\Hide My IP 2009\SecureSrv.exe [2009-04-09 532784]
S2 gupdate1c9861fd4020982;Google Update Service (gupdate1c9861fd4020982);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 133104]
S2 sfrem02;FrontLine Drivers Auto Removal (v2);c:\windows\system32\sfrem02.exe svc --> c:\windows\system32\sfrem02.exe svc [?]
S3 WLAN; Wireless LAN Driver;c:\windows\system32\DRIVERS\wlanNDS.sys --> c:\windows\system32\DRIVERS\wlanNDS.sys [?]
S4 FAH@C:+DOCUME~1+Mous+LOCALS~1+Temp+Rar$EX06.625+FAH.exe;FAH@C:+DOCUME~1+Mous+LOCALS~1+Temp+Rar$EX06.625+FAH.exe;c:\docume~1\Mous\LOCALS~1\Temp\Rar$EX06.625\FAH.exe -svcstart --> c:\docume~1\Mous\LOCALS~1\Temp\Rar$EX06.625\FAH.exe -svcstart [?]
S4 FAH@C:+Program Files+Fallout 3+FAH.exe;FAH@C:+Program Files+Fallout 3+FAH.exe;c:\program files\Fallout 3\FAH.exe -svcstart --> c:\program files\Fallout 3\FAH.exe -svcstart [?]
.
Obsah adresáře 'Naplánované úlohy'
2009-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-179605362-839522115-1003.job
- c:\documents and settings\Mous\Local Settings\Data aplikac []
.
.
------- Doplňkový sken -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Stáhnout Free Download Managerem - file://c:\program files\Free Download Manager\dllink.htm
IE: Stáhnout video Free Download Managerem - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://c:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://c:\program files\Free Download Manager\dlall.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - c:\program files\Free Download Manager\FUM\fumiebtn.dll
LSP: c:\windows\system32\SecureNet.dll
FF - ProfilePath - c:\documents and settings\Mous\Data aplikací\Mozilla\Firefox\Profiles\q5s4rbic.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.tiscali.cz/home/
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.proxy.type - 0
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-09 19:04:42
Windows 5.1.2600 Service Pack 3 NTFS
detected NTDLL code modification:
ZwClose, ZwOpenFile
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
"ServiceDll"="c:\windows\system32\es.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FAH@C:+DOCUME~1+Mous+LOCALS~1+Temp+Rar$EX06.625+FAH.exe]
"ImagePath"="c:\docume~1\Mous\LOCALS~1\Temp\Rar$EX06.625\FAH.exe -svcstart"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FAH@C:+Program Files+Fallout 3+FAH.exe]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(884)
c:\windows\system32\guard32.dll
- - - - - - - > 'lsass.exe'(944)
c:\windows\system32\guard32.dll
c:\windows\system32\SecureNet.dll
.
Celkový čas: 2009-04-09 19:07:17
ComboFix-quarantined-files.txt 2009-04-09 17:06:38
ComboFix2.txt 2009-04-08 19:30:26
ComboFix3.txt 2009-04-08 19:23:49
Před spuštěním: Volných bajtů: 10 059 796 480
Po spuštění: Volných bajtů: 10,045,100,032
298 --- E O F --- 2008-09-20 08:09:01
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.2047.1399 [GMT 2:00]
Spuštěný z: c:\documents and settings\Mous\Plocha\VerTerm.exe
Použité ovládací přepínače :: c:\documents and settings\Mous\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
FW: COMODO Firewall *disabled*
* Vytvořen nový Bod Obnovení
FILE ::
c:\windows\003080_.tmp
c:\windows\system32\4DE33A8182.sys
c:\windows\system32\KGyGaAvL.sys
c:\windows\system32\nnr.dll
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\Mous\LOCALS~1\Temp\install_flash_player.exe
c:\windows\003080_.tmp
c:\windows\system32\4DE33A8182.sys
c:\windows\system32\KGyGaAvL.sys
c:\windows\system32\kr_done1
c:\windows\system32\nnr.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-03-09 do 2009-04-09 )))))))))))))))))))))))))))))))
.
2009-04-09 08:51 . 2009-04-09 08:51 <DIR> d-------- c:\program files\Plustech Inc
2009-04-09 08:51 . 2000-12-06 00:00 209,608 --a------ c:\windows\system32\TABCTL32.OCX
2009-04-09 08:51 . 2001-04-18 11:32 205,848 --a------ c:\windows\system32\Threed32.ocx
2009-04-09 08:51 . 2000-07-15 00:00 101,888 --a------ c:\windows\system32\VB6STKIT.DLL
2009-04-09 08:51 . 2001-08-27 15:12 19,490 --a------ c:\windows\system32\IPCFLT.VXD
2009-04-09 08:32 . 2009-01-22 02:40 163,840 --a------ c:\windows\system32\SecureNet.dll
2009-04-09 08:31 . 2009-04-09 08:34 <DIR> d-------- c:\program files\Hide My IP 2009
2009-04-09 08:31 . 2008-11-03 05:45 1,126,400 --a------ c:\windows\system32\libeay32.dll
2009-04-09 08:31 . 2008-11-03 05:45 204,800 --a------ c:\windows\system32\ssleay32.dll
2009-04-08 23:41 . 2009-04-08 23:41 33,280 --a------ c:\windows\system32\lkanfl.exe
2009-04-08 23:41 . 2009-04-08 23:41 33,280 ---h----- c:\documents and settings\Mous\mej.exe
2009-04-07 17:23 . 2003-07-08 10:13 28,672 --a------ c:\windows\system32\sizelimit.ocx
2009-04-06 20:49 . 2009-04-07 16:24 155,384 --a------ c:\windows\system32\guard32.dll
2009-04-06 20:49 . 2009-04-07 16:25 110,992 --a------ c:\windows\system32\drivers\cmdguard.sys
2009-04-06 20:49 . 2009-04-07 16:25 24,336 --a------ c:\windows\system32\drivers\cmdhlp.sys
2009-04-03 18:59 . 2009-04-03 18:59 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\RunOff
2009-03-31 17:05 . 2009-04-01 16:19 <DIR> d-------- c:\windows\FFTemp
2009-03-31 17:05 . 2009-03-31 17:05 115,016 --a------ c:\windows\system32\MSINET.OCX
2009-03-31 17:01 . 2009-03-31 17:01 226 --a------ c:\documents and settings\Mous\Data aplikací\asd.bat
2009-03-28 14:16 . 2009-03-28 14:18 <DIR> d-------- C:\rings
2009-03-26 15:12 . 2009-03-26 15:12 <DIR> d-------- c:\program files\Cenega Czech
2009-03-24 17:45 . 2009-03-24 17:46 <DIR> d-------- C:\Warhammer Online - Age of Reckoning
2009-03-21 00:25 . 2009-03-21 00:25 41,808 --a------ c:\windows\system32\xfcodec.dll
2009-03-20 17:05 . 2009-03-20 17:05 <DIR> d-------- c:\windows\ServicePackFiles
2009-03-20 00:17 . 2005-11-16 17:05 1,056,768 --a------ c:\windows\system32\ROBOEX32.DLL
2009-03-20 00:17 . 2005-11-16 17:05 49,152 --a------ c:\windows\system32\INETWH32.DLL
2009-03-20 00:16 . 2009-03-20 00:16 <DIR> d-------- c:\program files\NetObjects
2009-03-15 22:47 . 2009-03-15 22:47 <DIR> d-------- C:\videooutput
2009-03-15 22:47 . 2009-03-15 22:47 <DIR> d-------- c:\program files\Free FLV to AVI Converter
2009-03-15 22:47 . 2007-03-07 01:45 3,086,336 --a------ c:\windows\system32\NCMedia.dll
2009-03-15 22:47 . 2007-03-07 01:45 3,086,336 --a------ c:\windows\system32\flvvideo.dll
2009-03-15 22:47 . 2006-11-01 15:52 765,952 --a------ c:\windows\system32\xvidcore.dll
2009-03-15 22:47 . 2007-02-25 16:36 383,238 --a------ c:\windows\system32\libmp3lame-0.dll
2009-03-15 21:31 . 2009-03-15 21:31 <DIR> d-------- c:\program files\Moyea
2009-03-15 21:31 . 2009-03-15 21:31 <DIR> d-------- c:\documents and settings\Mous\Data aplikací\Moyea
2009-03-13 22:01 . 2009-03-13 22:01 <DIR> d-------- c:\program files\Blast! Entertainment Ltd
2009-03-13 21:59 . 2009-02-22 21:25 329,959,728 --a------ c:\temp\rld-bean.bin
2009-03-12 23:43 . 2009-03-12 23:43 <DIR> d-------- c:\program files\MySQL
2009-03-11 20:31 . 2009-03-11 20:31 <DIR> d-------- c:\program files\PremiumSoft
2009-03-11 20:31 . 2006-04-13 12:30 1,073,152 --a------ c:\windows\system32\libmysql_c.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-09 08:13 --------- d-----w c:\documents and settings\Mous\Data aplikací\Hamachi
2009-04-09 07:43 22,528 ----a-w c:\windows\system32\drivers\nhcDriver.sys
2009-04-08 21:59 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-08 17:16 --------- d-----w c:\documents and settings\All Users\Data aplikací\Google Updater
2009-04-07 17:25 --------- d-----w c:\documents and settings\All Users\Data aplikací\Comodo
2009-04-06 18:49 --------- d-----w c:\documents and settings\Mous\Data aplikací\Comodo
2009-04-06 18:37 --------- d-----w c:\program files\VoipCheapCom
2009-04-06 17:50 --------- d-----w c:\program files\Doom 3
2009-04-06 12:38 --------- d-----w c:\program files\Kopie - WoW
2009-04-05 12:20 --------- d-----w c:\program files\Java
2009-04-03 12:18 --------- d-----w c:\documents and settings\Mous\Data aplikací\Free Download Manager
2009-04-02 21:14 --------- d-----w c:\program files\World of Warcraft
2009-03-31 14:59 25,280 ----a-w c:\windows\system32\drivers\hamachi.sys
2009-03-31 14:48 --------- d-----r c:\program files\Age Of Empires 2 & The Conquerors Expansion - Full Game - [HUSSEY]
2009-03-31 14:05 --------- d-----w c:\documents and settings\Mous\Data aplikací\Xfire
2009-03-31 13:56 --------- d-----w c:\program files\Teamspeak2_RC2
2009-03-28 10:53 --------- d-----w c:\program files\Xfire
2009-03-26 14:49 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-26 14:49 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-03-19 22:16 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-14 21:07 --------- d-----w c:\program files\ICQ6 cz
2009-03-14 20:57 --------- d-----w c:\documents and settings\Mous\Data aplikací\Skype
2009-03-14 20:56 --------- d-----w c:\documents and settings\Mous\Data aplikací\skypePM
2009-03-13 14:38 --------- d-----w c:\program files\Warcraft III
2009-03-09 03:19 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-03-04 14:23 --------- d-----w c:\program files\Common Files\Blizzard Entertainment
2009-02-27 12:45 --------- d-----w c:\program files\MobMapUpdater
2009-02-25 20:53 --------- d-----w c:\documents and settings\Mous\Data aplikací\MobMapUpdater
2009-02-12 18:36 --------- d-----w c:\program files\Pět kouzelných amuletů
2009-02-09 13:44 --------- d-----w c:\program files\Google
2008-09-01 22:32 1,935,872 ----a-w c:\program files\tvsetup.msi
2008-01-26 10:48 32 ----a-r c:\documents and settings\All Users\hash.dat
2007-11-25 19:02 22,328 ----a-w c:\documents and settings\Mous\Data aplikací\PnkBstrK.sys
2007-10-13 22:36 47,360 ----a-w c:\documents and settings\Mous\Data aplikací\pcouffin.sys
.
------- Sigcheck -------
2007-02-19 17:23 666624 1b6588693895000623b366cd4d4786cc c:\windows\$hf_mig$\KB931768\SP2QFE\wininet.dll
2007-04-18 14:46 666624 0c48ac2ab588fa90689c01ff40f6984c c:\windows\$hf_mig$\KB933566\SP2QFE\wininet.dll
2007-06-26 16:53 666624 59f33ed26e4f253dc4eb4e7cea766953 c:\windows\$hf_mig$\KB937143\SP2QFE\wininet.dll
2007-08-22 14:58 666624 3d3a44493bbe48699abb77cd7a30c790 c:\windows\$hf_mig$\KB939653\SP2QFE\wininet.dll
2007-12-07 02:48 667136 b29c19b8d0a01d408229d07972ec8001 c:\windows\$hf_mig$\KB944533\SP2QFE\wininet.dll
2007-12-07 03:59 825344 32cc73f851f377b035a5b8216cac63ce c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
2004-08-17 16:49 657408 50d263e3454e8357d13bb598129185ad c:\windows\$NtUninstallKB931768$\wininet.dll
2007-02-19 17:05 659968 be49f3f390b3ed242c2abcab2f1350a4 c:\windows\$NtUninstallKB933566$\wininet.dll
2007-04-18 14:32 659968 5a3872496fb8baa611f1174b56c8d627 c:\windows\$NtUninstallKB937143$\wininet.dll
2007-06-26 16:15 659968 b81b32f9e43bb5bea755ae11e9196d12 c:\windows\$NtUninstallKB939653$\wininet.dll
2007-08-22 15:18 659968 81f70e1d35f41c034b92fdf24af12cab c:\windows\$NtUninstallKB944533$\wininet.dll
2008-04-14 09:52 667136 3fe5e65a7ed9ec98aee9167ca07812d3 c:\windows\ServicePackFiles\i386\wininet.dll
2007-10-11 01:50 824832 c543cc3d7a05fb0d23107c89115811a0 c:\windows\SoftwareDistribution\Download\1b2d1e82f1d52f1e15e78edb3a426c24\SP2GDR\wininet.dll
2007-10-11 01:41 825344 3c48d8efa3ffa68f7aeaaaffab6b9cb3 c:\windows\SoftwareDistribution\Download\1b2d1e82f1d52f1e15e78edb3a426c24\SP2QFE\wininet.dll
2007-12-07 04:14 824832 e9b04b01d5a1ecc47b2e4364d171cf23 c:\windows\system32\wininet.dll
2007-12-07 04:14 824832 e9b04b01d5a1ecc47b2e4364d171cf23 c:\windows\system32\dllcache\wininet.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-04-08_21.22.14.42 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-05 03:24:02 3,695,008 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2009-02-03 02:15:28 3,771,296 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32.dll
- 2008-10-05 03:24:04 235,936 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2009-02-03 02:15:30 240,544 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
- 2008-11-08 10:13:47 84,661 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-04-09 06:33:37 84,661 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-04-09 16:11:22 16,384 ----atw c:\windows\temp\Perflib_Perfdata_140.dat
+ 2009-04-09 07:40:29 16,384 ----atw c:\windows\temp\Perflib_Perfdata_500.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"OEXPRESS"="c:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE" [2008-02-27 26624]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"mspwr"="c:\windows\system32\PuXpMan2.exe" [2005-09-29 110592]
"NotebookHardwareControl"="c:\program files\Notebook Hardware Control\nhc.exe" [2007-05-04 2629632]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"COMODO Firewall Pro"="c:\program files\Comodo\Firewall\cfp.exe" [2009-04-07 1851128]
"COMODO Internet Security"="c:\program files\Comodo\Firewall\cfp.exe" [2009-04-07 1851128]
"lkanfl"="c:\windows\system32\lkanfl.exe" [2009-04-08 33280]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-03-26 401040]
"nwiz"="nwiz.exe" [2008-05-16 c:\windows\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-05-17 c:\windows\SOUNDMAN.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Mous\Nabˇdka Start\Programy\Po spuçtŘnˇ\
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2007-08-27 624416]
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-04-04 3450608]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.asv2"= asusasv2.dll
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0crcnat.exe
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0"
"UpdatesDisableNotify"="0"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Avant Browser\\avant.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\STRONG+\\StrongDC.exe"=
"c:\\Program Files\\STRONG (Mous)\\StrongDC.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"c:\\Program Files\\Doom 3\\Doom3.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\TrackMania Sunrise\\TmSunrise.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\Free Download Manager\\fdm.exe"=
"c:\\Program Files\\Call of Duty\\CoDUOMP.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"=
"c:\\Program Files\\Electronic Arts\\The Lord of the Rings, The Rise of the Witch-king\\game.dat"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Program Files\\ICQ6 cz\\ICQ.exe"=
"c:\\Program Files\\Flagship Studios\\Hellgate London\\Launcher.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"c:\\Program Files\\THQ\\Frontlines-Fuel of War\\Binaries\\FFOW.exe"=
"c:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Mous\\mej.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"80:UDP"= 80:UDP:127.0.0.1
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"3306:TCP"= 3306:TCP:MySQL Server
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-04-06 110992]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-04-06 24336]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2007-12-21 33800]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [2008-02-01 17:24:04 41456]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-12-21 468224]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-01-06 179856]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-01-06 15504]
R3 ncfvsbus;NCF Virtual Serial Bus Enumerator;c:\windows\system32\drivers\ncfvsbus.sys [2008-09-03 25088]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2004-08-04 69120]
R3 SecureSrv;SecureSrv;c:\program files\Hide My IP 2009\SecureSrv.exe [2009-04-09 532784]
S2 gupdate1c9861fd4020982;Google Update Service (gupdate1c9861fd4020982);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 133104]
S2 sfrem02;FrontLine Drivers Auto Removal (v2);c:\windows\system32\sfrem02.exe svc --> c:\windows\system32\sfrem02.exe svc [?]
S3 WLAN; Wireless LAN Driver;c:\windows\system32\DRIVERS\wlanNDS.sys --> c:\windows\system32\DRIVERS\wlanNDS.sys [?]
S4 FAH@C:+DOCUME~1+Mous+LOCALS~1+Temp+Rar$EX06.625+FAH.exe;FAH@C:+DOCUME~1+Mous+LOCALS~1+Temp+Rar$EX06.625+FAH.exe;c:\docume~1\Mous\LOCALS~1\Temp\Rar$EX06.625\FAH.exe -svcstart --> c:\docume~1\Mous\LOCALS~1\Temp\Rar$EX06.625\FAH.exe -svcstart [?]
S4 FAH@C:+Program Files+Fallout 3+FAH.exe;FAH@C:+Program Files+Fallout 3+FAH.exe;c:\program files\Fallout 3\FAH.exe -svcstart --> c:\program files\Fallout 3\FAH.exe -svcstart [?]
.
Obsah adresáře 'Naplánované úlohy'
2009-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-179605362-839522115-1003.job
- c:\documents and settings\Mous\Local Settings\Data aplikac []
.
.
------- Doplňkový sken -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Stáhnout Free Download Managerem - file://c:\program files\Free Download Manager\dllink.htm
IE: Stáhnout video Free Download Managerem - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://c:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://c:\program files\Free Download Manager\dlall.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - c:\program files\Free Download Manager\FUM\fumiebtn.dll
LSP: c:\windows\system32\SecureNet.dll
FF - ProfilePath - c:\documents and settings\Mous\Data aplikací\Mozilla\Firefox\Profiles\q5s4rbic.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.tiscali.cz/home/
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.proxy.type - 0
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-09 19:04:42
Windows 5.1.2600 Service Pack 3 NTFS
detected NTDLL code modification:
ZwClose, ZwOpenFile
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
"ServiceDll"="c:\windows\system32\es.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FAH@C:+DOCUME~1+Mous+LOCALS~1+Temp+Rar$EX06.625+FAH.exe]
"ImagePath"="c:\docume~1\Mous\LOCALS~1\Temp\Rar$EX06.625\FAH.exe -svcstart"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FAH@C:+Program Files+Fallout 3+FAH.exe]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(884)
c:\windows\system32\guard32.dll
- - - - - - - > 'lsass.exe'(944)
c:\windows\system32\guard32.dll
c:\windows\system32\SecureNet.dll
.
Celkový čas: 2009-04-09 19:07:17
ComboFix-quarantined-files.txt 2009-04-09 17:06:38
ComboFix2.txt 2009-04-08 19:30:26
ComboFix3.txt 2009-04-08 19:23:49
Před spuštěním: Volných bajtů: 10 059 796 480
Po spuštění: Volných bajtů: 10,045,100,032
298 --- E O F --- 2008-09-20 08:09:01
Nebylo by moudré pobízet ďábla k pokloně.
Re: HiJackThis log pls kontrola
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:19:58, on 9.4.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hide My IP 2009\SecureSrv.exe
C:\Documents and Settings\Mous\mej.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\WINDOWS\system32\PuXpMan2.exe
C:\Program Files\Notebook Hardware Control\nhc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Comodo\Firewall\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Documents and Settings\Mous\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Mous\Plocha\přídavky\HiJackThis\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [mspwr] C:\WINDOWS\system32\PuXpMan2.exe
O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Program Files\Notebook Hardware Control\nhc.exe" -quiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\Comodo\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [lkanfl] C:\WINDOWS\system32\lkanfl.exe \u
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [OEXPRESS] C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: AutorunsDisabled
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: Stáhnout Free Download Managerem - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Stáhnout video Free Download Managerem - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Stáhnout vybrané Free Download Managerem - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Stáhnout vše Free Download Managerem - file://C:\Program Files\Free Download Manager\dlall.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6 cz\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6 cz\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Update Service (gupdate1c9861fd4020982) (gupdate1c9861fd4020982) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SecureSrv - My Privacy Tools, Inc. - C:\Program Files\Hide My IP 2009\SecureSrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: FrontLine Drivers Auto Removal (v2) (sfrem02) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem02.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: USBest Service Zero (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE (file missing)
--
End of file - 11461 bytes
Scan saved at 19:19:58, on 9.4.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hide My IP 2009\SecureSrv.exe
C:\Documents and Settings\Mous\mej.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\WINDOWS\system32\PuXpMan2.exe
C:\Program Files\Notebook Hardware Control\nhc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Comodo\Firewall\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Documents and Settings\Mous\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Mous\Plocha\přídavky\HiJackThis\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [mspwr] C:\WINDOWS\system32\PuXpMan2.exe
O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Program Files\Notebook Hardware Control\nhc.exe" -quiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\Comodo\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [lkanfl] C:\WINDOWS\system32\lkanfl.exe \u
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [OEXPRESS] C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: AutorunsDisabled
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: Stáhnout Free Download Managerem - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Stáhnout video Free Download Managerem - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Stáhnout vybrané Free Download Managerem - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Stáhnout vše Free Download Managerem - file://C:\Program Files\Free Download Manager\dlall.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6 cz\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6 cz\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Update Service (gupdate1c9861fd4020982) (gupdate1c9861fd4020982) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SecureSrv - My Privacy Tools, Inc. - C:\Program Files\Hide My IP 2009\SecureSrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: FrontLine Drivers Auto Removal (v2) (sfrem02) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem02.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: USBest Service Zero (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE (file missing)
--
End of file - 11461 bytes
Nebylo by moudré pobízet ďábla k pokloně.
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: HiJackThis log pls kontrola
Vlož ještě nový log z HJT.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: HiJackThis log pls kontrola
dit je nad tvim příspěvkem
Nebylo by moudré pobízet ďábla k pokloně.
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: HiJackThis log pls kontrola
No , nejspíš u mě přepracovanost.... 
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u
vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
Toto otestuj na Virustotal
C:\WINDOWS\system32\lkanfl.exe
Vlož sem pak odkaz výsledku.
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Kód: Vybrat vše
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - Startup: AutorunsDisabled
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u
vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
Toto otestuj na Virustotal
C:\WINDOWS\system32\lkanfl.exe
Vlož sem pak odkaz výsledku.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: HiJackThis log pls kontrola
fixnuto
log z Virustotalu
[ scan result ]
a-squared 4.0.0.101/20090410 found [Backdoor.Win32.Tofsee!IK]
AhnLab-V3 5.0.0.2/20090410 found nothing
AntiVir 7.9.0.138/20090410 found [TR/Crypt.XPACK.Gen]
Antiy-AVL 2.0.3.1/20090410 found nothing
Authentium 5.1.2.4/20090410 found [W32/Bloop.A.gen!Eldorado]
Avast 4.8.1335.0/20090409 found [Win32:Trojan-gen {Other}]
AVG 8.5.0.285/20090410 found [Generic13.VWU]
BitDefender 7.2/20090410 found nothing
CAT-QuickHeal 10.00/20090410 found [Win32.Backdoor.Tofsee.F.3]
ClamAV 0.94.1/20090410 found nothing
Comodo 1109/20090410 found nothing
DrWeb 4.44.0.09170/20090410 found [Trojan.Packed.154]
eSafe 7.0.17.0/20090407 found [Suspicious File]
eTrust-Vet 31.6.6448/20090410 found nothing
F-Prot 4.4.4.56/20090410 found [W32/Bloop.A.gen!Eldorado]
F-Secure 8.0.14470.0/20090410 found [W32/Malware]
Fortinet 3.117.0.0/20090410 found [PossibleThreat]
GData 19/20090410 found [Win32:Trojan-gen {Other}]
Ikarus T3.1.1.49.0/20090410 found [Backdoor.Win32.Tofsee]
K7AntiVirus 7.10.698/20090409 found nothing
Kaspersky 7.0.0.125/20090410 found [Heur.Trojan.Generic]
McAfee 5579/20090409 found nothing
McAfee+Artemis 5579/20090409 found [Generic!Artemis]
McAfee-GW-Edition 6.7.6/20090410 found [Trojan.Crypt.XPACK.Gen]
Microsoft 1.4502/20090410 found [Backdoor:Win32/Tofsee.F]
NOD32 3999/20090410 found nothing
Norman 6.00.06/20090409 found [W32/Malware]
nProtect 2009.1.8.0/20090410 found nothing
Panda 10.0.0.14/20090410 found nothing
PCTools 4.4.2.0/20090408 found nothing
Prevx1 V2/20090410 found [High Risk Cloaked Malware]
Rising 21.24.44.00/20090410 found nothing
Sophos 4.40.0/20090410 found [Mal/Generic-A]
Sunbelt 3.2.1858.2/20090410 found nothing
Symantec 1.4.4.12/20090410 found [Trojan Horse]
TheHacker 6.3.4.0.305/20090409 found nothing
TrendMicro 8.700.0.1004/20090410 found [PAK_Generic.001]
VBA32 3.12.10.2/20090410 found [suspected of Win32 Shadow AutoStart Install]
ViRobot 2009.4.10.1688/20090410 found nothing
VirusBuster 4.6.5.0/20090410 found nothing
log z Virustotalu
[ scan result ]
a-squared 4.0.0.101/20090410 found [Backdoor.Win32.Tofsee!IK]
AhnLab-V3 5.0.0.2/20090410 found nothing
AntiVir 7.9.0.138/20090410 found [TR/Crypt.XPACK.Gen]
Antiy-AVL 2.0.3.1/20090410 found nothing
Authentium 5.1.2.4/20090410 found [W32/Bloop.A.gen!Eldorado]
Avast 4.8.1335.0/20090409 found [Win32:Trojan-gen {Other}]
AVG 8.5.0.285/20090410 found [Generic13.VWU]
BitDefender 7.2/20090410 found nothing
CAT-QuickHeal 10.00/20090410 found [Win32.Backdoor.Tofsee.F.3]
ClamAV 0.94.1/20090410 found nothing
Comodo 1109/20090410 found nothing
DrWeb 4.44.0.09170/20090410 found [Trojan.Packed.154]
eSafe 7.0.17.0/20090407 found [Suspicious File]
eTrust-Vet 31.6.6448/20090410 found nothing
F-Prot 4.4.4.56/20090410 found [W32/Bloop.A.gen!Eldorado]
F-Secure 8.0.14470.0/20090410 found [W32/Malware]
Fortinet 3.117.0.0/20090410 found [PossibleThreat]
GData 19/20090410 found [Win32:Trojan-gen {Other}]
Ikarus T3.1.1.49.0/20090410 found [Backdoor.Win32.Tofsee]
K7AntiVirus 7.10.698/20090409 found nothing
Kaspersky 7.0.0.125/20090410 found [Heur.Trojan.Generic]
McAfee 5579/20090409 found nothing
McAfee+Artemis 5579/20090409 found [Generic!Artemis]
McAfee-GW-Edition 6.7.6/20090410 found [Trojan.Crypt.XPACK.Gen]
Microsoft 1.4502/20090410 found [Backdoor:Win32/Tofsee.F]
NOD32 3999/20090410 found nothing
Norman 6.00.06/20090409 found [W32/Malware]
nProtect 2009.1.8.0/20090410 found nothing
Panda 10.0.0.14/20090410 found nothing
PCTools 4.4.2.0/20090408 found nothing
Prevx1 V2/20090410 found [High Risk Cloaked Malware]
Rising 21.24.44.00/20090410 found nothing
Sophos 4.40.0/20090410 found [Mal/Generic-A]
Sunbelt 3.2.1858.2/20090410 found nothing
Symantec 1.4.4.12/20090410 found [Trojan Horse]
TheHacker 6.3.4.0.305/20090409 found nothing
TrendMicro 8.700.0.1004/20090410 found [PAK_Generic.001]
VBA32 3.12.10.2/20090410 found [suspected of Win32 Shadow AutoStart Install]
ViRobot 2009.4.10.1688/20090410 found nothing
VirusBuster 4.6.5.0/20090410 found nothing
Nebylo by moudré pobízet ďábla k pokloně.
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 46 hostů