Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:24:42, on 11.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.sk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - (no file)
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
--
End of file - 5253 bytes
kontrolu prosiim
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
fixni
v okně programu HJT zaškrtni nalevo u položek co napíšu a potom klik na Fix checked
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - (no file)
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - (no file)
stáhni si killbox
rozbal,spust a do okýnka zkopíruj tučné
C:\WINDOWS\system32\amvo.exe
zaškrtni Delete on Reboot a klikni na křížek.stroj pude do restartu
po restartu pošli nový log z HJT
v okně programu HJT zaškrtni nalevo u položek co napíšu a potom klik na Fix checked
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - (no file)
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - (no file)
stáhni si killbox
rozbal,spust a do okýnka zkopíruj tučné
C:\WINDOWS\system32\amvo.exe
zaškrtni Delete on Reboot a klikni na křížek.stroj pude do restartu
po restartu pošli nový log z HJT
tak som som to fixol ale mam problem ze ten killbox mi jednoducho nejde otvorit ked ho rozbalim a chcem otvorit tak mi vypisuje nejaku chybu ze mi chyba nejaky subor alebo co .tak soom aj s ich www stranky to chcel stiahnut a stalo sa to iste . tak posielam aspon ten log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:41:27, on 13.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.sk/
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
--
End of file - 4962 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:41:27, on 13.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.sk/
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
--
End of file - 4962 bytes
//připojeno k původnímu tématu, vyskytl se další problém.
fredik
Dobry den
mam taky dost velky problem s tymto virusomWin32/Pacex.gen .Zapol som notebook a internet a zrazu mi nod 32 zacal vyhadzovat viry ako na beziacom pase ked jeden dam do karanteny tak vybehne druhy a tak sa to stale opakuje. prosiiim ak niekto pozna tento problem dajte mi nejaku radu.
tak tu je ten log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:41:27, on 13.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.sk/
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
--
End of file - 4962 bytes
fredik
Dobry den
mam taky dost velky problem s tymto virusomWin32/Pacex.gen .Zapol som notebook a internet a zrazu mi nod 32 zacal vyhadzovat viry ako na beziacom pase ked jeden dam do karanteny tak vybehne druhy a tak sa to stale opakuje. prosiiim ak niekto pozna tento problem dajte mi nejaku radu.
tak tu je ten log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:41:27, on 13.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.sk/
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
--
End of file - 4962 bytes
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
tak som to spravil a tu je vysledok
ComboFix 08-01-14.4 - hp 2008-01-14 20:24:53.2 - NTFSx86
Systém Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1033.18.477 [GMT 1:00]
Running from: C:\Documents and Settings\hp\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2007-12-14 to 2008-01-14 )))))))))))))))))))))))))))))))
.
2008-01-14 20:19 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-08 21:59 . 2008-01-08 21:59 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-01-08 21:36 . 2008-01-08 22:36 <DIR> d-------- C:\Program Files\WinClamAVShield
2008-01-08 21:34 . 2008-01-08 22:36 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-01-08 21:25 . 2008-01-13 11:00 <DIR> d-------- C:\Documents and Settings\hp\Application Data\Spyware Terminator
2008-01-08 21:25 . 2008-01-08 22:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-01-08 16:42 . 2008-01-09 00:28 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-08 16:42 . 2008-01-08 16:42 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-26 23:52 . 2008-01-08 21:25 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-12-26 23:52 . 2008-01-08 21:25 <DIR> d-------- C:\Documents and Settings\hp\Application Data\SUPERAntiSpyware.com
2007-12-26 23:52 . 2007-12-26 23:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-26 23:29 . 2007-12-26 23:29 <DIR> d-------- C:\Program Files\ZoneAlarmSB
2007-12-26 23:24 . 2007-12-26 23:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-12-26 23:24 . 2007-12-26 23:29 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-12-26 23:22 . 2008-01-03 20:07 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-12-26 23:21 . 2008-01-03 20:07 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-12-26 18:23 . 2007-12-26 18:23 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-25 13:18 . 2008-01-13 17:32 <DIR> d-------- C:\Documents and Settings\hp\Application Data\U3
2007-12-21 11:54 . 2007-12-21 11:54 <DIR> d-------- C:\Documents and Settings\hp\Application Data\NCH Swift Sound
2007-12-21 11:53 . 2007-12-21 11:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2007-12-21 11:52 . 2007-12-21 11:53 <DIR> d-------- C:\Program Files\NCH Swift Sound
2007-12-21 11:52 . 2007-12-21 11:52 <DIR> d-------- C:\Program Files\NCH Software
2007-12-21 10:50 . 2007-12-21 11:52 <DIR> d-------- C:\Program Files\AltoMP3 Maker
2007-12-14 23:50 . 2007-12-14 23:49 684,377 --a------ C:\WINDOWS\unins000.exe
2007-12-14 23:50 . 2007-12-14 23:50 3,445 --a------ C:\WINDOWS\unins000.dat
2007-12-14 23:24 . 2007-12-14 23:25 <DIR> d-------- C:\Program Files\QuickTime
2007-12-14 23:24 . 2007-12-14 23:24 <DIR> d-------- C:\Program Files\Apple Software Update
2007-12-14 23:24 . 2007-12-14 23:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-14 23:24 . 2007-12-14 23:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-13 18:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-08 23:14 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-08 20:25 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-26 18:33 --------- d-----w C:\Program Files\Crawler
2007-12-21 10:53 --------- d-----w C:\Program Files\NCH Swift Sound
2007-12-21 10:52 --------- d-----w C:\Program Files\NCH Software
2007-12-19 19:11 --------- d-----w C:\Documents and Settings\hp\Application Data\Skype
2007-12-11 08:05 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-30 19:06 --------- d-----w C:\Program Files\Ace Utilities
2007-11-20 17:17 --------- d-----w C:\Program Files\Samplitude_V8_professional
2007-11-17 13:46 --------- d-----w C:\Documents and Settings\hp\Application Data\Syntrillium
2007-11-17 13:44 --------- d-----w C:\Program Files\coolpro2
2007-11-14 17:45 --------- d-----w C:\Documents and Settings\hp\Application Data\MAGIX
2007-11-13 16:39 23,876,904 ----a-w C:\SkypeSetup.exe
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-31 17:48 270,336 ----a-w C:\WINDOWS\system32\imon.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 16:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-20 08:56 737,280 ----a-w C:\WINDOWS\iun6002.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2007-12-26 23:29 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 09:58 159744]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-20 19:58 7581696]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-20 19:58 86016]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-01-10 14:13 472776]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 13:36 827392]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-10-31 18:48 917504]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-01-08 21:34 2834432]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 02:48:00]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 01:01:00]
HP Pavilion Webcam Tray Icon.lnk - C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe [2007-09-13 13:51:28]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
--a------ 2006-07-27 13:44 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
--a------ 2006-07-27 19:12 3142236 C:\Program Files\ICQLite\ICQLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]
--a------ 2004-07-14 14:36 57344 C:\WINDOWS\system32\ICO.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-07-20 19:58 1519616 C:\WINDOWS\system32\nwiz.exe
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-01-08 21:59]
R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2006-03-05 22:49]
R3 PSched;QoS Packet Scheduler;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 13:00]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC);C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [2006-07-06 09:28]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{41b0a657-61f5-11dc-b88a-9966d0c157d8}]
\Shell\AutoRun\command - SWSETUP\APPINSTL\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{85263ece-b2e3-11dc-b999-0016366cd665}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{85263ecf-b2e3-11dc-b999-0016366cd665}]
\Shell\AutoRun\command - d.com
\Shell\explore\Command - d.com
\Shell\open\Command - d.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b08b3a62-637c-11dc-b892-0016366cd665}]
\Shell\AutoRun\command - E:\d.com
\Shell\explore\Command - E:\d.com
\Shell\open\Command - E:\d.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ee781d64-7b27-11dc-b8b0-0016366cd665}]
\Shell\AutoRun\command - E:\u.bat
\Shell\explore\Command - E:\u.bat
\Shell\open\Command - E:\u.bat
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2008-01-02 13:26:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-14 20:27:53
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\Program Files\Eset\pr_imon.dll
.
Completion time: 2008-01-14 20:28:14
ComboFix-quarantined-files.txt 2008-01-14 19:28:12
.
ComboFix 08-01-14.4 - hp 2008-01-14 20:24:53.2 - NTFSx86
Systém Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1033.18.477 [GMT 1:00]
Running from: C:\Documents and Settings\hp\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2007-12-14 to 2008-01-14 )))))))))))))))))))))))))))))))
.
2008-01-14 20:19 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-08 21:59 . 2008-01-08 21:59 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-01-08 21:36 . 2008-01-08 22:36 <DIR> d-------- C:\Program Files\WinClamAVShield
2008-01-08 21:34 . 2008-01-08 22:36 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-01-08 21:25 . 2008-01-13 11:00 <DIR> d-------- C:\Documents and Settings\hp\Application Data\Spyware Terminator
2008-01-08 21:25 . 2008-01-08 22:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-01-08 16:42 . 2008-01-09 00:28 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-08 16:42 . 2008-01-08 16:42 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-26 23:52 . 2008-01-08 21:25 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-12-26 23:52 . 2008-01-08 21:25 <DIR> d-------- C:\Documents and Settings\hp\Application Data\SUPERAntiSpyware.com
2007-12-26 23:52 . 2007-12-26 23:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-26 23:29 . 2007-12-26 23:29 <DIR> d-------- C:\Program Files\ZoneAlarmSB
2007-12-26 23:24 . 2007-12-26 23:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-12-26 23:24 . 2007-12-26 23:29 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-12-26 23:22 . 2008-01-03 20:07 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-12-26 23:21 . 2008-01-03 20:07 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-12-26 18:23 . 2007-12-26 18:23 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-25 13:18 . 2008-01-13 17:32 <DIR> d-------- C:\Documents and Settings\hp\Application Data\U3
2007-12-21 11:54 . 2007-12-21 11:54 <DIR> d-------- C:\Documents and Settings\hp\Application Data\NCH Swift Sound
2007-12-21 11:53 . 2007-12-21 11:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2007-12-21 11:52 . 2007-12-21 11:53 <DIR> d-------- C:\Program Files\NCH Swift Sound
2007-12-21 11:52 . 2007-12-21 11:52 <DIR> d-------- C:\Program Files\NCH Software
2007-12-21 10:50 . 2007-12-21 11:52 <DIR> d-------- C:\Program Files\AltoMP3 Maker
2007-12-14 23:50 . 2007-12-14 23:49 684,377 --a------ C:\WINDOWS\unins000.exe
2007-12-14 23:50 . 2007-12-14 23:50 3,445 --a------ C:\WINDOWS\unins000.dat
2007-12-14 23:24 . 2007-12-14 23:25 <DIR> d-------- C:\Program Files\QuickTime
2007-12-14 23:24 . 2007-12-14 23:24 <DIR> d-------- C:\Program Files\Apple Software Update
2007-12-14 23:24 . 2007-12-14 23:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-14 23:24 . 2007-12-14 23:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-13 18:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-08 23:14 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-08 20:25 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-26 18:33 --------- d-----w C:\Program Files\Crawler
2007-12-21 10:53 --------- d-----w C:\Program Files\NCH Swift Sound
2007-12-21 10:52 --------- d-----w C:\Program Files\NCH Software
2007-12-19 19:11 --------- d-----w C:\Documents and Settings\hp\Application Data\Skype
2007-12-11 08:05 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-30 19:06 --------- d-----w C:\Program Files\Ace Utilities
2007-11-20 17:17 --------- d-----w C:\Program Files\Samplitude_V8_professional
2007-11-17 13:46 --------- d-----w C:\Documents and Settings\hp\Application Data\Syntrillium
2007-11-17 13:44 --------- d-----w C:\Program Files\coolpro2
2007-11-14 17:45 --------- d-----w C:\Documents and Settings\hp\Application Data\MAGIX
2007-11-13 16:39 23,876,904 ----a-w C:\SkypeSetup.exe
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-31 17:48 270,336 ----a-w C:\WINDOWS\system32\imon.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 16:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-20 08:56 737,280 ----a-w C:\WINDOWS\iun6002.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2007-12-26 23:29 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 09:58 159744]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-20 19:58 7581696]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-20 19:58 86016]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-01-10 14:13 472776]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 13:36 827392]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-10-31 18:48 917504]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-01-08 21:34 2834432]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 02:48:00]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 01:01:00]
HP Pavilion Webcam Tray Icon.lnk - C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe [2007-09-13 13:51:28]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
--a------ 2006-07-27 13:44 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
--a------ 2006-07-27 19:12 3142236 C:\Program Files\ICQLite\ICQLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]
--a------ 2004-07-14 14:36 57344 C:\WINDOWS\system32\ICO.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-07-20 19:58 1519616 C:\WINDOWS\system32\nwiz.exe
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-01-08 21:59]
R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2006-03-05 22:49]
R3 PSched;QoS Packet Scheduler;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 13:00]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC);C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [2006-07-06 09:28]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{41b0a657-61f5-11dc-b88a-9966d0c157d8}]
\Shell\AutoRun\command - SWSETUP\APPINSTL\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{85263ece-b2e3-11dc-b999-0016366cd665}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{85263ecf-b2e3-11dc-b999-0016366cd665}]
\Shell\AutoRun\command - d.com
\Shell\explore\Command - d.com
\Shell\open\Command - d.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b08b3a62-637c-11dc-b892-0016366cd665}]
\Shell\AutoRun\command - E:\d.com
\Shell\explore\Command - E:\d.com
\Shell\open\Command - E:\d.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ee781d64-7b27-11dc-b8b0-0016366cd665}]
\Shell\AutoRun\command - E:\u.bat
\Shell\explore\Command - E:\u.bat
\Shell\open\Command - E:\u.bat
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2008-01-02 13:26:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-14 20:27:53
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\Program Files\Eset\pr_imon.dll
.
Completion time: 2008-01-14 20:28:14
ComboFix-quarantined-files.txt 2008-01-14 19:28:12
.
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Vezmi flešku a připoj ji k PC.
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Stáhni tento program: Flash Disinfector (by sUBs) a spusť ho.
Po proběhnutí programu ji můžeš odpojit.
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
V následujícím příspěvku sem vlož tyto logy/výsledky:
- log z Comobifx po použití skriptu
- nový log z HJT
Kde ti nod hlásí ty viry?
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:
Kód: Vybrat vše
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{85263ecf-b2e3-11dc-b999-0016366cd665}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b08b3a62-637c-11dc-b892-0016366cd665}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ee781d64-7b27-11dc-b8b0-0016366cd665}]
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Stáhni tento program: Flash Disinfector (by sUBs) a spusť ho.
Po proběhnutí programu ji můžeš odpojit.
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
V následujícím příspěvku sem vlož tyto logy/výsledky:
- log z Comobifx po použití skriptu
- nový log z HJT
Kde ti nod hlásí ty viry?
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
tak tu su vysledky
ComboFix 08-01-14.4 - hp 2008-01-16 18:33:19.3 - NTFSx86
Systém Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1033.18.577 [GMT 1:00]
Running from: C:\Documents and Settings\hp\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\hp\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2007-12-16 to 2008-01-16 )))))))))))))))))))))))))))))))
.
2008-01-14 20:19 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-08 21:59 . 2008-01-08 21:59 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-01-08 21:36 . 2008-01-08 22:36 <DIR> d-------- C:\Program Files\WinClamAVShield
2008-01-08 21:34 . 2008-01-08 22:36 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-01-08 21:25 . 2008-01-13 11:00 <DIR> d-------- C:\Documents and Settings\hp\Application Data\Spyware Terminator
2008-01-08 21:25 . 2008-01-08 22:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-01-08 16:42 . 2008-01-09 00:28 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-08 16:42 . 2008-01-08 16:42 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-26 23:52 . 2008-01-08 21:25 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-12-26 23:52 . 2008-01-08 21:25 <DIR> d-------- C:\Documents and Settings\hp\Application Data\SUPERAntiSpyware.com
2007-12-26 23:52 . 2007-12-26 23:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-26 23:29 . 2007-12-26 23:29 <DIR> d-------- C:\Program Files\ZoneAlarmSB
2007-12-26 23:24 . 2007-12-26 23:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-12-26 23:24 . 2007-12-26 23:29 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-12-26 23:22 . 2008-01-03 20:07 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-12-26 23:21 . 2008-01-03 20:07 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-12-26 18:23 . 2007-12-26 18:23 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-25 13:18 . 2008-01-13 17:32 <DIR> d-------- C:\Documents and Settings\hp\Application Data\U3
2007-12-21 11:54 . 2007-12-21 11:54 <DIR> d-------- C:\Documents and Settings\hp\Application Data\NCH Swift Sound
2007-12-21 11:53 . 2007-12-21 11:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2007-12-21 11:52 . 2007-12-21 11:53 <DIR> d-------- C:\Program Files\NCH Swift Sound
2007-12-21 11:52 . 2007-12-21 11:52 <DIR> d-------- C:\Program Files\NCH Software
2007-12-21 10:50 . 2007-12-21 11:52 <DIR> d-------- C:\Program Files\AltoMP3 Maker
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-13 18:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-08 23:14 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-08 20:25 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-26 18:33 --------- d-----w C:\Program Files\Crawler
2007-12-21 10:53 --------- d-----w C:\Program Files\NCH Swift Sound
2007-12-21 10:52 --------- d-----w C:\Program Files\NCH Software
2007-12-19 19:11 --------- d-----w C:\Documents and Settings\hp\Application Data\Skype
2007-12-14 22:49 684,377 ----a-w C:\WINDOWS\unins000.exe
2007-12-14 22:25 --------- d-----w C:\Program Files\QuickTime
2007-12-14 22:24 --------- d-----w C:\Program Files\Apple Software Update
2007-12-14 22:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-14 22:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-12-11 08:05 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-30 19:06 --------- d-----w C:\Program Files\Ace Utilities
2007-11-20 17:17 --------- d-----w C:\Program Files\Samplitude_V8_professional
2007-11-17 13:46 --------- d-----w C:\Documents and Settings\hp\Application Data\Syntrillium
2007-11-17 13:44 --------- d-----w C:\Program Files\coolpro2
2007-11-13 16:39 23,876,904 ----a-w C:\SkypeSetup.exe
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-31 17:48 270,336 ----a-w C:\WINDOWS\system32\imon.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 16:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-20 08:56 737,280 ----a-w C:\WINDOWS\iun6002.exe
.
((((((((((((((((((((((((((((( snapshot@2008-01-14_20.27.57.96 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-14 19:23:04 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-16 17:33:02 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-14 19:23:04 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-16 17:33:02 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-14 19:23:04 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-16 17:33:02 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-14 19:23:04 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-16 17:33:02 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-14 19:23:05 4,411,392 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-16 17:33:02 4,427,776 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-14 19:23:05 45,056 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-16 17:33:02 45,056 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2007-12-26 23:29 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 09:58 159744]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-20 19:58 7581696]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-20 19:58 86016]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-01-10 14:13 472776]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 13:36 827392]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-10-31 18:48 917504]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-01-08 21:34 2834432]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 02:48:00]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 01:01:00]
HP Pavilion Webcam Tray Icon.lnk - C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe [2007-09-13 13:51:28]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
--a------ 2006-07-27 13:44 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
--a------ 2006-07-27 19:12 3142236 C:\Program Files\ICQLite\ICQLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]
--a------ 2004-07-14 14:36 57344 C:\WINDOWS\system32\ICO.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-07-20 19:58 1519616 C:\WINDOWS\system32\nwiz.exe
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-01-08 21:59]
R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2006-03-05 22:49]
R3 PSched;QoS Packet Scheduler;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 13:00]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC);C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [2006-07-06 09:28]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{41b0a657-61f5-11dc-b88a-9966d0c157d8}]
\Shell\AutoRun\command - SWSETUP\APPINSTL\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{85263ece-b2e3-11dc-b999-0016366cd665}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
"2008-01-02 13:26:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-16 18:35:57
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\Program Files\Eset\pr_imon.dll
.
Completion time: 2008-01-16 18:36:20
ComboFix-quarantined-files.txt 2008-01-16 17:36:18
ComboFix2.txt 2008-01-14 19:28:15
.
2008-01-09 11:14:15 --- E O F ---
hijackthis log tu
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:41:11, on 16.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.sk/
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
--
End of file - 5066 bytes
ComboFix 08-01-14.4 - hp 2008-01-16 18:33:19.3 - NTFSx86
Systém Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1033.18.577 [GMT 1:00]
Running from: C:\Documents and Settings\hp\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\hp\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2007-12-16 to 2008-01-16 )))))))))))))))))))))))))))))))
.
2008-01-14 20:19 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-08 21:59 . 2008-01-08 21:59 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-01-08 21:36 . 2008-01-08 22:36 <DIR> d-------- C:\Program Files\WinClamAVShield
2008-01-08 21:34 . 2008-01-08 22:36 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-01-08 21:25 . 2008-01-13 11:00 <DIR> d-------- C:\Documents and Settings\hp\Application Data\Spyware Terminator
2008-01-08 21:25 . 2008-01-08 22:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-01-08 16:42 . 2008-01-09 00:28 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-08 16:42 . 2008-01-08 16:42 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-26 23:52 . 2008-01-08 21:25 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-12-26 23:52 . 2008-01-08 21:25 <DIR> d-------- C:\Documents and Settings\hp\Application Data\SUPERAntiSpyware.com
2007-12-26 23:52 . 2007-12-26 23:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-26 23:29 . 2007-12-26 23:29 <DIR> d-------- C:\Program Files\ZoneAlarmSB
2007-12-26 23:24 . 2007-12-26 23:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-12-26 23:24 . 2007-12-26 23:29 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-12-26 23:22 . 2008-01-03 20:07 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-12-26 23:21 . 2008-01-03 20:07 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-12-26 18:23 . 2007-12-26 18:23 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-25 13:18 . 2008-01-13 17:32 <DIR> d-------- C:\Documents and Settings\hp\Application Data\U3
2007-12-21 11:54 . 2007-12-21 11:54 <DIR> d-------- C:\Documents and Settings\hp\Application Data\NCH Swift Sound
2007-12-21 11:53 . 2007-12-21 11:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2007-12-21 11:52 . 2007-12-21 11:53 <DIR> d-------- C:\Program Files\NCH Swift Sound
2007-12-21 11:52 . 2007-12-21 11:52 <DIR> d-------- C:\Program Files\NCH Software
2007-12-21 10:50 . 2007-12-21 11:52 <DIR> d-------- C:\Program Files\AltoMP3 Maker
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-13 18:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-08 23:14 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-08 20:25 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-26 18:33 --------- d-----w C:\Program Files\Crawler
2007-12-21 10:53 --------- d-----w C:\Program Files\NCH Swift Sound
2007-12-21 10:52 --------- d-----w C:\Program Files\NCH Software
2007-12-19 19:11 --------- d-----w C:\Documents and Settings\hp\Application Data\Skype
2007-12-14 22:49 684,377 ----a-w C:\WINDOWS\unins000.exe
2007-12-14 22:25 --------- d-----w C:\Program Files\QuickTime
2007-12-14 22:24 --------- d-----w C:\Program Files\Apple Software Update
2007-12-14 22:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-14 22:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-12-11 08:05 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-30 19:06 --------- d-----w C:\Program Files\Ace Utilities
2007-11-20 17:17 --------- d-----w C:\Program Files\Samplitude_V8_professional
2007-11-17 13:46 --------- d-----w C:\Documents and Settings\hp\Application Data\Syntrillium
2007-11-17 13:44 --------- d-----w C:\Program Files\coolpro2
2007-11-13 16:39 23,876,904 ----a-w C:\SkypeSetup.exe
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-31 17:48 270,336 ----a-w C:\WINDOWS\system32\imon.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 16:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-20 08:56 737,280 ----a-w C:\WINDOWS\iun6002.exe
.
((((((((((((((((((((((((((((( snapshot@2008-01-14_20.27.57.96 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-14 19:23:04 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-16 17:33:02 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-14 19:23:04 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-16 17:33:02 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-14 19:23:04 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-16 17:33:02 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-14 19:23:04 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-16 17:33:02 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-14 19:23:05 4,411,392 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-16 17:33:02 4,427,776 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-14 19:23:05 45,056 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-16 17:33:02 45,056 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2007-12-26 23:29 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 09:58 159744]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-20 19:58 7581696]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-20 19:58 86016]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-01-10 14:13 472776]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 13:36 827392]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-10-31 18:48 917504]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-01-08 21:34 2834432]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 02:48:00]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 01:01:00]
HP Pavilion Webcam Tray Icon.lnk - C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe [2007-09-13 13:51:28]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
--a------ 2006-07-27 13:44 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
--a------ 2006-07-27 19:12 3142236 C:\Program Files\ICQLite\ICQLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]
--a------ 2004-07-14 14:36 57344 C:\WINDOWS\system32\ICO.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-07-20 19:58 1519616 C:\WINDOWS\system32\nwiz.exe
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-01-08 21:59]
R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2006-03-05 22:49]
R3 PSched;QoS Packet Scheduler;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 13:00]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC);C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [2006-07-06 09:28]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{41b0a657-61f5-11dc-b88a-9966d0c157d8}]
\Shell\AutoRun\command - SWSETUP\APPINSTL\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{85263ece-b2e3-11dc-b999-0016366cd665}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
"2008-01-02 13:26:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-16 18:35:57
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\Program Files\Eset\pr_imon.dll
.
Completion time: 2008-01-16 18:36:20
ComboFix-quarantined-files.txt 2008-01-16 17:36:18
ComboFix2.txt 2008-01-14 19:28:15
.
2008-01-09 11:14:15 --- E O F ---
hijackthis log tu
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:41:11, on 16.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.sk/
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
--
End of file - 5066 bytes
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Jdi přes Start -> Spustit... a napiš do okna tento příkaz označený modře ComboFix /u (mezi comobofix a /u musí být mezera) a dej Ok.
Pro lepší zabezpečení by bylo dobré si doinstalovat firewall, můžeš si vybrat některý zde uvedený nebo některý jiný z odkazu: Přehled osobních firewallů
Firewally zdarma:
Comodo - kvalitní, pokročilý, s mnoha funkcemi, originálně v angličtině
Kerio - přehledný, větší možnosti nastavení, náročnější na systémové prostředky, v češtině
ZoneAlarm - jednoduchý, kompatibilní, nenáročný na systémové prostředky, málo možností nastavení, v angličtině
Máš ještě problémy?
Pro lepší zabezpečení by bylo dobré si doinstalovat firewall, můžeš si vybrat některý zde uvedený nebo některý jiný z odkazu: Přehled osobních firewallů
Firewally zdarma:
Comodo - kvalitní, pokročilý, s mnoha funkcemi, originálně v angličtině
Kerio - přehledný, větší možnosti nastavení, náročnější na systémové prostředky, v češtině
ZoneAlarm - jednoduchý, kompatibilní, nenáročný na systémové prostředky, málo možností nastavení, v angličtině
Máš ještě problémy?
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 90 hostů