Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Free Download Manager\fum\fum.exe
C:\Program Files\Free Download Manager\FUM\fumoei.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Ashampoo\Ashampoo Magic Defrag\bin\aDefragCtrl.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Program Files\Spyware Terminator\SpywareTerminator.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: (no name) - {05FC1F54-F0C1-41EF-8785-8AE5E079C439} - c:\windows\system32\dsprpresj.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6CDA3ECA-1886-42F4-80D1-173BC4F3527D} - C:\WINDOWS\system32\d3d9o.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S83.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [FreeCall] "C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [Free Upload Manager] "C:\Program Files\Free Download Manager\fum\fum.exe" -autorun
O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Ashampoo Magic Defrag.lnk = C:\Program Files\Ashampoo\Ashampoo Magic Defrag\bin\aDefragCtrl.exe
O4 - Global Startup: viphone communicator.lnk = C:\Program Files\viphone communicator\viphone communicator.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout Free Download Managerem - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Stáhnout video Free Download Managerem - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Stáhnout vybrané Free Download Managerem - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Stáhnout vše Free Download Managerem - file://C:\Program Files\Free Download Manager\dlall.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - AppInit_DLLs:
O20 - Winlogon Notify: sotmtpvn - C:\WINDOWS\SYSTEM32\dsprpresj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
--
End of file - 11229 bytes
PLS o kontrolu logu Díky
-
Tivallacek
- nováček
- Příspěvky: 12
- Registrován: prosinec 07
- Pohlaví:
- Stav:
Offline
-
bellatrix
- Level 2
- Příspěvky: 225
- Registrován: březen 07
- Bydliště: mám
- Pohlaví:
- Stav:
Offline
- Kontakt:
fix v hjt:
O2 - BHO: (no name) - {05FC1F54-F0C1-41EF-8785-8AE5E079C439} - c:\windows\system32\dsprpresj.dll
O2 - BHO: (no name) - {6CDA3ECA-1886-42F4-80D1-173BC4F3527D} - C:\WINDOWS\system32\d3d9o.dll
O20 - AppInit_DLLs:
O20 - Winlogon Notify: sotmtpvn - C:\WINDOWS\SYSTEM32\dsprpresj.dll
+ doinstaluj firewall
po restarte vloz novy log z hijackthis aj s hlavickou
O2 - BHO: (no name) - {05FC1F54-F0C1-41EF-8785-8AE5E079C439} - c:\windows\system32\dsprpresj.dll
O2 - BHO: (no name) - {6CDA3ECA-1886-42F4-80D1-173BC4F3527D} - C:\WINDOWS\system32\d3d9o.dll
O20 - AppInit_DLLs:
O20 - Winlogon Notify: sotmtpvn - C:\WINDOWS\SYSTEM32\dsprpresj.dll
+ doinstaluj firewall
po restarte vloz novy log z hijackthis aj s hlavickou
*´¨)
¸.•´¸.•*´¨) ¸.•*¨)
(¸.•´ (¸.•Pokiaľ ide všetko podľa plánu, niekde sa stala chyba..
MWAV || Killbox || Avenger|| SmitFraudFix || SDFix
¸.•´¸.•*´¨) ¸.•*¨)
(¸.•´ (¸.•Pokiaľ ide všetko podľa plánu, niekde sa stala chyba..
MWAV || Killbox || Avenger|| SmitFraudFix || SDFix
-
Tivallacek
- nováček
- Příspěvky: 12
- Registrován: prosinec 07
- Pohlaví:
- Stav:
Offline
Prosím o kontrolu logu(zpomaluje se mi internet)Děkuji
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:30:49, on 4.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Free Download Manager\fum\fum.exe
C:\Program Files\Free Download Manager\FUM\fumoei.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Ashampoo\Ashampoo Magic Defrag\bin\aDefragCtrl.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... p=aus&qkw=%s&tbid=60327
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60327
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60327
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: (no name) - {05FC1F54-F0C1-41EF-8785-8AE5E079C439} - c:\windows\system32\dsprpresj.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6CDA3ECA-1886-42F4-80D1-173BC4F3527D} - C:\WINDOWS\system32\d3d9o.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S83.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [FreeCall] "C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [Free Upload Manager] "C:\Program Files\Free Download Manager\fum\fum.exe" -autorun
O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Ashampoo Magic Defrag.lnk = C:\Program Files\Ashampoo\Ashampoo Magic Defrag\bin\aDefragCtrl.exe
O4 - Global Startup: viphone communicator.lnk = C:\Program Files\viphone communicator\viphone communicator.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout Free Download Managerem - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Stáhnout video Free Download Managerem - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Stáhnout vybrané Free Download Managerem - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Stáhnout vše Free Download Managerem - file://C:\Program Files\Free Download Manager\dlall.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://ols.o2active.cz/scanner/fscax.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - Winlogon Notify: sotmtpvn - C:\WINDOWS\SYSTEM32\dsprpresj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ThreatFire - Unknown owner - C:\Program Files\ThreatFire\TFService.exe (file missing)
--
End of file - 12000 bytes
Scan saved at 0:30:49, on 4.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Free Download Manager\fum\fum.exe
C:\Program Files\Free Download Manager\FUM\fumoei.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Ashampoo\Ashampoo Magic Defrag\bin\aDefragCtrl.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... p=aus&qkw=%s&tbid=60327
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60327
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60327
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: (no name) - {05FC1F54-F0C1-41EF-8785-8AE5E079C439} - c:\windows\system32\dsprpresj.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6CDA3ECA-1886-42F4-80D1-173BC4F3527D} - C:\WINDOWS\system32\d3d9o.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S83.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [FreeCall] "C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [Free Upload Manager] "C:\Program Files\Free Download Manager\fum\fum.exe" -autorun
O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Ashampoo Magic Defrag.lnk = C:\Program Files\Ashampoo\Ashampoo Magic Defrag\bin\aDefragCtrl.exe
O4 - Global Startup: viphone communicator.lnk = C:\Program Files\viphone communicator\viphone communicator.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout Free Download Managerem - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Stáhnout video Free Download Managerem - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Stáhnout vybrané Free Download Managerem - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Stáhnout vše Free Download Managerem - file://C:\Program Files\Free Download Manager\dlall.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://ols.o2active.cz/scanner/fscax.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - Winlogon Notify: sotmtpvn - C:\WINDOWS\SYSTEM32\dsprpresj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ThreatFire - Unknown owner - C:\Program Files\ThreatFire\TFService.exe (file missing)
--
End of file - 12000 bytes
Tak to fixnutí nepomohlo. Udělej postup s SDFixem z této stránky: http://www.paul27.ic.cz/navody.html
pak vlož log, který ti to vyhodí a nový hijackthis.
pak vlož log, který ti to vyhodí a nový hijackthis.
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
SDFix nedělej vlož sem log z:
Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
-
Tivallacek
- nováček
- Příspěvky: 12
- Registrován: prosinec 07
- Pohlaví:
- Stav:
Offline
Prosím o kontrolu logu díky
ComboFix 08-01-04.1 - Fanda 2008-01-06 3:33:42.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.406 [GMT 1:00]
Running from: C:\Downloads\Software\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\dsprpresj.dll . . . . failed to delete
.
((((((((((((((((((((((((( Files Created from 2007-12-06 to 2008-01-06 )))))))))))))))))))))))))))))))
.
2008-01-06 03:30 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-03 13:39 . 2008-01-03 13:41 <DIR> d-------- C:\Program Files\Shadowgrounds
2008-01-03 02:55 . 2008-01-03 10:15 <DIR> d-------- C:\Program Files\ThreatFire
2008-01-03 02:55 . 2007-12-20 11:13 12,608 --a------ C:\WINDOWS\system32\drivers\TfKbMon.sys
2008-01-03 01:38 . 2008-01-03 01:38 <DIR> d-------- C:\Program Files\Crawler
2008-01-03 00:58 . 2008-01-03 00:58 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-03 00:57 . 2008-01-03 00:57 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-02 13:36 . 2008-01-02 13:36 1,188,375 --a------ C:\WINDOWS\system32\libeay32.dll
2008-01-02 13:36 . 2008-01-02 13:36 741,632 --a------ C:\WINDOWS\system32\uqdrgeyi.dat
2008-01-02 13:36 . 2008-01-02 13:36 246,545 --a------ C:\WINDOWS\system32\libssl32.dll
2008-01-02 13:36 . 2008-01-02 13:36 42,240 --a------ C:\WINDOWS\system32\geakzivi.dat
2008-01-02 13:36 . 2008-01-02 13:36 36,096 --a------ C:\WINDOWS\system32\nqvxnufe.dat
2008-01-02 13:36 . 2008-01-02 13:36 35,072 --a------ C:\WINDOWS\system32\yllathzu.dat
2008-01-02 01:59 . 2008-01-02 01:59 <DIR> d-------- C:\Program Files\ImgBurn
2008-01-02 01:56 . 2008-01-02 01:56 <DIR> d-------- C:\Uninstall
2008-01-01 18:49 . 2008-01-01 18:49 <DIR> d-------- C:\Program Files\Zoner
2008-01-01 13:28 . 2008-01-01 13:28 120,576 --a------ C:\WINDOWS\system32\wkpcxouw.dat
2008-01-01 13:21 . 2004-08-17 14:48 83,968 --a------ C:\WINDOWS\system32\dsprpresj.dll
2008-01-01 13:21 . 19,584 C:\WINDOWS\system32\drivers\inkadhef.dat
2008-01-01 13:20 . 2004-08-17 14:49 84,992 --a------ C:\WINDOWS\system32\d3d9o.dll
2008-01-01 02:50 . 2008-01-03 02:51 <DIR> d-------- C:\Downloads
2007-12-31 09:43 . 2004-08-17 15:49 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-12-31 09:43 . 2001-10-24 12:25 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-12-31 00:16 . 2007-12-31 00:16 <DIR> d-------- C:\Program Files\Free Download Manager
2007-12-31 00:15 . 2007-12-31 00:15 <DIR> d-------- C:\Program Files\Yahoo!
2007-12-30 23:57 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-30 23:56 . 2007-12-30 23:57 <DIR> d-------- C:\Program Files\Java
2007-12-30 23:56 . 2007-12-30 23:56 <DIR> d-------- C:\Program Files\Common Files\Java
2007-12-30 23:00 . 2007-12-30 23:00 <DIR> d-------- C:\Program Files\Registry Repair
2007-12-30 22:10 . 2008-01-02 01:35 1,834 --a------ C:\WINDOWS\CDPLAYER.UNI
2007-12-30 22:06 . 2007-12-30 22:06 <DIR> d-------- C:\WINDOWS\Easy CD-DA Extractor 11
2007-12-30 22:06 . 2007-12-30 22:06 <DIR> d-------- C:\Program Files\Easy CD-DA Extractor 11
2007-12-24 22:13 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-12-23 14:34 . 2007-12-23 14:34 <DIR> d-------- C:\Program Files\viphone communicator
2007-12-23 14:34 . 2006-11-07 17:22 1,531,904 --a------ C:\WINDOWS\system32\EMIpp.dll
2007-12-23 14:34 . 2006-11-07 17:22 1,441,792 --a------ C:\WINDOWS\system32\EMSipAx.ocx
2007-12-23 14:34 . 2006-11-07 17:22 1,089,536 --a------ C:\WINDOWS\system32\EMSSip.dll
2007-12-23 14:34 . 2006-11-07 17:22 405,504 --a------ C:\WINDOWS\system32\EMHidHandset.dll
2007-12-23 14:34 . 2006-11-07 17:22 356,352 --a------ C:\WINDOWS\system32\EMLSip.dll
2007-12-23 14:34 . 2006-11-07 17:22 307,200 --a------ C:\WINDOWS\system32\EMHandsetManager.dll
2007-12-23 14:34 . 2006-11-07 17:22 286,720 --a------ C:\WINDOWS\system32\EMTJNetHandset.dll
2007-12-23 14:34 . 2006-11-07 17:22 258,048 --a------ C:\WINDOWS\system32\EMPlugInManager.dll
2007-12-23 14:34 . 2006-11-07 17:22 212,992 --a------ C:\WINDOWS\system32\TjIpSys.dll
2007-12-23 14:34 . 2006-11-07 17:22 188,416 --a------ C:\WINDOWS\system32\EMRSip.dll
2007-12-21 17:00 . 2007-12-21 17:00 <DIR> d-------- C:\Program Files\Common Files\Canon
2007-12-21 17:00 . 2007-12-21 17:02 <DIR> d-------- C:\Program Files\Canon
2007-12-18 16:43 . 2007-12-18 16:44 <DIR> d-------- C:\totalcmd
2007-12-18 16:43 . 2007-05-03 07:00 545 --a------ C:\WINDOWS\UC.PIF
2007-12-18 16:43 . 2007-05-03 07:00 545 --a------ C:\WINDOWS\RAR.PIF
2007-12-18 16:43 . 2007-05-03 07:00 545 --a------ C:\WINDOWS\PKZIP.PIF
2007-12-18 16:43 . 2007-05-03 07:00 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2007-12-18 16:43 . 2007-05-03 07:00 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2007-12-18 16:43 . 2007-05-03 07:00 545 --a------ C:\WINDOWS\LHA.PIF
2007-12-18 16:43 . 2007-05-03 07:00 545 --a------ C:\WINDOWS\ARJ.PIF
2007-12-18 16:43 . 2008-01-02 01:46 384 --a------ C:\WINDOWS\wincmd.ini
2007-12-15 14:36 . 2007-12-15 14:36 <DIR> d-------- C:\Program Files\Common Files\DirectX
2007-12-10 21:00 . 2007-12-14 21:49 <DIR> d-------- C:\Temp
2007-12-10 20:39 . 2007-12-10 20:39 <DIR> d-------- C:\Program Files\ICQToolbar
2007-12-10 20:39 . 2007-12-16 14:08 <DIR> d-------- C:\Program Files\ICQLite
2007-12-10 16:57 . 2007-12-10 16:57 <DIR> d-------- C:\Program Files\COMODO
2007-12-10 16:57 . 2007-12-10 16:57 139,008 --a------ C:\WINDOWS\system32\guard32.dll
2007-12-10 16:21 . 2007-12-10 16:21 24 ---hs---- C:\WINDOWS\S5A46C5E6.tmp
2007-12-10 16:20 . 2007-12-10 16:20 <DIR> d-------- C:\Program Files\Elaborate Bytes
2007-12-10 15:38 . 2007-12-10 15:38 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-10 15:23 . 2007-12-10 15:23 <DIR> d-------- C:\Program Files\CCleaner
2007-12-10 15:19 . 2007-11-26 15:31 <DIR> d--h----- C:\Documents and Settings\Administrator\ćablony
2007-12-10 15:19 . 2007-11-26 16:25 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2007-12-10 15:19 . 2007-11-26 16:25 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolnˇ tisk rny
2007-12-10 15:19 . 2007-11-26 16:25 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolnˇ sˇś
2007-12-10 15:19 . 2007-12-10 15:19 <DIR> dr------- C:\Documents and Settings\Administrator\Oblˇben‚ polo§ky
2007-12-10 15:19 . 2007-11-26 16:25 <DIR> dr------- C:\Documents and Settings\Administrator\Nabˇdka Start
2007-12-10 15:19 . 2007-12-10 15:19 <DIR> dr------- C:\Documents and Settings\Administrator\Dokumenty
2007-12-10 15:19 . 2007-12-10 15:19 <DIR> dr-h----- C:\Documents and Settings\Administrator\Data aplikacˇ
2007-12-10 15:19 . 2004-08-17 14:49 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-12-10 14:49 . 2007-12-10 14:50 <DIR> d-------- C:\Program Files\Rally Championship Xtreme
2007-12-09 14:29 . 2007-12-09 14:29 <DIR> d-------- C:\Program Files\ICQ6
2007-12-09 12:54 . 2007-12-09 12:54 1,158 --a------ C:\WINDOWS\mozver.dat
2007-12-09 12:53 . 2007-12-09 12:53 0 --a------ C:\WINDOWS\nsreg.dat
2007-12-09 12:42 . 2007-12-09 12:42 <DIR> d-------- C:\Program Files\Skype
2007-12-09 12:42 . 2007-12-09 12:42 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-12-09 12:39 . 2007-12-09 12:39 <DIR> d-------- C:\Program Files\FreeCall.com
2007-12-08 11:42 . 2007-12-08 11:42 20 --a------ C:\WINDOWS\level.ini
2007-12-08 10:44 . 2007-12-08 10:44 <DIR> d-------- C:\Program Files\Eidos Interactive
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-05 21:01 --------- d-----w C:\Program Files\eMule
2008-01-02 00:44 --------- d-----w C:\Program Files\Ashampoo
2007-12-30 07:28 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-02 10:26 --------- d-----w C:\Program Files\Google
2007-12-01 16:38 --------- d-----w C:\Program Files\AML Products
2007-12-01 13:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-01 13:00 --------- d-----w C:\Program Files\Samsung
2007-11-30 23:46 --------- d-----w C:\Program Files\PrivacyEraser Computing
2007-11-29 05:59 --------- d-----w C:\Program Files\GRETECH
2007-11-29 05:40 --------- d-----w C:\Program Files\Common Files\AVSMedia
2007-11-29 05:40 --------- d-----w C:\Program Files\AVSMedia
2007-11-28 05:52 --------- d-----w C:\Program Files\Lavalys
2007-11-27 08:46 --------- d-----w C:\Program Files\epson
2007-11-27 06:14 --------- d-----w C:\Program Files\Xvid
2007-11-27 06:14 --------- d-----w C:\Program Files\DVDFab HD Decrypter 3
2007-11-27 05:57 --------- d-----w C:\Program Files\K-Lite Codec Pack
2007-11-27 05:55 --------- d-----w C:\Program Files\VideoLAN
2007-11-26 15:18 --------- d-----w C:\Program Files\uTorrent
2007-11-26 15:13 --------- d-----w C:\Program Files\Microsoft Works
2007-11-26 15:12 --------- d-----w C:\Program Files\MSBuild
2007-11-26 15:12 --------- d-----w C:\Program Files\Microsoft.NET
2007-11-26 15:10 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2007-11-26 15:03 --------- d-----w C:\Program Files\Common Files\Ahead
2007-11-26 15:01 --------- d-----w C:\Program Files\Nero
2007-11-26 14:57 --------- d-----w C:\Program Files\Alwil Software
2007-11-26 14:53 --------- d-----w C:\Program Files\ATI Technologies
2007-11-26 14:51 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-11-26 14:51 --------- d-----w C:\Program Files\Common Files\ATI Technologies
2007-11-26 14:44 --------- d-----w C:\Program Files\Driver
2007-11-26 14:41 315,392 ----a-w C:\WINDOWS\HideWin.exe
2007-11-26 14:41 --------- d-----w C:\Program Files\Realtek
2007-11-26 14:35 --------- d-----w C:\Program Files\microsoft frontpage
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{05FC1F54-F0C1-41EF-8785-8AE5E079C439}]
2004-08-17 14:48 83968 --a------ c:\windows\system32\dsprpresj.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6CDA3ECA-1886-42F4-80D1-173BC4F3527D}]
2004-08-17 14:49 84992 --a------ C:\WINDOWS\system32\d3d9o.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 14:49 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 18:05 143360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-02 09:40 68856]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-08-17 03:45 23120680]
"FreeCall"="C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" [2007-04-17 14:28 7247408]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [2007-10-28 21:49 2445359]
"Free Upload Manager"="C:\Program Files\Free Download Manager\fum\fum.exe" [2007-07-29 19:13 253952]
"Free Uploader Oe Integration"="C:\Program Files\Free Download Manager\FUM\fumoei.exe" [2007-06-10 18:02 40960]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-17 15:58 1667584]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-27 19:12 3142236]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-02-26 15:03 16125440 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 2879488 C:\WINDOWS\SkyTel.exe]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-10-25 17:20 79224]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-27 19:12 3142236]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 13:06 40048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2008-01-03 21:20 1115728]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 14:49 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sotmtpvn]
dsprpresj.dll 2004-08-17 14:48 83968 C:\WINDOWS\system32\dsprpresj.dll
R0 nehocgxp;nehocgxp;C:\WINDOWS\system32\drivers\inkadhef.dat []
R1 BIOS;BIOS;C:\WINDOWS\system32\drivers\BIOS.sys [2005-03-16 07:23]
R3 mssmbios;Ovladač Microsoft System Management BIOS;C:\WINDOWS\system32\DRIVERS\mssmbios.sys [2004-08-17 14:57]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 22:04]
S0 TfFsMon;TfFsMon;C:\WINDOWS\system32\drivers\TfFsMon.sys []
S0 TfSysMon;TfSysMon;C:\WINDOWS\system32\drivers\TfSysMon.sys []
S2 ThreatFire;ThreatFire;C:\Program Files\ThreatFire\TFService.exe service []
S2 waufpnmp;Microsoft UAA Bus for High Definition AudioMonitor;C:\WINDOWS\System32\svchost.exe [2004-08-17 14:49]
S3 TfNetMon;TfNetMon;C:\WINDOWS\system32\drivers\TfNetMon.sys []
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
waufpnmp
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-06 03:37:26
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-06 3:38:41 - machine was rebooted [Fanda]
ComboFix-quarantined-files.txt 2008-01-06 02:38:38
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.406 [GMT 1:00]
Running from: C:\Downloads\Software\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\dsprpresj.dll . . . . failed to delete
.
((((((((((((((((((((((((( Files Created from 2007-12-06 to 2008-01-06 )))))))))))))))))))))))))))))))
.
2008-01-06 03:30 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-03 13:39 . 2008-01-03 13:41 <DIR> d-------- C:\Program Files\Shadowgrounds
2008-01-03 02:55 . 2008-01-03 10:15 <DIR> d-------- C:\Program Files\ThreatFire
2008-01-03 02:55 . 2007-12-20 11:13 12,608 --a------ C:\WINDOWS\system32\drivers\TfKbMon.sys
2008-01-03 01:38 . 2008-01-03 01:38 <DIR> d-------- C:\Program Files\Crawler
2008-01-03 00:58 . 2008-01-03 00:58 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-03 00:57 . 2008-01-03 00:57 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-02 13:36 . 2008-01-02 13:36 1,188,375 --a------ C:\WINDOWS\system32\libeay32.dll
2008-01-02 13:36 . 2008-01-02 13:36 741,632 --a------ C:\WINDOWS\system32\uqdrgeyi.dat
2008-01-02 13:36 . 2008-01-02 13:36 246,545 --a------ C:\WINDOWS\system32\libssl32.dll
2008-01-02 13:36 . 2008-01-02 13:36 42,240 --a------ C:\WINDOWS\system32\geakzivi.dat
2008-01-02 13:36 . 2008-01-02 13:36 36,096 --a------ C:\WINDOWS\system32\nqvxnufe.dat
2008-01-02 13:36 . 2008-01-02 13:36 35,072 --a------ C:\WINDOWS\system32\yllathzu.dat
2008-01-02 01:59 . 2008-01-02 01:59 <DIR> d-------- C:\Program Files\ImgBurn
2008-01-02 01:56 . 2008-01-02 01:56 <DIR> d-------- C:\Uninstall
2008-01-01 18:49 . 2008-01-01 18:49 <DIR> d-------- C:\Program Files\Zoner
2008-01-01 13:28 . 2008-01-01 13:28 120,576 --a------ C:\WINDOWS\system32\wkpcxouw.dat
2008-01-01 13:21 . 2004-08-17 14:48 83,968 --a------ C:\WINDOWS\system32\dsprpresj.dll
2008-01-01 13:21 . 19,584 C:\WINDOWS\system32\drivers\inkadhef.dat
2008-01-01 13:20 . 2004-08-17 14:49 84,992 --a------ C:\WINDOWS\system32\d3d9o.dll
2008-01-01 02:50 . 2008-01-03 02:51 <DIR> d-------- C:\Downloads
2007-12-31 09:43 . 2004-08-17 15:49 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-12-31 09:43 . 2001-10-24 12:25 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-12-31 00:16 . 2007-12-31 00:16 <DIR> d-------- C:\Program Files\Free Download Manager
2007-12-31 00:15 . 2007-12-31 00:15 <DIR> d-------- C:\Program Files\Yahoo!
2007-12-30 23:57 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-30 23:56 . 2007-12-30 23:57 <DIR> d-------- C:\Program Files\Java
2007-12-30 23:56 . 2007-12-30 23:56 <DIR> d-------- C:\Program Files\Common Files\Java
2007-12-30 23:00 . 2007-12-30 23:00 <DIR> d-------- C:\Program Files\Registry Repair
2007-12-30 22:10 . 2008-01-02 01:35 1,834 --a------ C:\WINDOWS\CDPLAYER.UNI
2007-12-30 22:06 . 2007-12-30 22:06 <DIR> d-------- C:\WINDOWS\Easy CD-DA Extractor 11
2007-12-30 22:06 . 2007-12-30 22:06 <DIR> d-------- C:\Program Files\Easy CD-DA Extractor 11
2007-12-24 22:13 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-12-23 14:34 . 2007-12-23 14:34 <DIR> d-------- C:\Program Files\viphone communicator
2007-12-23 14:34 . 2006-11-07 17:22 1,531,904 --a------ C:\WINDOWS\system32\EMIpp.dll
2007-12-23 14:34 . 2006-11-07 17:22 1,441,792 --a------ C:\WINDOWS\system32\EMSipAx.ocx
2007-12-23 14:34 . 2006-11-07 17:22 1,089,536 --a------ C:\WINDOWS\system32\EMSSip.dll
2007-12-23 14:34 . 2006-11-07 17:22 405,504 --a------ C:\WINDOWS\system32\EMHidHandset.dll
2007-12-23 14:34 . 2006-11-07 17:22 356,352 --a------ C:\WINDOWS\system32\EMLSip.dll
2007-12-23 14:34 . 2006-11-07 17:22 307,200 --a------ C:\WINDOWS\system32\EMHandsetManager.dll
2007-12-23 14:34 . 2006-11-07 17:22 286,720 --a------ C:\WINDOWS\system32\EMTJNetHandset.dll
2007-12-23 14:34 . 2006-11-07 17:22 258,048 --a------ C:\WINDOWS\system32\EMPlugInManager.dll
2007-12-23 14:34 . 2006-11-07 17:22 212,992 --a------ C:\WINDOWS\system32\TjIpSys.dll
2007-12-23 14:34 . 2006-11-07 17:22 188,416 --a------ C:\WINDOWS\system32\EMRSip.dll
2007-12-21 17:00 . 2007-12-21 17:00 <DIR> d-------- C:\Program Files\Common Files\Canon
2007-12-21 17:00 . 2007-12-21 17:02 <DIR> d-------- C:\Program Files\Canon
2007-12-18 16:43 . 2007-12-18 16:44 <DIR> d-------- C:\totalcmd
2007-12-18 16:43 . 2007-05-03 07:00 545 --a------ C:\WINDOWS\UC.PIF
2007-12-18 16:43 . 2007-05-03 07:00 545 --a------ C:\WINDOWS\RAR.PIF
2007-12-18 16:43 . 2007-05-03 07:00 545 --a------ C:\WINDOWS\PKZIP.PIF
2007-12-18 16:43 . 2007-05-03 07:00 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2007-12-18 16:43 . 2007-05-03 07:00 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2007-12-18 16:43 . 2007-05-03 07:00 545 --a------ C:\WINDOWS\LHA.PIF
2007-12-18 16:43 . 2007-05-03 07:00 545 --a------ C:\WINDOWS\ARJ.PIF
2007-12-18 16:43 . 2008-01-02 01:46 384 --a------ C:\WINDOWS\wincmd.ini
2007-12-15 14:36 . 2007-12-15 14:36 <DIR> d-------- C:\Program Files\Common Files\DirectX
2007-12-10 21:00 . 2007-12-14 21:49 <DIR> d-------- C:\Temp
2007-12-10 20:39 . 2007-12-10 20:39 <DIR> d-------- C:\Program Files\ICQToolbar
2007-12-10 20:39 . 2007-12-16 14:08 <DIR> d-------- C:\Program Files\ICQLite
2007-12-10 16:57 . 2007-12-10 16:57 <DIR> d-------- C:\Program Files\COMODO
2007-12-10 16:57 . 2007-12-10 16:57 139,008 --a------ C:\WINDOWS\system32\guard32.dll
2007-12-10 16:21 . 2007-12-10 16:21 24 ---hs---- C:\WINDOWS\S5A46C5E6.tmp
2007-12-10 16:20 . 2007-12-10 16:20 <DIR> d-------- C:\Program Files\Elaborate Bytes
2007-12-10 15:38 . 2007-12-10 15:38 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-10 15:23 . 2007-12-10 15:23 <DIR> d-------- C:\Program Files\CCleaner
2007-12-10 15:19 . 2007-11-26 15:31 <DIR> d--h----- C:\Documents and Settings\Administrator\ćablony
2007-12-10 15:19 . 2007-11-26 16:25 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2007-12-10 15:19 . 2007-11-26 16:25 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolnˇ tisk rny
2007-12-10 15:19 . 2007-11-26 16:25 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolnˇ sˇś
2007-12-10 15:19 . 2007-12-10 15:19 <DIR> dr------- C:\Documents and Settings\Administrator\Oblˇben‚ polo§ky
2007-12-10 15:19 . 2007-11-26 16:25 <DIR> dr------- C:\Documents and Settings\Administrator\Nabˇdka Start
2007-12-10 15:19 . 2007-12-10 15:19 <DIR> dr------- C:\Documents and Settings\Administrator\Dokumenty
2007-12-10 15:19 . 2007-12-10 15:19 <DIR> dr-h----- C:\Documents and Settings\Administrator\Data aplikacˇ
2007-12-10 15:19 . 2004-08-17 14:49 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-12-10 14:49 . 2007-12-10 14:50 <DIR> d-------- C:\Program Files\Rally Championship Xtreme
2007-12-09 14:29 . 2007-12-09 14:29 <DIR> d-------- C:\Program Files\ICQ6
2007-12-09 12:54 . 2007-12-09 12:54 1,158 --a------ C:\WINDOWS\mozver.dat
2007-12-09 12:53 . 2007-12-09 12:53 0 --a------ C:\WINDOWS\nsreg.dat
2007-12-09 12:42 . 2007-12-09 12:42 <DIR> d-------- C:\Program Files\Skype
2007-12-09 12:42 . 2007-12-09 12:42 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-12-09 12:39 . 2007-12-09 12:39 <DIR> d-------- C:\Program Files\FreeCall.com
2007-12-08 11:42 . 2007-12-08 11:42 20 --a------ C:\WINDOWS\level.ini
2007-12-08 10:44 . 2007-12-08 10:44 <DIR> d-------- C:\Program Files\Eidos Interactive
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-05 21:01 --------- d-----w C:\Program Files\eMule
2008-01-02 00:44 --------- d-----w C:\Program Files\Ashampoo
2007-12-30 07:28 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-02 10:26 --------- d-----w C:\Program Files\Google
2007-12-01 16:38 --------- d-----w C:\Program Files\AML Products
2007-12-01 13:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-01 13:00 --------- d-----w C:\Program Files\Samsung
2007-11-30 23:46 --------- d-----w C:\Program Files\PrivacyEraser Computing
2007-11-29 05:59 --------- d-----w C:\Program Files\GRETECH
2007-11-29 05:40 --------- d-----w C:\Program Files\Common Files\AVSMedia
2007-11-29 05:40 --------- d-----w C:\Program Files\AVSMedia
2007-11-28 05:52 --------- d-----w C:\Program Files\Lavalys
2007-11-27 08:46 --------- d-----w C:\Program Files\epson
2007-11-27 06:14 --------- d-----w C:\Program Files\Xvid
2007-11-27 06:14 --------- d-----w C:\Program Files\DVDFab HD Decrypter 3
2007-11-27 05:57 --------- d-----w C:\Program Files\K-Lite Codec Pack
2007-11-27 05:55 --------- d-----w C:\Program Files\VideoLAN
2007-11-26 15:18 --------- d-----w C:\Program Files\uTorrent
2007-11-26 15:13 --------- d-----w C:\Program Files\Microsoft Works
2007-11-26 15:12 --------- d-----w C:\Program Files\MSBuild
2007-11-26 15:12 --------- d-----w C:\Program Files\Microsoft.NET
2007-11-26 15:10 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2007-11-26 15:03 --------- d-----w C:\Program Files\Common Files\Ahead
2007-11-26 15:01 --------- d-----w C:\Program Files\Nero
2007-11-26 14:57 --------- d-----w C:\Program Files\Alwil Software
2007-11-26 14:53 --------- d-----w C:\Program Files\ATI Technologies
2007-11-26 14:51 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-11-26 14:51 --------- d-----w C:\Program Files\Common Files\ATI Technologies
2007-11-26 14:44 --------- d-----w C:\Program Files\Driver
2007-11-26 14:41 315,392 ----a-w C:\WINDOWS\HideWin.exe
2007-11-26 14:41 --------- d-----w C:\Program Files\Realtek
2007-11-26 14:35 --------- d-----w C:\Program Files\microsoft frontpage
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{05FC1F54-F0C1-41EF-8785-8AE5E079C439}]
2004-08-17 14:48 83968 --a------ c:\windows\system32\dsprpresj.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6CDA3ECA-1886-42F4-80D1-173BC4F3527D}]
2004-08-17 14:49 84992 --a------ C:\WINDOWS\system32\d3d9o.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 14:49 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 18:05 143360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-02 09:40 68856]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-08-17 03:45 23120680]
"FreeCall"="C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" [2007-04-17 14:28 7247408]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [2007-10-28 21:49 2445359]
"Free Upload Manager"="C:\Program Files\Free Download Manager\fum\fum.exe" [2007-07-29 19:13 253952]
"Free Uploader Oe Integration"="C:\Program Files\Free Download Manager\FUM\fumoei.exe" [2007-06-10 18:02 40960]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-17 15:58 1667584]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-27 19:12 3142236]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-02-26 15:03 16125440 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 2879488 C:\WINDOWS\SkyTel.exe]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-10-25 17:20 79224]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-27 19:12 3142236]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 13:06 40048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2008-01-03 21:20 1115728]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 14:49 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sotmtpvn]
dsprpresj.dll 2004-08-17 14:48 83968 C:\WINDOWS\system32\dsprpresj.dll
R0 nehocgxp;nehocgxp;C:\WINDOWS\system32\drivers\inkadhef.dat []
R1 BIOS;BIOS;C:\WINDOWS\system32\drivers\BIOS.sys [2005-03-16 07:23]
R3 mssmbios;Ovladač Microsoft System Management BIOS;C:\WINDOWS\system32\DRIVERS\mssmbios.sys [2004-08-17 14:57]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 22:04]
S0 TfFsMon;TfFsMon;C:\WINDOWS\system32\drivers\TfFsMon.sys []
S0 TfSysMon;TfSysMon;C:\WINDOWS\system32\drivers\TfSysMon.sys []
S2 ThreatFire;ThreatFire;C:\Program Files\ThreatFire\TFService.exe service []
S2 waufpnmp;Microsoft UAA Bus for High Definition AudioMonitor;C:\WINDOWS\System32\svchost.exe [2004-08-17 14:49]
S3 TfNetMon;TfNetMon;C:\WINDOWS\system32\drivers\TfNetMon.sys []
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
waufpnmp
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-06 03:37:26
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-06 3:38:41 - machine was rebooted [Fanda]
ComboFix-quarantined-files.txt 2008-01-06 02:38:38
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
********************************************************************************************************
Otestuj tyto dva soubory na VirusTotall a dej sem výsledky:
C:\WINDOWS\system32\wkpcxouw.dat
C:\WINDOWS\system32\nqvxnufe.dat
Zkopíruj do něj následující text označený zeleně:
Kód: Vybrat vše
Driver::
nehocgxp
File::
C:\WINDOWS\system32\dsprpresj.dll
C:\WINDOWS\system32\drivers\inkadhef.dat
C:\WINDOWS\system32\d3d9o.dll
DirLook::
C:\Temp
C:\WINDOWS\S5A46C5E6.tmp
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{05FC1F54-F0C1-41EF-8785-8AE5E079C439}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6CDA3ECA-1886-42F4-80D1-173BC4F3527D}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sotmtpvn]Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
********************************************************************************************************
Otestuj tyto dva soubory na VirusTotall a dej sem výsledky:
C:\WINDOWS\system32\wkpcxouw.dat
C:\WINDOWS\system32\nqvxnufe.dat
-
Tivallacek
- nováček
- Příspěvky: 12
- Registrován: prosinec 07
- Pohlaví:
- Stav:
Offline
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 7 hostů