Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:53:37, on 12.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Total Commder\TOTALCMD.EXE
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\Program Files\DAEMON Tools\daemon.exe
E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
E:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
E:\Program Files\LogMeIn\x86\RaMaint.exe
E:\Program Files\LogMeIn\x86\LogMeIn.exe
E:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
E:\Program Files\Spyware Terminator\sp_rsser.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
E:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
E:\DOCUME~1\skala\LOCALS~1\Temp\_tc2\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program
Files\Adobe\Acrobat 6.0 CE\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program
Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program
Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - E:\Program
Files\Xi\NetTransport 2\NTIEHelper.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program
Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SpywareTerminator] "E:\Program Files\Spyware
Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DAEMON Tools] "E:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe"
-osboot
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: WinFortunes.lnk = E:\Program Files\WinFortunes\winfortunes.exe
O4 - Startup: ST6UNST Uninstaller.LNK = ?
O4 - Global Startup: Acrobat Assistant.lnk = E:\Program Files\Adobe\Acrobat 6.0
CE\Distillr\acrotray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel -
res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Přizpůsobit Menu - file://E:\Program Files\Siber Systems\AI
RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: RF Nástrojová lišta - file://E:\Program Files\Siber Systems\AI
RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Stáhnout pomocí Net Transportu - E:\Program Files\Xi\NetTransport
2\NTAddLink.html
O8 - Extra context menu item: Stáhnout vše pomocí &Net Transportu - E:\Program
Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Uložit formuláře - file://E:\Program Files\Siber Systems\AI
RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Vyplnit formulář - file://E:\Program Files\Siber Systems\AI
RoboForm\RoboFormComFillForms.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program
Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Vyplnit formulář - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://E:\Program
Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html (file missing)
O9 - Extra 'Tools' menuitem: Vyplnit formulář - {320AF880-6646-11D3-ABEE-C5DBF3571F46} -
file://E:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html (file missing)
O9 - Extra button: Uložit - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://E:\Program
Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html (file missing)
O9 - Extra 'Tools' menuitem: Uložit formuláře - {320AF880-6646-11D3-ABEE-C5DBF3571F49} -
file://E:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html (file missing)
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://E:\Program
Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html (file missing)
O9 - Extra 'Tools' menuitem: RF Nástrojová lišta - {724d43aa-0d85-11d4-9908-00400523e39a} -
file://E:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html (file missing)
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -
http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -
http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O20 - Winlogon Notify: acecdbcdeaeefe - E:\WINDOWS\system32\acecdbcdeaeefe.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program Files\Alwil
Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil
Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Program Files\Alwil
Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Program Files\Alwil
Software\Avast4\ashWebSv.exe
O23 - Service: UPC SmartGuard (BackWeb Plug-in - 3371068) - Unknown owner -
E:\PROGRA~1\UPCSMA~1\backweb\3371068\Program\SERVIC~1.EXE (file missing)
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - E:\Program
Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - E:\Program
Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - E:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - E:\Program
Files\WinClamAVShield\sp_clamsrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - E:\Program
Files\Spyware Terminator\sp_rsser.exe
--
End of file - 7634 bytes
prosím o kontrolu logu
Zdravím. Na této stránce http://www.paul27.ic.cz/navody.html je návod na SDFix, tak ho udělej a pošli nám log + nový HijackThis.
SDFix: Version 1.156
Run by Administrator on st 12. 03. 2008 at 12:12
Microsoft Windows XP [Verze 5.1.2600]
Running From: E:\SDFIXXX
Checking Services :
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
Checking Files :
No Trojan Files Found
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-12 12:21:42
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
IPC error: 2 Systém nemůže nalézt uvedený soubor.
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"G:\\PROGRAMY\\Strong DC++\\StrongDC.exe"="G:\\PROGRAMY\\Strong DC++\\StrongDC.exe:*:Enabled:StrongDC++"
"G:\\PROGRAMY\\miranda honza\\miranda\\miranda32.exe"="G:\\PROGRAMY\\miranda honza\\miranda\\miranda32.exe:*:Enabled:Miranda IM"
"e:\\windows\\system32\\systemnt26.exe"="e:\\windows\\system32\\systemnt26.exe:*:Enabled:systemnt26"
"E:\\Program Files\\EA GAMES\\The Battle for Middle-earth (tm)\\game.dat"="E:\\Program Files\\EA GAMES\\The Battle for Middle-earth (tm)\\game.dat:*:Enabled:The Battle for Middle-earth (tm)"
"F:\\PROGRAMKY\\utorrent.exe"="F:\\PROGRAMKY\\utorrent.exe:*:Enabled:uTorrent"
"E:\\Documents and Settings\\SKALA\\Plocha\\utorrent.exe"="E:\\Documents and Settings\\SKALA\\Plocha\\utorrent.exe:*:Enabled:uTorrent"
"E:\\WINDOWS\\TEMP\\win2377.tmp.exe"="E:\\WINDOWS\\TEMP\\win2377.tmp.exe:*:Enabled:win2377.tmp"
"E:\\WINDOWS\\TEMP\\win3DD3.tmp.exe"="E:\\WINDOWS\\TEMP\\win3DD3.tmp.exe:*:Enabled:win3DD3.tmp"
"E:\\WINDOWS\\TEMP\\win6112.tmp.exe"="E:\\WINDOWS\\TEMP\\win6112.tmp.exe:*:Enabled:win6112.tmp"
"e:\\windows\\system32\\rlvknlg.exe"="e:\\windows\\system32\\rlvknlg.exe:*:Enabled:rlvknlg.exe"
"E:\\WINDOWS\\TEMP\\win673F.tmp.exe"="E:\\WINDOWS\\TEMP\\win673F.tmp.exe:*:Enabled:win673F.tmp"
"E:\\WINDOWS\\TEMP\\win6A44.tmp.exe"="E:\\WINDOWS\\TEMP\\win6A44.tmp.exe:*:Enabled:win6A44.tmp"
"E:\\WINDOWS\\TEMP\\win6764.tmp.exe"="E:\\WINDOWS\\TEMP\\win6764.tmp.exe:*:Enabled:win6764.tmp"
"E:\\Program Files\\UPCSmartGuard\\backweb\\3371068\\Program\\fspex.exe"="E:\\Program Files\\UPCSmartGuard\\backweb\\3371068\\Program\\fspex.exe:*:Enabled:UPC SmartGuard"
"E:\\Program Files\\Strong DC++\\StrongDC.exe"="E:\\Program Files\\Strong DC++\\StrongDC.exe:*:Enabled:StrongDC++"
"E:\\Program Files\\michal mir\\miranda32.exe"="E:\\Program Files\\michal mir\\miranda32.exe:*:Enabled:Miranda IM"
"E:\\Program Files\\Sunbelt Software\\Personal Firewall\\KPF4GUI.EXE"="E:\\Program Files\\Sunbelt Software\\Personal Firewall\\KPF4GUI.EXE:*:Enabled:Sunbelt Kerio Firewall GUI"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\\Program Files\\UPCSmartGuard\\backweb\\3371068\\Program\\fspex.exe"="E:\\Program Files\\UPCSmartGuard\\backweb\\3371068\\Program\\fspex.exe:*:Enabled:UPC SmartGuard"
Remaining Files :
File Backups: - E:\SDFIXXX\backups\backups.zip
Files with Hidden Attributes :
Mon 6 Aug 2007 1,123,200 A..H. --- "E:\WINDOWS\SoftwareDistribution\Download\93a233c2dff315e0408559775486f5b2\BIT4A8.tmp"
Finished!
====================================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:28:29, on 12.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Strong DC++\StrongDC.exe
E:\Program Files\Total Commder\TOTALCMD.EXE
E:\PROGRA~1\MOZILL~1\firefox.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
E:\Program Files\LogMeIn\x86\RaMaint.exe
E:\Program Files\LogMeIn\x86\LogMeIn.exe
E:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
E:\Program Files\Spyware Terminator\sp_rsser.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\WINDOWS\system32\wscntfy.exe
E:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
\?\E:\WINDOWS\system32\WBEM\WMIADAP.EXE
E:\WINDOWS\system32\notepad.exe
E:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\Program Files\DAEMON Tools\daemon.exe
E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
E:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe
E:\DOCUME~1\skala\LOCALS~1\Temp\_tc1\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - E:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SpywareTerminator] "E:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DAEMON Tools] "E:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: WinFortunes.lnk = E:\Program Files\WinFortunes\winfortunes.exe
O4 - Startup: ST6UNST Uninstaller.LNK = ?
O4 - Global Startup: Acrobat Assistant.lnk = E:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Přizpůsobit Menu - file://E:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: RF Nástrojová lišta - file://E:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Stáhnout pomocí Net Transportu - E:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Stáhnout vše pomocí &Net Transportu - E:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Uložit formuláře - file://E:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Vyplnit formulář - file://E:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Vyplnit formulář - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://E:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html (file missing)
O9 - Extra 'Tools' menuitem: Vyplnit formulář - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://E:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html (file missing)
O9 - Extra button: Uložit - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://E:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html (file missing)
O9 - Extra 'Tools' menuitem: Uložit formuláře - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://E:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html (file missing)
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://E:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html (file missing)
O9 - Extra 'Tools' menuitem: RF Nástrojová lišta - {724d43aa-0d85-11d4-9908-00400523e39a} - file://E:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html (file missing)
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O20 - Winlogon Notify: acecdbcdeaeefe - E:\WINDOWS\system32\acecdbcdeaeefe.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: UPC SmartGuard (BackWeb Plug-in - 3371068) - Unknown owner - E:\PROGRA~1\UPCSMA~1\backweb\3371068\Program\SERVIC~1.EXE (file missing)
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - E:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - E:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - E:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - E:\Program Files\WinClamAVShield\sp_clamsrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - E:\Program Files\Spyware Terminator\sp_rsser.exe
--
End of file - 7819 bytes
Run by Administrator on st 12. 03. 2008 at 12:12
Microsoft Windows XP [Verze 5.1.2600]
Running From: E:\SDFIXXX
Checking Services :
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
Checking Files :
No Trojan Files Found
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-12 12:21:42
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
IPC error: 2 Systém nemůže nalézt uvedený soubor.
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"G:\\PROGRAMY\\Strong DC++\\StrongDC.exe"="G:\\PROGRAMY\\Strong DC++\\StrongDC.exe:*:Enabled:StrongDC++"
"G:\\PROGRAMY\\miranda honza\\miranda\\miranda32.exe"="G:\\PROGRAMY\\miranda honza\\miranda\\miranda32.exe:*:Enabled:Miranda IM"
"e:\\windows\\system32\\systemnt26.exe"="e:\\windows\\system32\\systemnt26.exe:*:Enabled:systemnt26"
"E:\\Program Files\\EA GAMES\\The Battle for Middle-earth (tm)\\game.dat"="E:\\Program Files\\EA GAMES\\The Battle for Middle-earth (tm)\\game.dat:*:Enabled:The Battle for Middle-earth (tm)"
"F:\\PROGRAMKY\\utorrent.exe"="F:\\PROGRAMKY\\utorrent.exe:*:Enabled:uTorrent"
"E:\\Documents and Settings\\SKALA\\Plocha\\utorrent.exe"="E:\\Documents and Settings\\SKALA\\Plocha\\utorrent.exe:*:Enabled:uTorrent"
"E:\\WINDOWS\\TEMP\\win2377.tmp.exe"="E:\\WINDOWS\\TEMP\\win2377.tmp.exe:*:Enabled:win2377.tmp"
"E:\\WINDOWS\\TEMP\\win3DD3.tmp.exe"="E:\\WINDOWS\\TEMP\\win3DD3.tmp.exe:*:Enabled:win3DD3.tmp"
"E:\\WINDOWS\\TEMP\\win6112.tmp.exe"="E:\\WINDOWS\\TEMP\\win6112.tmp.exe:*:Enabled:win6112.tmp"
"e:\\windows\\system32\\rlvknlg.exe"="e:\\windows\\system32\\rlvknlg.exe:*:Enabled:rlvknlg.exe"
"E:\\WINDOWS\\TEMP\\win673F.tmp.exe"="E:\\WINDOWS\\TEMP\\win673F.tmp.exe:*:Enabled:win673F.tmp"
"E:\\WINDOWS\\TEMP\\win6A44.tmp.exe"="E:\\WINDOWS\\TEMP\\win6A44.tmp.exe:*:Enabled:win6A44.tmp"
"E:\\WINDOWS\\TEMP\\win6764.tmp.exe"="E:\\WINDOWS\\TEMP\\win6764.tmp.exe:*:Enabled:win6764.tmp"
"E:\\Program Files\\UPCSmartGuard\\backweb\\3371068\\Program\\fspex.exe"="E:\\Program Files\\UPCSmartGuard\\backweb\\3371068\\Program\\fspex.exe:*:Enabled:UPC SmartGuard"
"E:\\Program Files\\Strong DC++\\StrongDC.exe"="E:\\Program Files\\Strong DC++\\StrongDC.exe:*:Enabled:StrongDC++"
"E:\\Program Files\\michal mir\\miranda32.exe"="E:\\Program Files\\michal mir\\miranda32.exe:*:Enabled:Miranda IM"
"E:\\Program Files\\Sunbelt Software\\Personal Firewall\\KPF4GUI.EXE"="E:\\Program Files\\Sunbelt Software\\Personal Firewall\\KPF4GUI.EXE:*:Enabled:Sunbelt Kerio Firewall GUI"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\\Program Files\\UPCSmartGuard\\backweb\\3371068\\Program\\fspex.exe"="E:\\Program Files\\UPCSmartGuard\\backweb\\3371068\\Program\\fspex.exe:*:Enabled:UPC SmartGuard"
Remaining Files :
File Backups: - E:\SDFIXXX\backups\backups.zip
Files with Hidden Attributes :
Mon 6 Aug 2007 1,123,200 A..H. --- "E:\WINDOWS\SoftwareDistribution\Download\93a233c2dff315e0408559775486f5b2\BIT4A8.tmp"
Finished!
====================================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:28:29, on 12.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Strong DC++\StrongDC.exe
E:\Program Files\Total Commder\TOTALCMD.EXE
E:\PROGRA~1\MOZILL~1\firefox.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
E:\Program Files\LogMeIn\x86\RaMaint.exe
E:\Program Files\LogMeIn\x86\LogMeIn.exe
E:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
E:\Program Files\Spyware Terminator\sp_rsser.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\WINDOWS\system32\wscntfy.exe
E:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
\?\E:\WINDOWS\system32\WBEM\WMIADAP.EXE
E:\WINDOWS\system32\notepad.exe
E:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\Program Files\DAEMON Tools\daemon.exe
E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
E:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe
E:\DOCUME~1\skala\LOCALS~1\Temp\_tc1\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - E:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SpywareTerminator] "E:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DAEMON Tools] "E:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: WinFortunes.lnk = E:\Program Files\WinFortunes\winfortunes.exe
O4 - Startup: ST6UNST Uninstaller.LNK = ?
O4 - Global Startup: Acrobat Assistant.lnk = E:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Přizpůsobit Menu - file://E:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: RF Nástrojová lišta - file://E:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Stáhnout pomocí Net Transportu - E:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Stáhnout vše pomocí &Net Transportu - E:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Uložit formuláře - file://E:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Vyplnit formulář - file://E:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Vyplnit formulář - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://E:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html (file missing)
O9 - Extra 'Tools' menuitem: Vyplnit formulář - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://E:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html (file missing)
O9 - Extra button: Uložit - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://E:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html (file missing)
O9 - Extra 'Tools' menuitem: Uložit formuláře - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://E:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html (file missing)
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://E:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html (file missing)
O9 - Extra 'Tools' menuitem: RF Nástrojová lišta - {724d43aa-0d85-11d4-9908-00400523e39a} - file://E:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html (file missing)
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O20 - Winlogon Notify: acecdbcdeaeefe - E:\WINDOWS\system32\acecdbcdeaeefe.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: UPC SmartGuard (BackWeb Plug-in - 3371068) - Unknown owner - E:\PROGRA~1\UPCSMA~1\backweb\3371068\Program\SERVIC~1.EXE (file missing)
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - E:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - E:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - E:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - E:\Program Files\WinClamAVShield\sp_clamsrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - E:\Program Files\Spyware Terminator\sp_rsser.exe
--
End of file - 7819 bytes
Tohle nechte prosím zkontrolovat na http://www.virustotal.com:
E:\WINDOWS\system32\acecdbcdeaeefe.dll
Vypněte ClamAV u Spyware Terminatora, to je ochrana proti virům, na to už ale máte Avast.
E:\WINDOWS\system32\acecdbcdeaeefe.dll
Vypněte ClamAV u Spyware Terminatora, to je ochrana proti virům, na to už ale máte Avast.
Podle tohoto návodu (smazání souboru typu .dll): http://www.paul27.ic.cz/navody_2.html#kil smažte E:\WINDOWS\system32\acecdbcdeaeefe.dll
Pak nový HijackThis.
Pak nový HijackThis.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:23:43, on 12.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Total Commder\TOTALCMD.EXE
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\Program Files\DAEMON Tools\daemon.exe
E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
E:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe
E:\Program Files\WinFortunes\winfortunes.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
E:\Program Files\LogMeIn\x86\RaMaint.exe
E:\Program Files\LogMeIn\x86\LogMeIn.exe
E:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
\?\E:\WINDOWS\system32\WBEM\WMIADAP.EXE
E:\DOCUME~1\skala\LOCALS~1\Temp\_tc3\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program
Files\Adobe\Acrobat 6.0 CE\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program
Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program
Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - E:\Program
Files\Xi\NetTransport 2\NTIEHelper.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program
Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DAEMON Tools] "E:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe"
-osboot
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: WinFortunes.lnk = E:\Program Files\WinFortunes\winfortunes.exe
O4 - Startup: ST6UNST Uninstaller.LNK = ?
O4 - Global Startup: Acrobat Assistant.lnk = E:\Program Files\Adobe\Acrobat 6.0
CE\Distillr\acrotray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel -
res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Přizpůsobit Menu - file://E:\Program Files\Siber Systems\AI
RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: RF Nástrojová lišta - file://E:\Program Files\Siber Systems\AI
RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Stáhnout pomocí Net Transportu - E:\Program Files\Xi\NetTransport
2\NTAddLink.html
O8 - Extra context menu item: Stáhnout vše pomocí &Net Transportu - E:\Program
Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Uložit formuláře - file://E:\Program Files\Siber Systems\AI
RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Vyplnit formulář - file://E:\Program Files\Siber Systems\AI
RoboForm\RoboFormComFillForms.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program
Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Vyplnit formulář - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://E:\Program
Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html (file missing)
O9 - Extra 'Tools' menuitem: Vyplnit formulář - {320AF880-6646-11D3-ABEE-C5DBF3571F46} -
file://E:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html (file missing)
O9 - Extra button: Uložit - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://E:\Program
Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html (file missing)
O9 - Extra 'Tools' menuitem: Uložit formuláře - {320AF880-6646-11D3-ABEE-C5DBF3571F49} -
file://E:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html (file missing)
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://E:\Program
Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html (file missing)
O9 - Extra 'Tools' menuitem: RF Nástrojová lišta - {724d43aa-0d85-11d4-9908-00400523e39a} -
file://E:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html (file missing)
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -
http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -
http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O20 - Winlogon Notify: acecdbcdeaeefe - E:\WINDOWS\system32\acecdbcdeaeefe.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program Files\Alwil
Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil
Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Program Files\Alwil
Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Program Files\Alwil
Software\Avast4\ashWebSv.exe
O23 - Service: UPC SmartGuard (BackWeb Plug-in - 3371068) - Unknown owner -
E:\PROGRA~1\UPCSMA~1\backweb\3371068\Program\SERVIC~1.EXE (file missing)
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - E:\Program
Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - E:\Program
Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - E:\Program Files\LogMeIn\x86\LogMeIn.exe
--
End of file - 7257 bytes
Scan saved at 15:23:43, on 12.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Total Commder\TOTALCMD.EXE
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\Program Files\DAEMON Tools\daemon.exe
E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
E:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe
E:\Program Files\WinFortunes\winfortunes.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
E:\Program Files\LogMeIn\x86\RaMaint.exe
E:\Program Files\LogMeIn\x86\LogMeIn.exe
E:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
\?\E:\WINDOWS\system32\WBEM\WMIADAP.EXE
E:\DOCUME~1\skala\LOCALS~1\Temp\_tc3\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program
Files\Adobe\Acrobat 6.0 CE\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program
Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program
Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - E:\Program
Files\Xi\NetTransport 2\NTIEHelper.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program
Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DAEMON Tools] "E:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe"
-osboot
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: WinFortunes.lnk = E:\Program Files\WinFortunes\winfortunes.exe
O4 - Startup: ST6UNST Uninstaller.LNK = ?
O4 - Global Startup: Acrobat Assistant.lnk = E:\Program Files\Adobe\Acrobat 6.0
CE\Distillr\acrotray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel -
res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Přizpůsobit Menu - file://E:\Program Files\Siber Systems\AI
RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: RF Nástrojová lišta - file://E:\Program Files\Siber Systems\AI
RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Stáhnout pomocí Net Transportu - E:\Program Files\Xi\NetTransport
2\NTAddLink.html
O8 - Extra context menu item: Stáhnout vše pomocí &Net Transportu - E:\Program
Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Uložit formuláře - file://E:\Program Files\Siber Systems\AI
RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Vyplnit formulář - file://E:\Program Files\Siber Systems\AI
RoboForm\RoboFormComFillForms.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program
Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Vyplnit formulář - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://E:\Program
Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html (file missing)
O9 - Extra 'Tools' menuitem: Vyplnit formulář - {320AF880-6646-11D3-ABEE-C5DBF3571F46} -
file://E:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html (file missing)
O9 - Extra button: Uložit - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://E:\Program
Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html (file missing)
O9 - Extra 'Tools' menuitem: Uložit formuláře - {320AF880-6646-11D3-ABEE-C5DBF3571F49} -
file://E:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html (file missing)
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://E:\Program
Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html (file missing)
O9 - Extra 'Tools' menuitem: RF Nástrojová lišta - {724d43aa-0d85-11d4-9908-00400523e39a} -
file://E:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html (file missing)
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -
http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -
http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O20 - Winlogon Notify: acecdbcdeaeefe - E:\WINDOWS\system32\acecdbcdeaeefe.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program Files\Alwil
Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil
Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Program Files\Alwil
Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Program Files\Alwil
Software\Avast4\ashWebSv.exe
O23 - Service: UPC SmartGuard (BackWeb Plug-in - 3371068) - Unknown owner -
E:\PROGRA~1\UPCSMA~1\backweb\3371068\Program\SERVIC~1.EXE (file missing)
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - E:\Program
Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - E:\Program
Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - E:\Program Files\LogMeIn\x86\LogMeIn.exe
--
End of file - 7257 bytes
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 94 hostů