Zdravim,
Mam takovy problem. Jednou se mi do PC dostal trojan a zkousel sem ho odstranit jenomze tu furt je a neustale mi to ukazuje stranky kde si mam stahnout programy na ochranu proti virum atd. Navic se mi pri prihlasovani ukazuje tabulka : Chyba při načítaná dat H:\WINDOWS\system32\jxnltsmy.dll. Nevim co s tim. Prosim o radu
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:16:33, on 6.4.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
H:\WINDOWS\system32\brsvc01a.exe
H:\WINDOWS\system32\brss01a.exe
H:\WINDOWS\system32\spoolsv.exe
h:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
H:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
H:\Program Files\profibanka\System\BinnMSSQL$PROFIBANKA\Binn\sqlservr.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\RTHDCPL.EXE
H:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
H:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
H:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
H:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
H:\WINDOWS\system32\rundll32.exe
H:\WINDOWS\system32\rundll32.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
H:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
H:\Program Files\Logitech\SetPoint\SetPoint.exe
H:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
H:\Program Files\Xfire\xfire.exe
H:\Program Files\ATI Technologies\ATI.ACE\cli.exe
H:\Program Files\ATI Technologies\ATI.ACE\cli.exe
H:\Program Files\Internet Explorer\iexplore.exe
H:\WINDOWS\explorer.exe
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\program files\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - H:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [ATICCC] "H:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "H:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "H:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "H:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [ccApp] "H:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "H:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [000000af] rundll32.exe "H:\WINDOWS\system32\jxnltsmy.dll",b
O4 - HKLM\..\Run: [3188344d] rundll32.exe "H:\WINDOWS\system32\jxnltsmy.dll",b
O4 - HKLM\..\Run: [BM0b1035fd] Rundll32.exe "H:\WINDOWS\system32\rawniasf.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Xfire.lnk = H:\Program Files\Xfire\xfire.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Xfire.lnk = H:\Program Files\Xfire\xfire.exe (User 'Default user')
O4 - Startup: Xfire.lnk = H:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = H:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = H:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Service Manager.lnk = H:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://H:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: CADE - {605E5D27-BFA0-471F-87ED-98A2623D633C} - H:\Program Files\CADE\Web\new.htm
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Plánovač automatické aktualizace LiveUpdate (Automatic LiveUpdate Scheduler) - Symantec Corporation - H:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - H:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - H:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - H:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - h:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - H:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - H:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec Core LC - Unknown owner - H:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
--
End of file - 8016 bytes
Neodstraneny trojan
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Re: Neodstraneny trojan
Vítej na fóru.
Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
It may take a while to get a response, because the "HJT Team" are very busy. Please, be patient, these people are volunteers. They will help you out, as soon as possible.
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Re: Neodstraneny trojan
ComboFix 08-04-04.1 - Tom 2008-04-06 10:49:37.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.1486 [GMT 2:00]
Running from: H:\Documents and Settings\Tom\Plocha\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
H:\WINDOWS\BM0b1035fd.xml
H:\WINDOWS\pskt.ini
H:\WINDOWS\system32\jjloorqr.ini
H:\WINDOWS\system32\jjloorqr.ini2
H:\WINDOWS\system32\jxnltsmy.dll
H:\WINDOWS\system32\rawniasf.dll
H:\WINDOWS\system32\rlhpnxgt.dll
H:\WINDOWS\system32\rqrooljj.dll
H:\WINDOWS\system32\vtuvwwus.dll
H:\WINDOWS\system32\ymstlnxj.ini
.
---- Previous Run -------
.
H:\WINDOWS\pskt.ini
.
((((((((((((((((((((((((( Files Created from 2008-03-06 to 2008-04-06 )))))))))))))))))))))))))))))))
.
2008-04-06 08:54 . 2008-04-06 08:54 <DIR> d-------- H:\Program Files\Trend Micro
2008-04-05 13:07 . 2008-04-06 07:59 594 ---hs---- H:\WINDOWS\system32\uckpmymi.ini
2008-03-22 00:14 . 2008-03-22 00:14 41,296 --a------ H:\WINDOWS\system32\xfcodec.dll
2008-03-16 21:15 . 2008-03-16 21:15 <DIR> d-------- H:\Program Files\Windows Sidebar
2008-03-16 21:15 . 2008-03-17 08:57 <DIR> d-------- H:\Program Files\Norton Internet Security
2008-03-16 21:13 . 2008-03-17 08:53 <DIR> d-------- H:\Program Files\Symantec
2008-03-16 21:13 . 2008-03-17 08:53 123,952 --a------ H:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-03-16 21:13 . 2008-03-17 08:53 60,800 --a------ H:\WINDOWS\system32\S32EVNT1.DLL
2008-03-16 21:13 . 2008-03-17 08:53 10,740 --a------ H:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-03-16 21:13 . 2008-03-17 08:53 805 --a------ H:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-03-16 09:50 . 2007-11-15 11:06 301,656 --a------ H:\WINDOWS\system32\BtCoreIf.dll
2008-03-16 09:49 . 2008-03-16 09:50 <DIR> d-------- H:\Program Files\Common Files\Logishrd
2008-03-14 17:34 . 2008-04-06 11:05 <DIR> d-------- H:\Program Files\Common Files\Symantec Shared
2008-03-09 21:06 . 2008-03-09 21:06 34,064 --a------ H:\WINDOWS\system32\lhacm.acm
2008-03-09 21:05 . 2008-03-09 21:06 <DIR> d-------- H:\Program Files\Teamspeak2_RC2
2008-03-07 15:37 . 2008-03-07 15:37 <DIR> d-------- H:\Program Files\VariCAD
2008-03-07 14:50 . 2008-03-07 14:50 <DIR> d-------- H:\Program Files\CADE
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-05 11:08 --------- d--h--w H:\Program Files\InstallShield Installation Information
2008-04-04 13:16 --------- d-----w H:\Program Files\Xfire
2008-03-28 21:59 --------- d-----w H:\Program Files\Azureus
2008-03-25 05:53 --------- d-----w H:\Program Files\profibanka
2008-03-16 07:50 --------- d-----w H:\Program Files\Common Files\Logitech
2008-03-06 20:32 706 ----a-w H:\WINDOWS\system32\drivers\COH_Mon.inf
2008-03-06 20:32 23,904 ----a-w H:\WINDOWS\system32\drivers\COH_Mon.sys
2008-03-06 20:32 10,537 ----a-w H:\WINDOWS\system32\drivers\coh_mon.cat
2008-02-25 08:42 --------- d-----w H:\Program Files\WC3Banlist
2008-02-24 19:40 --------- d-----w H:\Program Files\WinPcap
2008-02-21 18:12 --------- d-----w H:\Program Files\QIP
2008-02-18 09:05 --------- d-----w H:\Program Files\Program Volo Wiev Expres
2008-01-25 13:56 139,264 ----a-w H:\WINDOWS\War3Unin.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-24 21:51 316784 --a------ H:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-03-16 21:37 116088 --a------ H:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= "H:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll" [2007-08-24 21:51 316784]
[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= H:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 21:51 316784]
[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="H:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
"swg"="H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-11 13:13 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="H:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 10:12 90112]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-20 16:38 16384512 H:\WINDOWS\RTHDCPL.exe]
"NeroFilterCheck"="H:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 04:10 55824 H:\WINDOWS\KHALMNPR.Exe]
"LogitechCommunicationsManager"="H:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 10:46 497200]
"LogitechQuickCamRibbon"="H:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2006-06-26 11:34 614960]
"LVCOMSX"="H:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-06-26 11:33 243248]
"ccApp"="H:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-14 12:01 51048]
"osCheck"="H:\Program Files\Norton Internet Security\osCheck.exe" [2007-08-24 22:53 714608]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="H:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
h:\program files\common files\logitech\bluetooth\LBTWlgn.dll 2007-11-15 11:10 72208 h:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtuvwwus]
vtuvwwus.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= lvcodec2.dll
"MSVideo"= vfwwdm32.dll
"MSVideo8"= VfWWDM32.dll
"VIDC.XFR1"= xfcodec.dll
"SENTINEL"= snti386.dll
"msacm.lhacm"= lhacm.acm
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"H:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"H:\\Program Files\\Xfire\\xfire.exe"=
"H:\\Hry\\Call of Duty 2\\CoD2MP_s.exe"=
"H:\\Hry\\Blitzkrieg\\Run\\game.exe"=
"H:\\Program Files\\QIP\\qip.exe"=
"H:\\Program Files\\Azureus\\Azureus.exe"=
"H:\\Hry\\Warcraft III\\Frozen Throne.exe"=
"H:\\Hry\\Warcraft III\\war3.exe"=
"H:\\Hry\\Stronghold Crusader\\Stronghold Crusader.exe"=
R2 LiveUpdate Notice;LiveUpdate Notice;"H:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R2 MSSQL$PROFIBANKA;MSSQL$PROFIBANKA;H:\Program Files\profibanka\System\BinnMSSQL$PROFIBANKA\Binn\sqlservr.exe [2002-12-17 18:26]
R3 GTwinUSB;GTwinUSB;H:\WINDOWS\system32\Drivers\GTwinUSB.sys [2004-06-28 12:06]
R3 PSched;Plánovač paketů technologie QoS;H:\WINDOWS\system32\DRIVERS\psched.sys [2006-03-02 14:00]
R3 SymIMMP;SymIMMP;H:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 18:27]
S3 COH_Mon;COH_Mon;H:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 22:32]
S3 NAL;Nal Service ;H:\WINDOWS\system32\Drivers\iqvw32.sys [2007-03-09 18:04]
S3 SMCWGU(SMC);SMCWUSB-G 802.11g Wireless USB 2.0 Adapter(SMC);H:\WINDOWS\system32\DRIVERS\SMCWGU.sys []
S3 SQLAgent$PROFIBANKA;SQLAgent$PROFIBANKA;H:\Program Files\profibanka\System\BinnMSSQL$PROFIBANKA\Binn\sqlagent.EXE [2002-12-17 18:23]
S3 SymIM;Symantec Network Security Intermediate Filter Service;H:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 18:27]
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-03-31 18:31:09 H:\WINDOWS\Tasks\Norton Internet Security - Prověřit tento počítač - Tom.job"
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.1486 [GMT 2:00]
Running from: H:\Documents and Settings\Tom\Plocha\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
H:\WINDOWS\BM0b1035fd.xml
H:\WINDOWS\pskt.ini
H:\WINDOWS\system32\jjloorqr.ini
H:\WINDOWS\system32\jjloorqr.ini2
H:\WINDOWS\system32\jxnltsmy.dll
H:\WINDOWS\system32\rawniasf.dll
H:\WINDOWS\system32\rlhpnxgt.dll
H:\WINDOWS\system32\rqrooljj.dll
H:\WINDOWS\system32\vtuvwwus.dll
H:\WINDOWS\system32\ymstlnxj.ini
.
---- Previous Run -------
.
H:\WINDOWS\pskt.ini
.
((((((((((((((((((((((((( Files Created from 2008-03-06 to 2008-04-06 )))))))))))))))))))))))))))))))
.
2008-04-06 08:54 . 2008-04-06 08:54 <DIR> d-------- H:\Program Files\Trend Micro
2008-04-05 13:07 . 2008-04-06 07:59 594 ---hs---- H:\WINDOWS\system32\uckpmymi.ini
2008-03-22 00:14 . 2008-03-22 00:14 41,296 --a------ H:\WINDOWS\system32\xfcodec.dll
2008-03-16 21:15 . 2008-03-16 21:15 <DIR> d-------- H:\Program Files\Windows Sidebar
2008-03-16 21:15 . 2008-03-17 08:57 <DIR> d-------- H:\Program Files\Norton Internet Security
2008-03-16 21:13 . 2008-03-17 08:53 <DIR> d-------- H:\Program Files\Symantec
2008-03-16 21:13 . 2008-03-17 08:53 123,952 --a------ H:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-03-16 21:13 . 2008-03-17 08:53 60,800 --a------ H:\WINDOWS\system32\S32EVNT1.DLL
2008-03-16 21:13 . 2008-03-17 08:53 10,740 --a------ H:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-03-16 21:13 . 2008-03-17 08:53 805 --a------ H:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-03-16 09:50 . 2007-11-15 11:06 301,656 --a------ H:\WINDOWS\system32\BtCoreIf.dll
2008-03-16 09:49 . 2008-03-16 09:50 <DIR> d-------- H:\Program Files\Common Files\Logishrd
2008-03-14 17:34 . 2008-04-06 11:05 <DIR> d-------- H:\Program Files\Common Files\Symantec Shared
2008-03-09 21:06 . 2008-03-09 21:06 34,064 --a------ H:\WINDOWS\system32\lhacm.acm
2008-03-09 21:05 . 2008-03-09 21:06 <DIR> d-------- H:\Program Files\Teamspeak2_RC2
2008-03-07 15:37 . 2008-03-07 15:37 <DIR> d-------- H:\Program Files\VariCAD
2008-03-07 14:50 . 2008-03-07 14:50 <DIR> d-------- H:\Program Files\CADE
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-05 11:08 --------- d--h--w H:\Program Files\InstallShield Installation Information
2008-04-04 13:16 --------- d-----w H:\Program Files\Xfire
2008-03-28 21:59 --------- d-----w H:\Program Files\Azureus
2008-03-25 05:53 --------- d-----w H:\Program Files\profibanka
2008-03-16 07:50 --------- d-----w H:\Program Files\Common Files\Logitech
2008-03-06 20:32 706 ----a-w H:\WINDOWS\system32\drivers\COH_Mon.inf
2008-03-06 20:32 23,904 ----a-w H:\WINDOWS\system32\drivers\COH_Mon.sys
2008-03-06 20:32 10,537 ----a-w H:\WINDOWS\system32\drivers\coh_mon.cat
2008-02-25 08:42 --------- d-----w H:\Program Files\WC3Banlist
2008-02-24 19:40 --------- d-----w H:\Program Files\WinPcap
2008-02-21 18:12 --------- d-----w H:\Program Files\QIP
2008-02-18 09:05 --------- d-----w H:\Program Files\Program Volo Wiev Expres
2008-01-25 13:56 139,264 ----a-w H:\WINDOWS\War3Unin.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-24 21:51 316784 --a------ H:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-03-16 21:37 116088 --a------ H:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= "H:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll" [2007-08-24 21:51 316784]
[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= H:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 21:51 316784]
[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="H:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
"swg"="H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-11 13:13 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="H:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 10:12 90112]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-20 16:38 16384512 H:\WINDOWS\RTHDCPL.exe]
"NeroFilterCheck"="H:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 04:10 55824 H:\WINDOWS\KHALMNPR.Exe]
"LogitechCommunicationsManager"="H:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 10:46 497200]
"LogitechQuickCamRibbon"="H:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2006-06-26 11:34 614960]
"LVCOMSX"="H:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-06-26 11:33 243248]
"ccApp"="H:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-14 12:01 51048]
"osCheck"="H:\Program Files\Norton Internet Security\osCheck.exe" [2007-08-24 22:53 714608]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="H:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
h:\program files\common files\logitech\bluetooth\LBTWlgn.dll 2007-11-15 11:10 72208 h:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtuvwwus]
vtuvwwus.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= lvcodec2.dll
"MSVideo"= vfwwdm32.dll
"MSVideo8"= VfWWDM32.dll
"VIDC.XFR1"= xfcodec.dll
"SENTINEL"= snti386.dll
"msacm.lhacm"= lhacm.acm
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"H:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"H:\\Program Files\\Xfire\\xfire.exe"=
"H:\\Hry\\Call of Duty 2\\CoD2MP_s.exe"=
"H:\\Hry\\Blitzkrieg\\Run\\game.exe"=
"H:\\Program Files\\QIP\\qip.exe"=
"H:\\Program Files\\Azureus\\Azureus.exe"=
"H:\\Hry\\Warcraft III\\Frozen Throne.exe"=
"H:\\Hry\\Warcraft III\\war3.exe"=
"H:\\Hry\\Stronghold Crusader\\Stronghold Crusader.exe"=
R2 LiveUpdate Notice;LiveUpdate Notice;"H:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R2 MSSQL$PROFIBANKA;MSSQL$PROFIBANKA;H:\Program Files\profibanka\System\BinnMSSQL$PROFIBANKA\Binn\sqlservr.exe [2002-12-17 18:26]
R3 GTwinUSB;GTwinUSB;H:\WINDOWS\system32\Drivers\GTwinUSB.sys [2004-06-28 12:06]
R3 PSched;Plánovač paketů technologie QoS;H:\WINDOWS\system32\DRIVERS\psched.sys [2006-03-02 14:00]
R3 SymIMMP;SymIMMP;H:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 18:27]
S3 COH_Mon;COH_Mon;H:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 22:32]
S3 NAL;Nal Service ;H:\WINDOWS\system32\Drivers\iqvw32.sys [2007-03-09 18:04]
S3 SMCWGU(SMC);SMCWUSB-G 802.11g Wireless USB 2.0 Adapter(SMC);H:\WINDOWS\system32\DRIVERS\SMCWGU.sys []
S3 SQLAgent$PROFIBANKA;SQLAgent$PROFIBANKA;H:\Program Files\profibanka\System\BinnMSSQL$PROFIBANKA\Binn\sqlagent.EXE [2002-12-17 18:23]
S3 SymIM;Symantec Network Security Intermediate Filter Service;H:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 18:27]
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-03-31 18:31:09 H:\WINDOWS\Tasks\Norton Internet Security - Prověřit tento počítač - Tom.job"
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Re: Neodstraneny trojan
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
File::
H:\WINDOWS\system32\uckpmymi.ini
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtuvwwus]Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT.
It may take a while to get a response, because the "HJT Team" are very busy. Please, be patient, these people are volunteers. They will help you out, as soon as possible.
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Re: Neodstraneny trojan
takze tady je combofix: ComboFix 08-04-04.1 - Tom 2008-04-06 14:17:43.7 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.1489 [GMT 2:00]
Running from: H:\Documents and Settings\Tom\Plocha\ComboFix.exe
Command switches used :: H:\Documents and Settings\Tom\Plocha\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
H:\WINDOWS\system32\uckpmymi.ini
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
H:\WINDOWS\BM0b1035fd.xml
H:\WINDOWS\pskt.ini
H:\WINDOWS\system32\jjloorqr.ini
H:\WINDOWS\system32\jjloorqr.ini2
H:\WINDOWS\system32\jxnltsmy.dll
H:\WINDOWS\system32\rawniasf.dll
H:\WINDOWS\system32\rlhpnxgt.dll
H:\WINDOWS\system32\rqrooljj.dll
H:\WINDOWS\system32\uckpmymi.ini
H:\WINDOWS\system32\vtuvwwus.dll
H:\WINDOWS\system32\ymstlnxj.ini
.
((((((((((((((((((((((((( Files Created from 2008-03-06 to 2008-04-06 )))))))))))))))))))))))))))))))
.
2008-04-06 08:54 . 2008-04-06 08:54 <DIR> d-------- H:\Program Files\Trend Micro
2008-03-24 09:21 . 2008-03-24 09:21 <DIR> d-------- H:\Documents and Settings\Mamka\Data aplikací\Symantec
2008-03-22 00:14 . 2008-03-22 00:14 41,296 --a------ H:\WINDOWS\system32\xfcodec.dll
2008-03-17 08:51 . 2008-03-17 08:51 <DIR> d-------- H:\Documents and Settings\Jarda\Data aplikací\Symantec
2008-03-16 21:15 . 2008-03-16 21:15 <DIR> d-------- H:\Program Files\Windows Sidebar
2008-03-16 21:15 . 2008-03-17 08:57 <DIR> d-------- H:\Program Files\Norton Internet Security
2008-03-16 21:13 . 2008-03-17 08:53 <DIR> d-------- H:\Program Files\Symantec
2008-03-16 21:13 . 2008-03-17 08:53 123,952 --a------ H:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-03-16 21:13 . 2008-03-17 08:53 60,800 --a------ H:\WINDOWS\system32\S32EVNT1.DLL
2008-03-16 21:13 . 2008-03-17 08:53 10,740 --a------ H:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-03-16 21:13 . 2008-03-17 08:53 805 --a------ H:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-03-16 09:52 . 2008-03-16 09:52 <DIR> d-------- H:\Documents and Settings\All Users\Data aplikací\LogiShrd
2008-03-16 09:50 . 2007-11-15 11:06 301,656 --a------ H:\WINDOWS\system32\BtCoreIf.dll
2008-03-16 09:49 . 2008-03-16 09:50 <DIR> d-------- H:\Program Files\Common Files\Logishrd
2008-03-16 09:49 . 2008-03-16 09:49 <DIR> d-------- H:\Documents and Settings\Tom\Data aplikací\InstallShield
2008-03-14 17:37 . 2008-04-06 08:22 <DIR> d-------- H:\Documents and Settings\All Users\Data aplikací\Symantec
2008-03-14 17:34 . 2008-04-06 11:05 <DIR> d-------- H:\Program Files\Common Files\Symantec Shared
2008-03-14 17:28 . 2008-03-16 21:21 <DIR> d-------- H:\Documents and Settings\Tom\Data aplikací\Symantec
2008-03-09 21:06 . 2008-03-09 21:06 <DIR> d-------- H:\Documents and Settings\Tom\Data aplikací\teamspeak2
2008-03-09 21:06 . 2008-03-09 21:06 34,064 --a------ H:\WINDOWS\system32\lhacm.acm
2008-03-09 21:05 . 2008-03-09 21:06 <DIR> d-------- H:\Program Files\Teamspeak2_RC2
2008-03-07 15:37 . 2008-03-07 15:37 <DIR> d-------- H:\Program Files\VariCAD
2008-03-07 15:37 . 2008-03-07 15:37 <DIR> d-------- H:\Documents and Settings\Jarda\Data aplikací\VariCAD
2008-03-07 14:50 . 2008-03-07 14:50 <DIR> d-------- H:\Program Files\CADE
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-06 12:16 --------- d-----w H:\Documents and Settings\Tom\Data aplikací\Xfire
2008-04-05 11:08 --------- d--h--w H:\Program Files\InstallShield Installation Information
2008-04-04 13:16 --------- d-----w H:\Program Files\Xfire
2008-03-29 09:44 --------- d-----w H:\Documents and Settings\Tom\Data aplikací\Azureus
2008-03-28 21:59 --------- d-----w H:\Program Files\Azureus
2008-03-28 05:31 --------- d-----w H:\Documents and Settings\Jarda\Data aplikací\Canon
2008-03-25 05:53 --------- d-----w H:\Program Files\profibanka
2008-03-24 18:18 --------- d-----w H:\Documents and Settings\Tom\Data aplikací\Ventrilo
2008-03-16 07:50 --------- d-----w H:\Program Files\Common Files\Logitech
2008-03-14 16:14 --------- d-----w H:\Documents and Settings\All Users\Data aplikací\Skype
2008-03-14 15:47 --------- d-----w H:\Documents and Settings\Tom\Data aplikací\skypePM
2008-03-06 20:32 706 ----a-w H:\WINDOWS\system32\drivers\COH_Mon.inf
2008-03-06 20:32 23,904 ----a-w H:\WINDOWS\system32\drivers\COH_Mon.sys
2008-03-06 20:32 10,537 ----a-w H:\WINDOWS\system32\drivers\coh_mon.cat
2008-02-25 08:42 --------- d-----w H:\Program Files\WC3Banlist
2008-02-24 19:40 --------- d-----w H:\Program Files\WinPcap
2008-02-21 18:12 --------- d-----w H:\Program Files\QIP
2008-02-18 09:05 --------- d-----w H:\Program Files\Program Volo Wiev Expres
2008-01-27 13:24 32 ----a-w H:\Documents and Settings\All Users\Data aplikací\ezsid.dat
2008-01-25 13:56 139,264 ----a-w H:\WINDOWS\War3Unin.exe
.
((((((((((((((((((((((((((((( snapshot@2008-04-06_11.12.57.68 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-06 12:15:52 16,384 ----atw H:\WINDOWS\Temp\Perflib_Perfdata_664.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-24 21:51 316784 --a------ H:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-03-16 21:37 116088 --a------ H:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= "H:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll" [2007-08-24 21:51 316784]
[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= H:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 21:51 316784]
[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="H:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
"swg"="H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-11 13:13 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="H:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 10:12 90112]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-20 16:38 16384512 H:\WINDOWS\RTHDCPL.exe]
"NeroFilterCheck"="H:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 04:10 55824 H:\WINDOWS\KHALMNPR.Exe]
"LogitechCommunicationsManager"="H:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 10:46 497200]
"LogitechQuickCamRibbon"="H:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2006-06-26 11:34 614960]
"LVCOMSX"="H:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-06-26 11:33 243248]
"ccApp"="H:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-14 12:01 51048]
"osCheck"="H:\Program Files\Norton Internet Security\osCheck.exe" [2007-08-24 22:53 714608]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="H:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]
H:\Documents and Settings\Tom\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Xfire.lnk - H:\Program Files\Xfire\xfire.exe [2008-03-22 00:14:10 2979664]
H:\Documents and Settings\Tom\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Xfire.lnk - H:\Program Files\Xfire\xfire.exe [2008-03-22 00:14:10 2979664]
H:\Documents and Settings\Tom\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Xfire.lnk - H:\Program Files\Xfire\xfire.exe [2008-03-22 00:14:10 2979664]
H:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Logitech Desktop Messenger.lnk - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-12-12 17:44:49 67128]
Logitech SetPoint.lnk - H:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-03-16 09:50:26 784912]
Service Manager.lnk - H:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 18:23:32 74308]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
h:\program files\common files\logitech\bluetooth\LBTWlgn.dll 2007-11-15 11:10 72208 h:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= lvcodec2.dll
"MSVideo"= vfwwdm32.dll
"MSVideo8"= VfWWDM32.dll
"VIDC.XFR1"= xfcodec.dll
"SENTINEL"= snti386.dll
"msacm.lhacm"= lhacm.acm
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"H:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"H:\\Program Files\\Xfire\\xfire.exe"=
"H:\\Hry\\Call of Duty 2\\CoD2MP_s.exe"=
"H:\\Hry\\Blitzkrieg\\Run\\game.exe"=
"H:\\Program Files\\QIP\\qip.exe"=
"H:\\Program Files\\Azureus\\Azureus.exe"=
"H:\\Hry\\Warcraft III\\Frozen Throne.exe"=
"H:\\Hry\\Warcraft III\\war3.exe"=
"H:\\Hry\\Stronghold Crusader\\Stronghold Crusader.exe"=
R2 LiveUpdate Notice;LiveUpdate Notice;"H:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R2 MSSQL$PROFIBANKA;MSSQL$PROFIBANKA;H:\Program Files\profibanka\System\BinnMSSQL$PROFIBANKA\Binn\sqlservr.exe [2002-12-17 18:26]
R3 GTwinUSB;GTwinUSB;H:\WINDOWS\system32\Drivers\GTwinUSB.sys [2004-06-28 12:06]
R3 PSched;Plánovač paketů technologie QoS;H:\WINDOWS\system32\DRIVERS\psched.sys [2006-03-02 14:00]
R3 SymIMMP;SymIMMP;H:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 18:27]
S3 COH_Mon;COH_Mon;H:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 22:32]
S3 NAL;Nal Service ;H:\WINDOWS\system32\Drivers\iqvw32.sys [2007-03-09 18:04]
S3 SMCWGU(SMC);SMCWUSB-G 802.11g Wireless USB 2.0 Adapter(SMC);H:\WINDOWS\system32\DRIVERS\SMCWGU.sys []
S3 SQLAgent$PROFIBANKA;SQLAgent$PROFIBANKA;H:\Program Files\profibanka\System\BinnMSSQL$PROFIBANKA\Binn\sqlagent.EXE [2002-12-17 18:23]
S3 SymIM;Symantec Network Security Intermediate Filter Service;H:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 18:27]
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-03-31 18:31:09 H:\WINDOWS\Tasks\Norton Internet Security - Prověřit tento počítač - Tom.job"
- H:\Program Files\Norton Internet Security\Aplikace Norton AntiVirus\Navw32.exee/TASK:
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-06 14:26:13
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-04-06 14:29:51
ComboFix-quarantined-files.txt 2008-04-06 12:29:32
Adresářů: 10, Volných bajtů: 207,415,541,760
Adresářů: 14, Volných bajtů: 207,405,010,944
.
2008-03-12 06:02:07 --- E O F ---
A zde HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:33:56, on 6.4.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\brsvc01a.exe
H:\WINDOWS\system32\brss01a.exe
H:\WINDOWS\system32\spoolsv.exe
h:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
H:\WINDOWS\RTHDCPL.EXE
H:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
H:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
H:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
H:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
H:\Program Files\Logitech\SetPoint\SetPoint.exe
H:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
H:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
H:\Program Files\profibanka\System\BinnMSSQL$PROFIBANKA\Binn\sqlservr.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\ATI Technologies\ATI.ACE\cli.exe
H:\Program Files\ATI Technologies\ATI.ACE\cli.exe
H:\Program Files\internet explorer\iexplore.exe
H:\WINDOWS\system32\wuauclt.exe
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - H:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - H:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - h:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\program files\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - H:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [ATICCC] "H:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "H:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "H:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "H:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [ccApp] "H:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "H:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = H:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = H:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = H:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Service Manager.lnk = H:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://H:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: CADE - {605E5D27-BFA0-471F-87ED-98A2623D633C} - H:\Program Files\CADE\Web\new.htm
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Plánovač automatické aktualizace LiveUpdate (Automatic LiveUpdate Scheduler) - Symantec Corporation - H:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - H:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - H:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - H:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - h:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - H:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - H:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec Core LC - Unknown owner - H:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
--
End of file - 7995 bytes
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.1489 [GMT 2:00]
Running from: H:\Documents and Settings\Tom\Plocha\ComboFix.exe
Command switches used :: H:\Documents and Settings\Tom\Plocha\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
H:\WINDOWS\system32\uckpmymi.ini
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
H:\WINDOWS\BM0b1035fd.xml
H:\WINDOWS\pskt.ini
H:\WINDOWS\system32\jjloorqr.ini
H:\WINDOWS\system32\jjloorqr.ini2
H:\WINDOWS\system32\jxnltsmy.dll
H:\WINDOWS\system32\rawniasf.dll
H:\WINDOWS\system32\rlhpnxgt.dll
H:\WINDOWS\system32\rqrooljj.dll
H:\WINDOWS\system32\uckpmymi.ini
H:\WINDOWS\system32\vtuvwwus.dll
H:\WINDOWS\system32\ymstlnxj.ini
.
((((((((((((((((((((((((( Files Created from 2008-03-06 to 2008-04-06 )))))))))))))))))))))))))))))))
.
2008-04-06 08:54 . 2008-04-06 08:54 <DIR> d-------- H:\Program Files\Trend Micro
2008-03-24 09:21 . 2008-03-24 09:21 <DIR> d-------- H:\Documents and Settings\Mamka\Data aplikací\Symantec
2008-03-22 00:14 . 2008-03-22 00:14 41,296 --a------ H:\WINDOWS\system32\xfcodec.dll
2008-03-17 08:51 . 2008-03-17 08:51 <DIR> d-------- H:\Documents and Settings\Jarda\Data aplikací\Symantec
2008-03-16 21:15 . 2008-03-16 21:15 <DIR> d-------- H:\Program Files\Windows Sidebar
2008-03-16 21:15 . 2008-03-17 08:57 <DIR> d-------- H:\Program Files\Norton Internet Security
2008-03-16 21:13 . 2008-03-17 08:53 <DIR> d-------- H:\Program Files\Symantec
2008-03-16 21:13 . 2008-03-17 08:53 123,952 --a------ H:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-03-16 21:13 . 2008-03-17 08:53 60,800 --a------ H:\WINDOWS\system32\S32EVNT1.DLL
2008-03-16 21:13 . 2008-03-17 08:53 10,740 --a------ H:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-03-16 21:13 . 2008-03-17 08:53 805 --a------ H:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-03-16 09:52 . 2008-03-16 09:52 <DIR> d-------- H:\Documents and Settings\All Users\Data aplikací\LogiShrd
2008-03-16 09:50 . 2007-11-15 11:06 301,656 --a------ H:\WINDOWS\system32\BtCoreIf.dll
2008-03-16 09:49 . 2008-03-16 09:50 <DIR> d-------- H:\Program Files\Common Files\Logishrd
2008-03-16 09:49 . 2008-03-16 09:49 <DIR> d-------- H:\Documents and Settings\Tom\Data aplikací\InstallShield
2008-03-14 17:37 . 2008-04-06 08:22 <DIR> d-------- H:\Documents and Settings\All Users\Data aplikací\Symantec
2008-03-14 17:34 . 2008-04-06 11:05 <DIR> d-------- H:\Program Files\Common Files\Symantec Shared
2008-03-14 17:28 . 2008-03-16 21:21 <DIR> d-------- H:\Documents and Settings\Tom\Data aplikací\Symantec
2008-03-09 21:06 . 2008-03-09 21:06 <DIR> d-------- H:\Documents and Settings\Tom\Data aplikací\teamspeak2
2008-03-09 21:06 . 2008-03-09 21:06 34,064 --a------ H:\WINDOWS\system32\lhacm.acm
2008-03-09 21:05 . 2008-03-09 21:06 <DIR> d-------- H:\Program Files\Teamspeak2_RC2
2008-03-07 15:37 . 2008-03-07 15:37 <DIR> d-------- H:\Program Files\VariCAD
2008-03-07 15:37 . 2008-03-07 15:37 <DIR> d-------- H:\Documents and Settings\Jarda\Data aplikací\VariCAD
2008-03-07 14:50 . 2008-03-07 14:50 <DIR> d-------- H:\Program Files\CADE
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-06 12:16 --------- d-----w H:\Documents and Settings\Tom\Data aplikací\Xfire
2008-04-05 11:08 --------- d--h--w H:\Program Files\InstallShield Installation Information
2008-04-04 13:16 --------- d-----w H:\Program Files\Xfire
2008-03-29 09:44 --------- d-----w H:\Documents and Settings\Tom\Data aplikací\Azureus
2008-03-28 21:59 --------- d-----w H:\Program Files\Azureus
2008-03-28 05:31 --------- d-----w H:\Documents and Settings\Jarda\Data aplikací\Canon
2008-03-25 05:53 --------- d-----w H:\Program Files\profibanka
2008-03-24 18:18 --------- d-----w H:\Documents and Settings\Tom\Data aplikací\Ventrilo
2008-03-16 07:50 --------- d-----w H:\Program Files\Common Files\Logitech
2008-03-14 16:14 --------- d-----w H:\Documents and Settings\All Users\Data aplikací\Skype
2008-03-14 15:47 --------- d-----w H:\Documents and Settings\Tom\Data aplikací\skypePM
2008-03-06 20:32 706 ----a-w H:\WINDOWS\system32\drivers\COH_Mon.inf
2008-03-06 20:32 23,904 ----a-w H:\WINDOWS\system32\drivers\COH_Mon.sys
2008-03-06 20:32 10,537 ----a-w H:\WINDOWS\system32\drivers\coh_mon.cat
2008-02-25 08:42 --------- d-----w H:\Program Files\WC3Banlist
2008-02-24 19:40 --------- d-----w H:\Program Files\WinPcap
2008-02-21 18:12 --------- d-----w H:\Program Files\QIP
2008-02-18 09:05 --------- d-----w H:\Program Files\Program Volo Wiev Expres
2008-01-27 13:24 32 ----a-w H:\Documents and Settings\All Users\Data aplikací\ezsid.dat
2008-01-25 13:56 139,264 ----a-w H:\WINDOWS\War3Unin.exe
.
((((((((((((((((((((((((((((( snapshot@2008-04-06_11.12.57.68 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-06 12:15:52 16,384 ----atw H:\WINDOWS\Temp\Perflib_Perfdata_664.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-24 21:51 316784 --a------ H:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-03-16 21:37 116088 --a------ H:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= "H:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll" [2007-08-24 21:51 316784]
[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= H:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 21:51 316784]
[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="H:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
"swg"="H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-11 13:13 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="H:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 10:12 90112]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-20 16:38 16384512 H:\WINDOWS\RTHDCPL.exe]
"NeroFilterCheck"="H:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 04:10 55824 H:\WINDOWS\KHALMNPR.Exe]
"LogitechCommunicationsManager"="H:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 10:46 497200]
"LogitechQuickCamRibbon"="H:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2006-06-26 11:34 614960]
"LVCOMSX"="H:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-06-26 11:33 243248]
"ccApp"="H:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-14 12:01 51048]
"osCheck"="H:\Program Files\Norton Internet Security\osCheck.exe" [2007-08-24 22:53 714608]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="H:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]
H:\Documents and Settings\Tom\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Xfire.lnk - H:\Program Files\Xfire\xfire.exe [2008-03-22 00:14:10 2979664]
H:\Documents and Settings\Tom\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Xfire.lnk - H:\Program Files\Xfire\xfire.exe [2008-03-22 00:14:10 2979664]
H:\Documents and Settings\Tom\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Xfire.lnk - H:\Program Files\Xfire\xfire.exe [2008-03-22 00:14:10 2979664]
H:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Logitech Desktop Messenger.lnk - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-12-12 17:44:49 67128]
Logitech SetPoint.lnk - H:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-03-16 09:50:26 784912]
Service Manager.lnk - H:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 18:23:32 74308]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
h:\program files\common files\logitech\bluetooth\LBTWlgn.dll 2007-11-15 11:10 72208 h:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= lvcodec2.dll
"MSVideo"= vfwwdm32.dll
"MSVideo8"= VfWWDM32.dll
"VIDC.XFR1"= xfcodec.dll
"SENTINEL"= snti386.dll
"msacm.lhacm"= lhacm.acm
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"H:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"H:\\Program Files\\Xfire\\xfire.exe"=
"H:\\Hry\\Call of Duty 2\\CoD2MP_s.exe"=
"H:\\Hry\\Blitzkrieg\\Run\\game.exe"=
"H:\\Program Files\\QIP\\qip.exe"=
"H:\\Program Files\\Azureus\\Azureus.exe"=
"H:\\Hry\\Warcraft III\\Frozen Throne.exe"=
"H:\\Hry\\Warcraft III\\war3.exe"=
"H:\\Hry\\Stronghold Crusader\\Stronghold Crusader.exe"=
R2 LiveUpdate Notice;LiveUpdate Notice;"H:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R2 MSSQL$PROFIBANKA;MSSQL$PROFIBANKA;H:\Program Files\profibanka\System\BinnMSSQL$PROFIBANKA\Binn\sqlservr.exe [2002-12-17 18:26]
R3 GTwinUSB;GTwinUSB;H:\WINDOWS\system32\Drivers\GTwinUSB.sys [2004-06-28 12:06]
R3 PSched;Plánovač paketů technologie QoS;H:\WINDOWS\system32\DRIVERS\psched.sys [2006-03-02 14:00]
R3 SymIMMP;SymIMMP;H:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 18:27]
S3 COH_Mon;COH_Mon;H:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 22:32]
S3 NAL;Nal Service ;H:\WINDOWS\system32\Drivers\iqvw32.sys [2007-03-09 18:04]
S3 SMCWGU(SMC);SMCWUSB-G 802.11g Wireless USB 2.0 Adapter(SMC);H:\WINDOWS\system32\DRIVERS\SMCWGU.sys []
S3 SQLAgent$PROFIBANKA;SQLAgent$PROFIBANKA;H:\Program Files\profibanka\System\BinnMSSQL$PROFIBANKA\Binn\sqlagent.EXE [2002-12-17 18:23]
S3 SymIM;Symantec Network Security Intermediate Filter Service;H:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 18:27]
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-03-31 18:31:09 H:\WINDOWS\Tasks\Norton Internet Security - Prověřit tento počítač - Tom.job"
- H:\Program Files\Norton Internet Security\Aplikace Norton AntiVirus\Navw32.exee/TASK:
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-06 14:26:13
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-04-06 14:29:51
ComboFix-quarantined-files.txt 2008-04-06 12:29:32
Adresářů: 10, Volných bajtů: 207,415,541,760
Adresářů: 14, Volných bajtů: 207,405,010,944
.
2008-03-12 06:02:07 --- E O F ---
A zde HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:33:56, on 6.4.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\brsvc01a.exe
H:\WINDOWS\system32\brss01a.exe
H:\WINDOWS\system32\spoolsv.exe
h:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
H:\WINDOWS\RTHDCPL.EXE
H:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
H:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
H:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
H:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
H:\Program Files\Logitech\SetPoint\SetPoint.exe
H:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
H:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
H:\Program Files\profibanka\System\BinnMSSQL$PROFIBANKA\Binn\sqlservr.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\ATI Technologies\ATI.ACE\cli.exe
H:\Program Files\ATI Technologies\ATI.ACE\cli.exe
H:\Program Files\internet explorer\iexplore.exe
H:\WINDOWS\system32\wuauclt.exe
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - H:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - H:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - h:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\program files\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - H:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [ATICCC] "H:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "H:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "H:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "H:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [ccApp] "H:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "H:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = H:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = H:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = H:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Service Manager.lnk = H:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://H:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: CADE - {605E5D27-BFA0-471F-87ED-98A2623D633C} - H:\Program Files\CADE\Web\new.htm
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Plánovač automatické aktualizace LiveUpdate (Automatic LiveUpdate Scheduler) - Symantec Corporation - H:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - H:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - H:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - H:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - h:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - H:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - H:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec Core LC - Unknown owner - H:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
--
End of file - 7995 bytes
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Re: Neodstraneny trojan
Jdi přes Start -> Spustit... a napiš do okna tento příkaz označený modře: ComboFix /u a dej Ok.
- mezi comobofix a /u musí být mezera
Máš ještě problémy?
- mezi comobofix a /u musí být mezera
Máš ještě problémy?
It may take a while to get a response, because the "HJT Team" are very busy. Please, be patient, these people are volunteers. They will help you out, as soon as possible.
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Re: Neodstraneny trojan
Ne zda se ze uz je to pryc...moc dik + jeste diky za rychlou odpoved 
Zpět na “Viry, antiviry, firewally…”
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 3 hosti