kontrola hijackthis
kontrola hijacku
ahoj prý jsem to zadala špatně, tak druhý pokus Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:18:10, on 10.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\JetMailMonitor\JetMM.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\ICQ6\ICQ.exe
D:\zaloha PC\Documents and Settings\Hassmmanová\Plocha\hijackthis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\cs-cz\msnappau.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Hassmannova\Dokumenty\hijackthis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/?from=icqhp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=61005
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=61005
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=61005
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=61005
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\cs-cz\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\cs-cz\msntb.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: jetMailMonitor.lnk = C:\Program Files\JetMailMonitor\JetMM.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.cz/s/v/24.19/uploader2.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
--
End of file - 8656 bytes
Scan saved at 19:18:10, on 10.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\JetMailMonitor\JetMM.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\ICQ6\ICQ.exe
D:\zaloha PC\Documents and Settings\Hassmmanová\Plocha\hijackthis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\cs-cz\msnappau.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Hassmannova\Dokumenty\hijackthis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/?from=icqhp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=61005
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=61005
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=61005
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=61005
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\cs-cz\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\cs-cz\msntb.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: jetMailMonitor.lnk = C:\Program Files\JetMailMonitor\JetMM.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.cz/s/v/24.19/uploader2.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
--
End of file - 8656 bytes
matheba
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
ten log je v pořádku.
mywebsearch už tam neni.
tak to vyčisti
CCleanerem a RegCleanerem
a pošli log z
MWAV
mywebsearch už tam neni.
tak to vyčisti
CCleanerem a RegCleanerem
a pošli log z
MWAV
log z MWAV
Ahojky, prosím o kontrolu mwav, našlo to 15 kritických objektů - co s tím? díky moc 
zkusila jsem poslat celou kontrolu ale nějak to nejde. Seká se mi pc a nejde odeslat. tak jsem opsala výsledek kontroly mwav protože nejde okopírovat a tady to je
MWAV – nalezen Spyware/Adware
Objekt video activex access Trojan nalezen v souborovém systému
3x
Conducent flexpak spyware/adware Trojan – dowlander bat ftp ab Trojan dowlander smitfraud Browser Hijacker (soubor systém thelocalsearch Spywar/Adware
Punitiscan Spywar/Adware
Rohbot Worm
Záznam HKCR/ KM Player kpl odkazuje na neplatný objekt „( 9EB4C4CB-74c2-4be9-aa5d-8249f16020AD)“
HKCR / SEARCH.CUSTOM/ WORDBREAUKER odkazuje na neplatný objekt „(9e175bb4-f52A-11D8-B9A5-505054503030)“
C:/WINDOWS/SYSTÉM 32/ pskill exe. Indetifikován jako not-a-virus: Risk Tool Win 32 PsKille
Toto je vyhodnocení mwav opsané, protože to nešlo skopírovat.
kontrola proběhla nodem, ad awarem, ccleanerem jsem čistila nikde se nic neukázalo - jen nekritické objekty které se vyčistili. nod hlásil vše ok. tak jsem z toho tumpachová. Je fakt, že nejsem dokonalá ale s tím nic nenadělám. čekám a čekám a čekám marně. nikdo mi nechce poradit????? A to prý jste skvělí machři!!!!!! no nic, tak mám smůlu. mějte se krásně!!!
zkusila jsem poslat celou kontrolu ale nějak to nejde. Seká se mi pc a nejde odeslat. tak jsem opsala výsledek kontroly mwav protože nejde okopírovat a tady to je
MWAV – nalezen Spyware/Adware
Objekt video activex access Trojan nalezen v souborovém systému
3x
Conducent flexpak spyware/adware Trojan – dowlander bat ftp ab Trojan dowlander smitfraud Browser Hijacker (soubor systém thelocalsearch Spywar/Adware
Punitiscan Spywar/Adware
Rohbot Worm
Záznam HKCR/ KM Player kpl odkazuje na neplatný objekt „( 9EB4C4CB-74c2-4be9-aa5d-8249f16020AD)“
HKCR / SEARCH.CUSTOM/ WORDBREAUKER odkazuje na neplatný objekt „(9e175bb4-f52A-11D8-B9A5-505054503030)“
C:/WINDOWS/SYSTÉM 32/ pskill exe. Indetifikován jako not-a-virus: Risk Tool Win 32 PsKille
Toto je vyhodnocení mwav opsané, protože to nešlo skopírovat.
kontrola proběhla nodem, ad awarem, ccleanerem jsem čistila nikde se nic neukázalo - jen nekritické objekty které se vyčistili. nod hlásil vše ok. tak jsem z toho tumpachová. Je fakt, že nejsem dokonalá ale s tím nic nenadělám. čekám a čekám a čekám marně. nikdo mi nechce poradit????? A to prý jste skvělí machři!!!!!! no nic, tak mám smůlu. mějte se krásně!!!
Naposledy upravil(a) maciha dne 14 lis 2007 21:06, celkem upraveno 3 x.
matheba
-
Pic
- Moderátor
-
Guru Level 13
- Příspěvky: 23292
- Registrován: září 06
- Bydliště: Východní Čechy
- Pohlaví:
- Stav:
Offline
Obecně řečeno - odstranit je. Zkus Cleaner a Regcleaner a pak zkontroluj znovu Mwavem a dej sem výpis uvedených kritických chyb. Odborníci jistě poradí se zapeklitými problémy.
Přečti si pravidla tohoto fóra! Přečetl jsi si nejprve manuál? Piš tak, abychom Ti rozuměli! Na SZ neodpovídám na požadavky řešení Vašich problémů s PC!
Nic není dokonalé, ani člověk!
Nic není dokonalé, ani člověk!
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log, který se ti zobrazí, jinak ho najdeš zde: C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log, který se ti zobrazí, jinak ho najdeš zde: C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
log z comba fix
ComboFix 07-11-08.3 - Hassmannova 2007-11-17 21:27:21.1 - NTFSx86
Running from: C:\Documents and Settings\Hassmannova\Local Settings\Temporary Internet Files\Content.IE5\5LYZ2ZD8\ComboFix[1].exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\regedit.com
C:\WINDOWS\system32\pskill.exe
C:\WINDOWS\system32\taskmgr.com
C:\WINDOWS\TEMP.\cache
C:\WINDOWS\TEMP.\cache\eaccelerator-1a20aec94ee8a24a00c733122a7da50e
C:\WINDOWS\TEMP.\cache\eaccelerator-25a5bcda290f74bce8d0c0d612b129b4
C:\WINDOWS\TEMP.\cache\eaccelerator-29a1327cdfc560487b4047dc7aec4efe
C:\WINDOWS\TEMP.\cache\eaccelerator-34fd1e9ab11b687ce0ac385b73d941e9
C:\WINDOWS\TEMP.\cache\eaccelerator-43842cd93cd945c763303d46b5c0fadf
C:\WINDOWS\TEMP.\cache\eaccelerator-48b19a8e3d586204ca50ed453f1b6a8e
C:\WINDOWS\TEMP.\cache\eaccelerator-5b5503392869fab6a8df62bec95a4fdd
C:\WINDOWS\TEMP.\cache\eaccelerator-71660b361e11f242445d0af240799222
C:\WINDOWS\TEMP.\cache\eaccelerator-8696f4f4681621504fe37f6aafc42e1a
C:\WINDOWS\TEMP.\cache\eaccelerator-8d2367f5756d8f5adc28af09662dc0c3
C:\WINDOWS\TEMP.\cache\eaccelerator-8e3623f574bc8dce863efc2efb7c4b91
C:\WINDOWS\TEMP.\cache\eaccelerator-b624b1350118a2b5347b49d83bd22fa2
C:\WINDOWS\TEMP.\cache\eaccelerator-b7a41ad6c37cc8ad25fa7011dbccd96a
C:\WINDOWS\TEMP.\cache\eaccelerator-b962f659491a64b6edbdaf2f46c5551d
C:\WINDOWS\TEMP.\cache\eaccelerator-f484423326116e131c593117b8cc3bbf
C:\WINDOWS\TEMP.\cache\eaccelerator-f4faabb9e33a0dbd968a332237d20c0b
C:\WINDOWS\TEMP.\cache\eaccelerator-f51007e4be581987078ff5cf14b44aa3
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_NWSAPAGENT
-------\NwSapAgent
((((((((((((((((((((((((( Files Created from 2007-10-17 to 2007-11-17 )))))))))))))))))))))))))))))))
.
2007-11-17 21:18 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-11 12:47 <DIR> d-a------ C:\WINDOWS\system32\systems.txt
2007-11-10 23:40 <DIR> d-------- C:\Program Files\DreamSoft Firewall
2007-11-06 19:34 <DIR> d-------- C:\Documents and Settings\Hassmannova\Saved Games
2007-11-06 18:32 <DIR> d-------- C:\Program Files\JewelofAtlantisTrial_at
2007-11-05 21:59 <DIR> d-------- C:\Program Files\RiseofAtlantis_at
2007-10-31 23:05 <DIR> d-------- C:\Program Files\Kyodai
2007-10-31 00:31 <DIR> d-------- C:\Program Files\2004 Mahjongg Lite 3
2007-10-30 21:05 <DIR> d-------- C:\Program Files\Oberon Media
2007-10-29 15:05 <DIR> d-------- C:\Program Files\FreeCall.com
2007-10-27 14:00 <DIR> d-------- C:\Program Files\Office-Web
2007-10-27 14:00 1,089,536 --a------ C:\WINDOWS\system32\XWheel.dll
2007-10-27 14:00 425,984 --a------ C:\WINDOWS\system32\MousePage.dll
2007-10-27 14:00 114,688 --a------ C:\WINDOWS\system32\Hook.dll
2007-10-27 14:00 25,216 --a------ C:\WINDOWS\system32\drivers\HidMouse.sys
2007-10-26 14:59 <DIR> d-------- C:\Program Files\Adam
2007-10-26 14:44 <DIR> d-------- C:\Program Files\Evil Player
2007-10-26 14:37 <DIR> d-------- C:\Program Files\smplayer
2007-10-26 14:24 <DIR> d-------- C:\Program Files\iTunes
2007-10-26 14:24 <DIR> d-------- C:\Program Files\iPod
2007-10-19 21:53 <DIR> d-------- C:\SSB2000
2007-10-19 15:23 <DIR> d-------- C:\Program Files\AgSVB_w32.100
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-17 20:24 --------- d-----w C:\Program Files\ICQToolbar
2007-11-17 19:17 --------- d-----w C:\Program Files\WinClamAVShield
2007-11-17 00:32 --------- d-----w C:\Program Files\Spyware Terminator
2007-11-10 22:50 --------- d-----w C:\Program Files\Yahoo!
2007-11-10 22:45 --------- d-----w C:\Program Files\Comodo
2007-11-10 22:39 249,856 ------w C:\WINDOWS\Setup1.exe
2007-11-10 17:16 --------- d-----w C:\Program Files\ICQ6
2007-11-04 22:48 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-31 21:36 --------- d-----w C:\Program Files\Mozilla Thunderbird
2007-10-31 01:31 --------- d-----w C:\Program Files\totalcmd
2007-10-27 13:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-22 16:44 --------- d-----w C:\Program Files\Noční obloha
2007-10-19 18:02 --------- d-----w C:\Program Files\Diar
2007-10-16 12:16 --------- d-----w C:\Program Files\Picasa2
2007-10-04 20:44 --------- d-----w C:\Program Files\MeanCity
2007-10-04 20:44 --------- d-----w C:\Program Files\Jongi Jongo 2
2007-10-03 23:43 --------- d-----w C:\Program Files\RegCleaner
2007-10-02 23:30 --------- d-----w C:\Program Files\VV3
2007-10-02 23:30 --------- d-----w C:\Program Files\Recepty doma
2007-10-02 23:30 --------- d-----w C:\Program Files\JetMailMonitor
2007-10-02 23:30 --------- d-----w C:\Program Files\ICQ621_13_44
2007-10-02 22:56 --------- d-----w C:\Program Files\CCleaner
2007-09-30 16:39 --------- d-----w C:\Program Files\Landi 2000
2007-09-28 10:43 --------- d-----w C:\Program Files\Photo Story 3 for Windows
2007-09-28 00:30 --------- d-----w C:\Program Files\IconTweaker
2007-09-22 16:09 --------- d-----w C:\Program Files\MSN Apps
2007-09-22 15:29 --------- d-----w C:\Program Files\Apple Software Update
2007-09-22 15:28 --------- d-----w C:\Program Files\QuickTime
2007-09-22 15:09 --------- d-----w C:\Program Files\MSN Messenger
2007-09-20 21:04 --------- d-----w C:\Program Files\Windows Live
2007-09-19 17:14 --------- d-----w C:\Program Files\IVT Corporation
2007-09-19 16:37 --------- d-----w C:\Program Files\BenQ
2007-09-03 14:28 24 ----a-w C:\skin.dat
2007-09-03 14:26 589 ----a-w C:\svideo.dat
2007-09-03 14:24 208 ----a-w C:\smp3.dat
2007-09-03 14:22 5,040 ----a-w C:\radia.dat
2007-03-05 10:34 15,076,196 ----a-w C:\Program Files\setup.dat
2007-03-05 10:33 1,085 ----a-w C:\Program Files\info.xml
2007-03-01 12:58 12,427 ----a-w C:\Program Files\setup.lng
2007-02-26 09:43 2,595,944 ----a-w C:\Program Files\setupweb.dat
2007-02-22 07:06 5,800,927 ----a-w C:\Program Files\setupav.dat
2007-02-22 07:06 4,772,154 ----a-w C:\Program Files\setupphp.dat
2007-02-22 07:06 1,084,946 ----a-w C:\Program Files\setupldap.dat
2007-02-07 11:23 3,983 ----a-w C:\Program Files\license.txt
2007-01-08 19:18 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2006-10-25 15:11 705,584 ----a-w C:\Program Files\releasenotes.txt
2006-10-07 20:14 104,465 ----a-w C:\Program Files\releasenotes_webmail.txt
2006-07-27 16:04 1,690 ----a-w C:\Program Files\INSTALL.LOG
2006-07-25 06:46 1,865 ----a-w C:\Program Files\readme.txt
2005-03-17 09:42 589 ----a-w C:\Program Files\svideo.dat
2000-12-10 08:02 301,328 ----a-w C:\Documents and Settings\Hassmannova\ALBIERO2.EXE
2000-11-24 19:41 0 ----a-w C:\Documents and Settings\Hassmannova\VLOBJEKT.DAT
2000-11-12 09:48 175 ----a-w C:\Documents and Settings\Hassmannova\METEORY.DAT
2000-08-20 18:37 22 ----a-w C:\Documents and Settings\Hassmannova\BARVY.DAT
2000-06-08 18:37 4,776 ----a-w C:\Documents and Settings\Hassmannova\RECKA3.DAT
2000-06-03 13:58 3,048 ----a-w C:\Documents and Settings\Hassmannova\RECKA2.DAT
2000-05-25 19:01 2,592 ----a-w C:\Documents and Settings\Hassmannova\POLMAGTB.DAT
2000-05-25 18:59 1,728 ----a-w C:\Documents and Settings\Hassmannova\BLOKYT_B.DAT
2000-04-12 14:18 2,592 ----a-w C:\Documents and Settings\Hassmannova\POLMAGT.DAT
2000-04-12 14:09 1,728 ----a-w C:\Documents and Settings\Hassmannova\BLOKYT.DAT
2000-03-26 10:28 70,848 ----a-w C:\Documents and Settings\Hassmannova\PROM3.DAT
2000-03-26 10:28 19,926 ----a-w C:\Documents and Settings\Hassmannova\KDEPROM3.DAT
2000-03-19 07:57 28,386 ----a-w C:\Documents and Settings\Hassmannova\TYPPROM.DAT
2000-03-15 12:33 7,854 ----a-w C:\Documents and Settings\Hassmannova\HRANSOUH.DAT
2000-03-15 12:24 21,796 ----a-w C:\Documents and Settings\Hassmannova\CONLINES.DAT
2000-03-11 09:46 17,622 ----a-w C:\Documents and Settings\Hassmannova\POSNGC.DAT
2000-03-11 08:49 55,803 ----a-w C:\Documents and Settings\Hassmannova\NGC.DAT
2000-03-11 08:49 5,738 ----a-w C:\Documents and Settings\Hassmannova\NAMENGC.DAT
2000-03-09 14:55 125,570 ----a-w C:\Documents and Settings\Hassmannova\NKDEBIN.DAT
2000-03-09 14:54 87,899 ----a-w C:\Documents and Settings\Hassmannova\NEWBIN.DAT
2000-03-09 14:54 74,135 ----a-w C:\Documents and Settings\Hassmannova\NEWB.DAT
2000-03-02 19:54 10,896 ----a-w C:\Documents and Settings\Hassmannova\NEWJMEN.DAT
2000-03-02 17:59 27,952 ----a-w C:\Documents and Settings\Hassmannova\KDEBIN.DAT
2000-03-01 18:14 43,622 ----a-w C:\Documents and Settings\Hassmannova\NEWFLAM.DAT
2000-03-01 17:54 27,306 ----a-w C:\Documents and Settings\Hassmannova\NEWREC.DAT
2000-02-27 18:23 888 ----a-w C:\Documents and Settings\Hassmannova\RECKA.DAT
2000-02-17 16:12 3,492 ----a-w C:\Documents and Settings\Hassmannova\MISTA.DAT
2000-02-17 07:54 6,048 ----a-w C:\Documents and Settings\Hassmannova\POLMAG.DAT
2000-02-16 18:14 3,455,245 ----a-w C:\Documents and Settings\Hassmannova\SAO_PRV.DAT
2000-02-16 18:13 1,272,985 ----a-w C:\Documents and Settings\Hassmannova\INFHVEZ.DAT
2000-02-16 18:12 1,728 ----a-w C:\Documents and Settings\Hassmannova\BLOKY.DAT
2000-02-11 19:25 64,350 ----a-w C:\Documents and Settings\Hassmannova\PLANETKY.DAT
2000-02-05 12:05 20,808 ----a-w C:\Documents and Settings\Hassmannova\MAR.DAT
2000-02-02 15:16 132,440 ----a-w C:\Documents and Settings\Hassmannova\SOUHVHYP.DAT
2000-02-02 12:22 23,328 ----a-w C:\Documents and Settings\Hassmannova\SAT.DAT
2000-02-02 12:13 131,072 ----a-w C:\Documents and Settings\Hassmannova\JUP.DAT
2000-02-02 11:09 259,200 ----a-w C:\Documents and Settings\Hassmannova\VEN.DAT
2000-02-02 11:07 11,628 ----a-w C:\Documents and Settings\Hassmannova\MER.DAT
1999-10-21 13:01 1,036,800 ----a-w C:\Documents and Settings\Hassmannova\MESIC.DAT
1999-01-29 06:58 880 ----a-w C:\Documents and Settings\Hassmannova\TEXTSIZE.DAT
2006-09-20 15:53:13 88 --sh--r C:\WINDOWS\system32\029F65E805.sys
2006-09-20 15:53:18 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-06-23 14:59]
"AGRSMMSG"="AGRSMMSG.exe" [2002-09-25 11:44 C:\WINDOWS\AGRSMMSG.exe]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2007-08-28 19:12]
"DreamSoft FW"="C:\Program Files\DreamSoft Firewall\DS_FW.exe" [2004-05-15 15:53]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 14:49]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCPL"=0 (0x0)
"DisableRegedit"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsHistory"=0 (0x0)
"NoRecentDocsMenu"=0 (0x0)
"NoFavoritesMenu"=0 (0x0)
"NoLogOff"=0 (0x0)
"NoSetFolders"=0 (0x0)
"NoSetActiveDesktop"=0 (0x0)
"NoAddPrinter"=0 (0x0)
"NoDeletePrinter"=0 (0x0)
"NoPrinterTabs"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"=C:\Program Files\Google\Gmail Notifier\gnotify.exe
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys
R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\system32\drivers\kbfilter.sys
R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
R3 Cap7134;MuchTV Plus Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys
R3 HidMouse;HidMouse;C:\WINDOWS\system32\Drivers\HidMouse.sys
R3 PhTVTune;MuchTV Plus TVTuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
S2 713xTVCard;SAA7134 TV Card;C:\WINDOWS\system32\DRIVERS\SAA713x.sys
S3 BOCDRIVE;BOClean Kernel Monitor.;\??\C:\Program Files\Comodo\CBOClean\BOCDRIVE.sys
S3 BTNetFilter;Bluetooth Network Filter;\??\C:\WINDOWS\system32\drivers\BTNetFilter.sys
.
Contents of the 'Scheduled Tasks' folder
"2007-09-22 15:29:40 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-05-18 15:05:56 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1154009832.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-17 21:34:15
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-17 21:36:27 - machine was rebooted
.
--- E O F ---
Running from: C:\Documents and Settings\Hassmannova\Local Settings\Temporary Internet Files\Content.IE5\5LYZ2ZD8\ComboFix[1].exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\regedit.com
C:\WINDOWS\system32\pskill.exe
C:\WINDOWS\system32\taskmgr.com
C:\WINDOWS\TEMP.\cache
C:\WINDOWS\TEMP.\cache\eaccelerator-1a20aec94ee8a24a00c733122a7da50e
C:\WINDOWS\TEMP.\cache\eaccelerator-25a5bcda290f74bce8d0c0d612b129b4
C:\WINDOWS\TEMP.\cache\eaccelerator-29a1327cdfc560487b4047dc7aec4efe
C:\WINDOWS\TEMP.\cache\eaccelerator-34fd1e9ab11b687ce0ac385b73d941e9
C:\WINDOWS\TEMP.\cache\eaccelerator-43842cd93cd945c763303d46b5c0fadf
C:\WINDOWS\TEMP.\cache\eaccelerator-48b19a8e3d586204ca50ed453f1b6a8e
C:\WINDOWS\TEMP.\cache\eaccelerator-5b5503392869fab6a8df62bec95a4fdd
C:\WINDOWS\TEMP.\cache\eaccelerator-71660b361e11f242445d0af240799222
C:\WINDOWS\TEMP.\cache\eaccelerator-8696f4f4681621504fe37f6aafc42e1a
C:\WINDOWS\TEMP.\cache\eaccelerator-8d2367f5756d8f5adc28af09662dc0c3
C:\WINDOWS\TEMP.\cache\eaccelerator-8e3623f574bc8dce863efc2efb7c4b91
C:\WINDOWS\TEMP.\cache\eaccelerator-b624b1350118a2b5347b49d83bd22fa2
C:\WINDOWS\TEMP.\cache\eaccelerator-b7a41ad6c37cc8ad25fa7011dbccd96a
C:\WINDOWS\TEMP.\cache\eaccelerator-b962f659491a64b6edbdaf2f46c5551d
C:\WINDOWS\TEMP.\cache\eaccelerator-f484423326116e131c593117b8cc3bbf
C:\WINDOWS\TEMP.\cache\eaccelerator-f4faabb9e33a0dbd968a332237d20c0b
C:\WINDOWS\TEMP.\cache\eaccelerator-f51007e4be581987078ff5cf14b44aa3
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_NWSAPAGENT
-------\NwSapAgent
((((((((((((((((((((((((( Files Created from 2007-10-17 to 2007-11-17 )))))))))))))))))))))))))))))))
.
2007-11-17 21:18 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-11 12:47 <DIR> d-a------ C:\WINDOWS\system32\systems.txt
2007-11-10 23:40 <DIR> d-------- C:\Program Files\DreamSoft Firewall
2007-11-06 19:34 <DIR> d-------- C:\Documents and Settings\Hassmannova\Saved Games
2007-11-06 18:32 <DIR> d-------- C:\Program Files\JewelofAtlantisTrial_at
2007-11-05 21:59 <DIR> d-------- C:\Program Files\RiseofAtlantis_at
2007-10-31 23:05 <DIR> d-------- C:\Program Files\Kyodai
2007-10-31 00:31 <DIR> d-------- C:\Program Files\2004 Mahjongg Lite 3
2007-10-30 21:05 <DIR> d-------- C:\Program Files\Oberon Media
2007-10-29 15:05 <DIR> d-------- C:\Program Files\FreeCall.com
2007-10-27 14:00 <DIR> d-------- C:\Program Files\Office-Web
2007-10-27 14:00 1,089,536 --a------ C:\WINDOWS\system32\XWheel.dll
2007-10-27 14:00 425,984 --a------ C:\WINDOWS\system32\MousePage.dll
2007-10-27 14:00 114,688 --a------ C:\WINDOWS\system32\Hook.dll
2007-10-27 14:00 25,216 --a------ C:\WINDOWS\system32\drivers\HidMouse.sys
2007-10-26 14:59 <DIR> d-------- C:\Program Files\Adam
2007-10-26 14:44 <DIR> d-------- C:\Program Files\Evil Player
2007-10-26 14:37 <DIR> d-------- C:\Program Files\smplayer
2007-10-26 14:24 <DIR> d-------- C:\Program Files\iTunes
2007-10-26 14:24 <DIR> d-------- C:\Program Files\iPod
2007-10-19 21:53 <DIR> d-------- C:\SSB2000
2007-10-19 15:23 <DIR> d-------- C:\Program Files\AgSVB_w32.100
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-17 20:24 --------- d-----w C:\Program Files\ICQToolbar
2007-11-17 19:17 --------- d-----w C:\Program Files\WinClamAVShield
2007-11-17 00:32 --------- d-----w C:\Program Files\Spyware Terminator
2007-11-10 22:50 --------- d-----w C:\Program Files\Yahoo!
2007-11-10 22:45 --------- d-----w C:\Program Files\Comodo
2007-11-10 22:39 249,856 ------w C:\WINDOWS\Setup1.exe
2007-11-10 17:16 --------- d-----w C:\Program Files\ICQ6
2007-11-04 22:48 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-31 21:36 --------- d-----w C:\Program Files\Mozilla Thunderbird
2007-10-31 01:31 --------- d-----w C:\Program Files\totalcmd
2007-10-27 13:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-22 16:44 --------- d-----w C:\Program Files\Noční obloha
2007-10-19 18:02 --------- d-----w C:\Program Files\Diar
2007-10-16 12:16 --------- d-----w C:\Program Files\Picasa2
2007-10-04 20:44 --------- d-----w C:\Program Files\MeanCity
2007-10-04 20:44 --------- d-----w C:\Program Files\Jongi Jongo 2
2007-10-03 23:43 --------- d-----w C:\Program Files\RegCleaner
2007-10-02 23:30 --------- d-----w C:\Program Files\VV3
2007-10-02 23:30 --------- d-----w C:\Program Files\Recepty doma
2007-10-02 23:30 --------- d-----w C:\Program Files\JetMailMonitor
2007-10-02 23:30 --------- d-----w C:\Program Files\ICQ621_13_44
2007-10-02 22:56 --------- d-----w C:\Program Files\CCleaner
2007-09-30 16:39 --------- d-----w C:\Program Files\Landi 2000
2007-09-28 10:43 --------- d-----w C:\Program Files\Photo Story 3 for Windows
2007-09-28 00:30 --------- d-----w C:\Program Files\IconTweaker
2007-09-22 16:09 --------- d-----w C:\Program Files\MSN Apps
2007-09-22 15:29 --------- d-----w C:\Program Files\Apple Software Update
2007-09-22 15:28 --------- d-----w C:\Program Files\QuickTime
2007-09-22 15:09 --------- d-----w C:\Program Files\MSN Messenger
2007-09-20 21:04 --------- d-----w C:\Program Files\Windows Live
2007-09-19 17:14 --------- d-----w C:\Program Files\IVT Corporation
2007-09-19 16:37 --------- d-----w C:\Program Files\BenQ
2007-09-03 14:28 24 ----a-w C:\skin.dat
2007-09-03 14:26 589 ----a-w C:\svideo.dat
2007-09-03 14:24 208 ----a-w C:\smp3.dat
2007-09-03 14:22 5,040 ----a-w C:\radia.dat
2007-03-05 10:34 15,076,196 ----a-w C:\Program Files\setup.dat
2007-03-05 10:33 1,085 ----a-w C:\Program Files\info.xml
2007-03-01 12:58 12,427 ----a-w C:\Program Files\setup.lng
2007-02-26 09:43 2,595,944 ----a-w C:\Program Files\setupweb.dat
2007-02-22 07:06 5,800,927 ----a-w C:\Program Files\setupav.dat
2007-02-22 07:06 4,772,154 ----a-w C:\Program Files\setupphp.dat
2007-02-22 07:06 1,084,946 ----a-w C:\Program Files\setupldap.dat
2007-02-07 11:23 3,983 ----a-w C:\Program Files\license.txt
2007-01-08 19:18 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2006-10-25 15:11 705,584 ----a-w C:\Program Files\releasenotes.txt
2006-10-07 20:14 104,465 ----a-w C:\Program Files\releasenotes_webmail.txt
2006-07-27 16:04 1,690 ----a-w C:\Program Files\INSTALL.LOG
2006-07-25 06:46 1,865 ----a-w C:\Program Files\readme.txt
2005-03-17 09:42 589 ----a-w C:\Program Files\svideo.dat
2000-12-10 08:02 301,328 ----a-w C:\Documents and Settings\Hassmannova\ALBIERO2.EXE
2000-11-24 19:41 0 ----a-w C:\Documents and Settings\Hassmannova\VLOBJEKT.DAT
2000-11-12 09:48 175 ----a-w C:\Documents and Settings\Hassmannova\METEORY.DAT
2000-08-20 18:37 22 ----a-w C:\Documents and Settings\Hassmannova\BARVY.DAT
2000-06-08 18:37 4,776 ----a-w C:\Documents and Settings\Hassmannova\RECKA3.DAT
2000-06-03 13:58 3,048 ----a-w C:\Documents and Settings\Hassmannova\RECKA2.DAT
2000-05-25 19:01 2,592 ----a-w C:\Documents and Settings\Hassmannova\POLMAGTB.DAT
2000-05-25 18:59 1,728 ----a-w C:\Documents and Settings\Hassmannova\BLOKYT_B.DAT
2000-04-12 14:18 2,592 ----a-w C:\Documents and Settings\Hassmannova\POLMAGT.DAT
2000-04-12 14:09 1,728 ----a-w C:\Documents and Settings\Hassmannova\BLOKYT.DAT
2000-03-26 10:28 70,848 ----a-w C:\Documents and Settings\Hassmannova\PROM3.DAT
2000-03-26 10:28 19,926 ----a-w C:\Documents and Settings\Hassmannova\KDEPROM3.DAT
2000-03-19 07:57 28,386 ----a-w C:\Documents and Settings\Hassmannova\TYPPROM.DAT
2000-03-15 12:33 7,854 ----a-w C:\Documents and Settings\Hassmannova\HRANSOUH.DAT
2000-03-15 12:24 21,796 ----a-w C:\Documents and Settings\Hassmannova\CONLINES.DAT
2000-03-11 09:46 17,622 ----a-w C:\Documents and Settings\Hassmannova\POSNGC.DAT
2000-03-11 08:49 55,803 ----a-w C:\Documents and Settings\Hassmannova\NGC.DAT
2000-03-11 08:49 5,738 ----a-w C:\Documents and Settings\Hassmannova\NAMENGC.DAT
2000-03-09 14:55 125,570 ----a-w C:\Documents and Settings\Hassmannova\NKDEBIN.DAT
2000-03-09 14:54 87,899 ----a-w C:\Documents and Settings\Hassmannova\NEWBIN.DAT
2000-03-09 14:54 74,135 ----a-w C:\Documents and Settings\Hassmannova\NEWB.DAT
2000-03-02 19:54 10,896 ----a-w C:\Documents and Settings\Hassmannova\NEWJMEN.DAT
2000-03-02 17:59 27,952 ----a-w C:\Documents and Settings\Hassmannova\KDEBIN.DAT
2000-03-01 18:14 43,622 ----a-w C:\Documents and Settings\Hassmannova\NEWFLAM.DAT
2000-03-01 17:54 27,306 ----a-w C:\Documents and Settings\Hassmannova\NEWREC.DAT
2000-02-27 18:23 888 ----a-w C:\Documents and Settings\Hassmannova\RECKA.DAT
2000-02-17 16:12 3,492 ----a-w C:\Documents and Settings\Hassmannova\MISTA.DAT
2000-02-17 07:54 6,048 ----a-w C:\Documents and Settings\Hassmannova\POLMAG.DAT
2000-02-16 18:14 3,455,245 ----a-w C:\Documents and Settings\Hassmannova\SAO_PRV.DAT
2000-02-16 18:13 1,272,985 ----a-w C:\Documents and Settings\Hassmannova\INFHVEZ.DAT
2000-02-16 18:12 1,728 ----a-w C:\Documents and Settings\Hassmannova\BLOKY.DAT
2000-02-11 19:25 64,350 ----a-w C:\Documents and Settings\Hassmannova\PLANETKY.DAT
2000-02-05 12:05 20,808 ----a-w C:\Documents and Settings\Hassmannova\MAR.DAT
2000-02-02 15:16 132,440 ----a-w C:\Documents and Settings\Hassmannova\SOUHVHYP.DAT
2000-02-02 12:22 23,328 ----a-w C:\Documents and Settings\Hassmannova\SAT.DAT
2000-02-02 12:13 131,072 ----a-w C:\Documents and Settings\Hassmannova\JUP.DAT
2000-02-02 11:09 259,200 ----a-w C:\Documents and Settings\Hassmannova\VEN.DAT
2000-02-02 11:07 11,628 ----a-w C:\Documents and Settings\Hassmannova\MER.DAT
1999-10-21 13:01 1,036,800 ----a-w C:\Documents and Settings\Hassmannova\MESIC.DAT
1999-01-29 06:58 880 ----a-w C:\Documents and Settings\Hassmannova\TEXTSIZE.DAT
2006-09-20 15:53:13 88 --sh--r C:\WINDOWS\system32\029F65E805.sys
2006-09-20 15:53:18 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-06-23 14:59]
"AGRSMMSG"="AGRSMMSG.exe" [2002-09-25 11:44 C:\WINDOWS\AGRSMMSG.exe]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2007-08-28 19:12]
"DreamSoft FW"="C:\Program Files\DreamSoft Firewall\DS_FW.exe" [2004-05-15 15:53]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 14:49]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCPL"=0 (0x0)
"DisableRegedit"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsHistory"=0 (0x0)
"NoRecentDocsMenu"=0 (0x0)
"NoFavoritesMenu"=0 (0x0)
"NoLogOff"=0 (0x0)
"NoSetFolders"=0 (0x0)
"NoSetActiveDesktop"=0 (0x0)
"NoAddPrinter"=0 (0x0)
"NoDeletePrinter"=0 (0x0)
"NoPrinterTabs"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"=C:\Program Files\Google\Gmail Notifier\gnotify.exe
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys
R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\system32\drivers\kbfilter.sys
R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
R3 Cap7134;MuchTV Plus Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys
R3 HidMouse;HidMouse;C:\WINDOWS\system32\Drivers\HidMouse.sys
R3 PhTVTune;MuchTV Plus TVTuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
S2 713xTVCard;SAA7134 TV Card;C:\WINDOWS\system32\DRIVERS\SAA713x.sys
S3 BOCDRIVE;BOClean Kernel Monitor.;\??\C:\Program Files\Comodo\CBOClean\BOCDRIVE.sys
S3 BTNetFilter;Bluetooth Network Filter;\??\C:\WINDOWS\system32\drivers\BTNetFilter.sys
.
Contents of the 'Scheduled Tasks' folder
"2007-09-22 15:29:40 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-05-18 15:05:56 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1154009832.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-17 21:34:15
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-17 21:36:27 - machine was rebooted
.
--- E O F ---
matheba
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
Kdo je online
Uživatelé prohlížející si toto fórum: buchtik a 10 hostů