Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:24:09, on 22.2.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsgSys.EXE
D:\uživatelia\Matej\Miranda_IM_Bagr_pack_v1.3.1\Miranda IM Bagr pack\miranda32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\uživatelia\Matej\pre PC\HJT\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [HydraVisionDesktopManager] "C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [360desktop] "C:\Program Files\360desktop\360desktop.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) -http://arcade.icq.com/online/online2/luxor_2/mjolauncher.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Google Update Service (gupdate1c98fa4c6fabf20) (gupdate1c98fa4c6fabf20) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe[/url]
--
End of file - 5437 bytes
Kontrola logu
-
mates13494
- Level 1.5
- Příspěvky: 103
- Registrován: únor 09
- Pohlaví:
- Stav:
Offline
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Kód: Vybrat vše
O4 - HKCU\..\Run: [360desktop] "C:\Program Files\360desktop\360desktop.exe"Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
-
mates13494
- Level 1.5
- Příspěvky: 103
- Registrován: únor 09
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu
Malwarebytes' Anti-Malware 1.34
Verzia databázy: 1795
Windows 5.1.2600 Service Pack 2
23.2.2009 11:51:43
mbam-log-2009-02-23 (11-51-39).txt
Typ kontroly: Rýchla
Objektov kontrolovaných: 73583
Uplynutý cas: 4 minute(s), 4 second(s)
Infikovaných procesov pamäte: 0
Infikovaných modulov pamäte: 0
Infikovaných registracných klúcov: 11
Infikovaných registracných hodnôt: 0
Infikovaných registracných údajov položiek: 0
Infikovaných priecinkov: 1
Infikovaných súborov: 3
Infikovaných procesov pamäte:
(Žiadne škodlivé položky)
Infikovaných modulov pamäte:
(Žiadne škodlivé položky)
Infikovaných registracných klúcov:
HKEY_CLASSES_ROOT\dc_ads.ads (Adware.Fotomoto) -> No action taken.
HKEY_CLASSES_ROOT\dc_ads.ads.1 (Adware.Fotomoto) -> No action taken.
HKEY_CLASSES_ROOT\rotator.gizmo3 (Trojan.Zlob) -> No action taken.
HKEY_CLASSES_ROOT\rotator.gizmo3.1 (Trojan.Zlob) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.
Infikovaných registracných hodnôt:
(Žiadne škodlivé položky)
Infikovaných registracných údajov položiek:
(Žiadne škodlivé položky)
Infikovaných priecinkov:
C:\WINDOWS\system32\iDlo18 (Trojan.Downloader) -> No action taken.
Infikovaných súborov:
C:\WINDOWS\system32\WhoisCL.exe (Adware.BHO) -> No action taken.
C:\WINDOWS\system32\{7a65c810-2ca4-13c6-2b6f-05f769b13f88}.dll-uninst.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\{e0bfe011-e558-79c6-7fef-250f2b95042e}.dll-uninst.exe (Trojan.Agent) -> No action taken.
Verzia databázy: 1795
Windows 5.1.2600 Service Pack 2
23.2.2009 11:51:43
mbam-log-2009-02-23 (11-51-39).txt
Typ kontroly: Rýchla
Objektov kontrolovaných: 73583
Uplynutý cas: 4 minute(s), 4 second(s)
Infikovaných procesov pamäte: 0
Infikovaných modulov pamäte: 0
Infikovaných registracných klúcov: 11
Infikovaných registracných hodnôt: 0
Infikovaných registracných údajov položiek: 0
Infikovaných priecinkov: 1
Infikovaných súborov: 3
Infikovaných procesov pamäte:
(Žiadne škodlivé položky)
Infikovaných modulov pamäte:
(Žiadne škodlivé položky)
Infikovaných registracných klúcov:
HKEY_CLASSES_ROOT\dc_ads.ads (Adware.Fotomoto) -> No action taken.
HKEY_CLASSES_ROOT\dc_ads.ads.1 (Adware.Fotomoto) -> No action taken.
HKEY_CLASSES_ROOT\rotator.gizmo3 (Trojan.Zlob) -> No action taken.
HKEY_CLASSES_ROOT\rotator.gizmo3.1 (Trojan.Zlob) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.
Infikovaných registracných hodnôt:
(Žiadne škodlivé položky)
Infikovaných registracných údajov položiek:
(Žiadne škodlivé položky)
Infikovaných priecinkov:
C:\WINDOWS\system32\iDlo18 (Trojan.Downloader) -> No action taken.
Infikovaných súborov:
C:\WINDOWS\system32\WhoisCL.exe (Adware.BHO) -> No action taken.
C:\WINDOWS\system32\{7a65c810-2ca4-13c6-2b6f-05f769b13f88}.dll-uninst.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\{e0bfe011-e558-79c6-7fef-250f2b95042e}.dll-uninst.exe (Trojan.Agent) -> No action taken.
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu
. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Můžeš sem pak vložit log z MbAM.
Vypni rez. ochrany u Symantec Internet Security Suite
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Můžeš sem pak vložit log z MbAM.
Vypni rez. ochrany u Symantec Internet Security Suite
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
-
mates13494
- Level 1.5
- Příspěvky: 103
- Registrován: únor 09
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu
alwarebytes' Anti-Malware 1.34
Verzia databázy: 1795
Windows 5.1.2600 Service Pack 2
23.2.2009 13:39:48
mbam-log-2009-02-23 (13-39-48).txt
Typ kontroly: Rýchla
Objektov kontrolovaných: 73583
Uplynutý cas: 4 minute(s), 4 second(s)
Infikovaných procesov pamäte: 0
Infikovaných modulov pamäte: 0
Infikovaných registracných klúcov: 11
Infikovaných registracných hodnôt: 0
Infikovaných registracných údajov položiek: 0
Infikovaných priecinkov: 1
Infikovaných súborov: 3
Infikovaných procesov pamäte:
(Žiadne škodlivé položky)
Infikovaných modulov pamäte:
(Žiadne škodlivé položky)
Infikovaných registracných klúcov:
HKEY_CLASSES_ROOT\dc_ads.ads (Adware.Fotomoto) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dc_ads.ads.1 (Adware.Fotomoto) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\rotator.gizmo3 (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\rotator.gizmo3.1 (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Infikovaných registracných hodnôt:
(Žiadne škodlivé položky)
Infikovaných registracných údajov položiek:
(Žiadne škodlivé položky)
Infikovaných priecinkov:
C:\WINDOWS\system32\iDlo18 (Trojan.Downloader) -> Quarantined and deleted successfully.
Infikovaných súborov:
C:\WINDOWS\system32\WhoisCL.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\{7a65c810-2ca4-13c6-2b6f-05f769b13f88}.dll-uninst.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\{e0bfe011-e558-79c6-7fef-250f2b95042e}.dll-uninst.exe (Trojan.Agent) -> Quarantined and deleted successfully.
Verzia databázy: 1795
Windows 5.1.2600 Service Pack 2
23.2.2009 13:39:48
mbam-log-2009-02-23 (13-39-48).txt
Typ kontroly: Rýchla
Objektov kontrolovaných: 73583
Uplynutý cas: 4 minute(s), 4 second(s)
Infikovaných procesov pamäte: 0
Infikovaných modulov pamäte: 0
Infikovaných registracných klúcov: 11
Infikovaných registracných hodnôt: 0
Infikovaných registracných údajov položiek: 0
Infikovaných priecinkov: 1
Infikovaných súborov: 3
Infikovaných procesov pamäte:
(Žiadne škodlivé položky)
Infikovaných modulov pamäte:
(Žiadne škodlivé položky)
Infikovaných registracných klúcov:
HKEY_CLASSES_ROOT\dc_ads.ads (Adware.Fotomoto) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dc_ads.ads.1 (Adware.Fotomoto) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\rotator.gizmo3 (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\rotator.gizmo3.1 (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Infikovaných registracných hodnôt:
(Žiadne škodlivé položky)
Infikovaných registracných údajov položiek:
(Žiadne škodlivé položky)
Infikovaných priecinkov:
C:\WINDOWS\system32\iDlo18 (Trojan.Downloader) -> Quarantined and deleted successfully.
Infikovaných súborov:
C:\WINDOWS\system32\WhoisCL.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\{7a65c810-2ca4-13c6-2b6f-05f769b13f88}.dll-uninst.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\{e0bfe011-e558-79c6-7fef-250f2b95042e}.dll-uninst.exe (Trojan.Agent) -> Quarantined and deleted successfully.
-
mates13494
- Level 1.5
- Příspěvky: 103
- Registrován: únor 09
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu
ComboFix 09-02-21.01 - fk 2009-02-23 13:45:58.4 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.1023.591 [GMT 1:00]
Running from: c:\documents and settings\fk\Desktop\ComboFix.exe
FW: Norton Internet Worm Protection *disabled*
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
E:\install.exe
.
((((((((((((((((((((((((( Files Created from 2009-01-23 to 2009-02-23 )))))))))))))))))))))))))))))))
.
2009-02-23 11:45 . 2009-02-23 11:45 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-23 11:45 . 2009-02-23 11:45 <DIR> d-------- c:\documents and settings\fk\Application Data\Malwarebytes
2009-02-23 11:45 . 2009-02-23 11:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-23 11:45 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-23 11:45 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-22 12:20 . 2009-02-22 12:20 45 --a------ c:\windows\system32\initdebug.nfo
2009-02-22 11:12 . 2009-02-22 11:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\ATI
2009-02-22 11:11 . 2009-02-22 11:11 0 --a------ c:\windows\ativpsrm.bin
2009-02-15 19:26 . 2009-02-15 19:27 <DIR> d-------- c:\program files\UberIcon
2009-02-15 19:18 . 2009-02-15 19:18 <DIR> d-------- c:\documents and settings\fk\Application Data\360desktop
2009-02-13 20:01 . 2009-02-13 20:01 <DIR> d-------- c:\windows\system32\xlive
2009-02-11 21:21 . 2009-02-11 21:21 <DIR> d-------- c:\windows\system32\IOSUBSYS
2009-02-10 21:36 . 2009-02-15 19:23 <DIR> d-------- c:\program files\7-Zip
2009-02-07 18:17 . 2009-02-07 18:17 <DIR> d--h----- c:\windows\system32\GroupPolicy
2009-02-04 20:29 . 2009-02-04 20:29 <DIR> d-------- c:\windows\system32\NtmsData
2009-02-04 06:57 . 2009-02-04 06:57 11,702,272 --a------ c:\windows\system32\atioglxx.dll
2009-02-04 05:13 . 2009-02-04 05:13 121,808 --a------ c:\windows\system32\ativvaxx.cap
2009-02-04 04:58 . 2009-02-04 04:58 49,664 --a------ c:\windows\system32\amdpcom32.dll
2009-02-04 04:53 . 2009-02-04 04:53 122,880 --a------ c:\windows\system32\atiadlxx.dll
2009-02-04 03:43 . 2009-02-04 03:43 45,056 --a------ c:\windows\system32\aticalrt.dll
2009-02-04 03:42 . 2009-02-04 03:42 45,056 --a------ c:\windows\system32\aticalcl.dll
2009-02-04 03:40 . 2009-02-04 03:40 3,244,032 --a------ c:\windows\system32\aticaldd.dll
2009-01-31 17:33 . 2009-01-31 17:33 <DIR> d-------- c:\program files\CCleaner
2009-01-25 13:34 . 2009-02-11 21:49 <DIR> d-------- c:\documents and settings\fk\Application Data\gtk-2.0
2009-01-25 13:34 . 2009-01-25 13:34 <DIR> d-------- c:\documents and settings\fk\.thumbnails
2009-01-25 13:33 . 2009-02-15 20:25 <DIR> d-------- c:\documents and settings\fk\.gimp-2.6
2009-01-25 13:32 . 2009-01-25 13:32 <DIR> d-------- c:\program files\GIMP-2.0
2009-01-25 13:32 . 2009-01-25 13:33 <DIR> d-------- c:\documents and settings\fk\.gegl-0.0
2009-01-23 15:29 . 2009-01-23 15:29 <DIR> d--hs---- c:\windows\ftpcache
2009-01-23 15:29 . 2009-01-23 15:29 22,328 --a------ c:\documents and settings\fk\Application Data\PnkBstrK.sys
2009-01-23 15:28 . 2009-01-23 15:28 272 --a------ c:\windows\game.ini
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-22 10:09 --------- d-----w c:\program files\ATI Technologies
2009-02-21 14:58 --------- d-----w c:\documents and settings\fk\Application Data\Skype
2009-02-21 14:57 --------- d-----w c:\documents and settings\fk\Application Data\skypePM
2009-02-16 05:18 --------- d-----w c:\program files\Google
2009-02-15 18:23 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-02-14 16:09 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-02-04 07:27 3,488,768 ----a-w c:\windows\system32\drivers\ati2mtag.sys
2009-02-04 05:03 290,816 ----a-w c:\windows\system32\atiok3x2.dll
2009-02-04 04:56 442,368 ----a-w c:\windows\system32\ATIDEMGX.dll
2009-02-04 04:55 324,096 ----a-w c:\windows\system32\ati2dvag.dll
2009-02-04 04:44 196,608 ----a-w c:\windows\system32\atipdlxx.dll
2009-02-04 04:44 155,648 ----a-w c:\windows\system32\Oemdspif.dll
2009-02-04 04:43 43,520 ----a-w c:\windows\system32\ati2edxx.dll
2009-02-04 04:43 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe
2009-02-04 04:43 155,648 ----a-w c:\windows\system32\ati2evxx.dll
2009-02-04 04:41 602,112 ----a-w c:\windows\system32\ati2evxx.exe
2009-02-04 04:40 53,248 ----a-w c:\windows\system32\ATIDDC.DLL
2009-02-04 04:30 3,884,768 ----a-w c:\windows\system32\ati3duag.dll
2009-02-04 04:14 2,645,504 ----a-w c:\windows\system32\ativvaxx.dll
2009-02-04 03:54 471,040 ----a-w c:\windows\system32\atikvmag.dll
2009-02-04 03:52 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll
2009-02-04 03:52 17,408 ----a-w c:\windows\system32\atitvo32.dll
2009-02-04 03:46 626,688 ----a-w c:\windows\system32\ati2cqag.dll
2009-02-04 03:44 307,200 ----a-w c:\windows\system32\atiiiexx.dll
2009-02-03 20:05 593,920 ------w c:\windows\system32\ati2sgag.exe
2009-02-01 19:35 --------- d-----w c:\documents and settings\fk\Application Data\Hamachi
2009-01-24 20:14 103,736 ----a-w c:\windows\system32\PnkBstrB.exe
2009-01-23 14:38 66,872 ----a-w c:\windows\system32\PnkBstrA.exe
2009-01-23 14:38 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-01-23 14:28 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-20 12:44 --------- d-----w c:\program files\FOXCONN
2009-01-19 15:26 --------- d-----w c:\program files\Conduit
2009-01-18 11:01 25,280 ----a-w c:\windows\system32\drivers\hamachi.sys
2009-01-18 11:01 --------- d-----w c:\program files\Hamachi
2009-01-05 22:33 3,751,995 ----a-w c:\windows\system32\GPhotos.scr
2008-03-02 17:11 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2008-09-06 18:36 848 --sha-w c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"HydraVisionDesktopManager"="c:\program files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe" [2003-09-15 270336]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-03 61440]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^T-Com Softphone Slovak.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\T-Com Softphone Slovak.lnk
backup=c:\windows\pss\T-Com Softphone Slovak.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^fk^Start Menu^Programs^Startup^Rychlé hledání Microsoft.lnk]
path=c:\documents and settings\fk\Start Menu\Programs\Startup\Rychlé hledání Microsoft.lnk
backup=c:\windows\pss\Rychlé hledání Microsoft.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^fk^Start Menu^Programs^Startup^Spuštění Office.lnk]
path=c:\documents and settings\fk\Start Menu\Programs\Startup\Spuštění Office.lnk
backup=c:\windows\pss\Spuštění Office.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
--a------ 2007-12-31 15:29 962560 c:\program files\Ares\Ares.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 17:24 1694208 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
--a------ 2001-09-24 06:59 73728 c:\program files\NavNT\vptray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-r------- 2005-05-03 11:43 69632 c:\windows\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-r------- 2007-02-26 08:03 16125440 c:\windows\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-r------- 2006-05-16 11:04 2879488 c:\windows\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Opera\\Opera.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"d:\\uživatelia\\Matej\\Miranda_IM_Bagr_pack_v1.3.1\\Miranda IM Bagr pack\\miranda32.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"e:\\games\\FIFA 2008\\FIFA08.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\games\\COD\\iw3mp.exe"=
"e:\\games\\Flatout\\FlatOut Ultimate Carnage\\Fouc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [2005-12-06 35328]
R3 PSched;QoS Packet Scheduler;c:\windows\system32\drivers\psched.sys [2004-08-03 69120]
S2 gupdate1c98fa4c6fabf20;Google Update Service (gupdate1c98fa4c6fabf20);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-15 133104]
S3 FXDrv32;FXDrv32;\??\w:\fxdrv32.sys --> w:\FXDrv32.sys [?]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b7981bac-ec2c-11dc-925f-001c250dcc60}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
2009-02-23 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-15 20:36]
2009-02-23 c:\windows\Tasks\PCConfidential.job
- c:\program files\Winferno\PC Confidential\PCConfidential.exe []
2008-10-23 c:\windows\Tasks\rpc.job
- c:\program files\Winferno\RegistryPowerCleaner\RegPowerClean.exe []
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\fk\Application Data\Mozilla\Firefox\Profiles\xbokys09.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-23 13:47:31
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1993962763-583907252-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-1993962763-583907252-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B7159C5B-B59F-BE8D-564F-510D95E23D1C}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"hacpmakmnbhehgcn"=hex:61,61,00,7e
"hacpmakmicomcbja"=hex:61,61,00,7e
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(664)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\NavLogon.dll
.
Completion time: 2009-02-23 13:48:27
ComboFix-quarantined-files.txt 2009-02-23 12:48:25
ComboFix2.txt 2009-01-19 18:13:11
Pre-Run: 16,197,562,368 bytes free
Post-Run: 13 adresárov, 16,257,826,816 voľných bajtov
205 --- E O F --- 2008-04-10 11:34:20
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.1023.591 [GMT 1:00]
Running from: c:\documents and settings\fk\Desktop\ComboFix.exe
FW: Norton Internet Worm Protection *disabled*
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
E:\install.exe
.
((((((((((((((((((((((((( Files Created from 2009-01-23 to 2009-02-23 )))))))))))))))))))))))))))))))
.
2009-02-23 11:45 . 2009-02-23 11:45 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-23 11:45 . 2009-02-23 11:45 <DIR> d-------- c:\documents and settings\fk\Application Data\Malwarebytes
2009-02-23 11:45 . 2009-02-23 11:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-23 11:45 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-23 11:45 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-22 12:20 . 2009-02-22 12:20 45 --a------ c:\windows\system32\initdebug.nfo
2009-02-22 11:12 . 2009-02-22 11:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\ATI
2009-02-22 11:11 . 2009-02-22 11:11 0 --a------ c:\windows\ativpsrm.bin
2009-02-15 19:26 . 2009-02-15 19:27 <DIR> d-------- c:\program files\UberIcon
2009-02-15 19:18 . 2009-02-15 19:18 <DIR> d-------- c:\documents and settings\fk\Application Data\360desktop
2009-02-13 20:01 . 2009-02-13 20:01 <DIR> d-------- c:\windows\system32\xlive
2009-02-11 21:21 . 2009-02-11 21:21 <DIR> d-------- c:\windows\system32\IOSUBSYS
2009-02-10 21:36 . 2009-02-15 19:23 <DIR> d-------- c:\program files\7-Zip
2009-02-07 18:17 . 2009-02-07 18:17 <DIR> d--h----- c:\windows\system32\GroupPolicy
2009-02-04 20:29 . 2009-02-04 20:29 <DIR> d-------- c:\windows\system32\NtmsData
2009-02-04 06:57 . 2009-02-04 06:57 11,702,272 --a------ c:\windows\system32\atioglxx.dll
2009-02-04 05:13 . 2009-02-04 05:13 121,808 --a------ c:\windows\system32\ativvaxx.cap
2009-02-04 04:58 . 2009-02-04 04:58 49,664 --a------ c:\windows\system32\amdpcom32.dll
2009-02-04 04:53 . 2009-02-04 04:53 122,880 --a------ c:\windows\system32\atiadlxx.dll
2009-02-04 03:43 . 2009-02-04 03:43 45,056 --a------ c:\windows\system32\aticalrt.dll
2009-02-04 03:42 . 2009-02-04 03:42 45,056 --a------ c:\windows\system32\aticalcl.dll
2009-02-04 03:40 . 2009-02-04 03:40 3,244,032 --a------ c:\windows\system32\aticaldd.dll
2009-01-31 17:33 . 2009-01-31 17:33 <DIR> d-------- c:\program files\CCleaner
2009-01-25 13:34 . 2009-02-11 21:49 <DIR> d-------- c:\documents and settings\fk\Application Data\gtk-2.0
2009-01-25 13:34 . 2009-01-25 13:34 <DIR> d-------- c:\documents and settings\fk\.thumbnails
2009-01-25 13:33 . 2009-02-15 20:25 <DIR> d-------- c:\documents and settings\fk\.gimp-2.6
2009-01-25 13:32 . 2009-01-25 13:32 <DIR> d-------- c:\program files\GIMP-2.0
2009-01-25 13:32 . 2009-01-25 13:33 <DIR> d-------- c:\documents and settings\fk\.gegl-0.0
2009-01-23 15:29 . 2009-01-23 15:29 <DIR> d--hs---- c:\windows\ftpcache
2009-01-23 15:29 . 2009-01-23 15:29 22,328 --a------ c:\documents and settings\fk\Application Data\PnkBstrK.sys
2009-01-23 15:28 . 2009-01-23 15:28 272 --a------ c:\windows\game.ini
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-22 10:09 --------- d-----w c:\program files\ATI Technologies
2009-02-21 14:58 --------- d-----w c:\documents and settings\fk\Application Data\Skype
2009-02-21 14:57 --------- d-----w c:\documents and settings\fk\Application Data\skypePM
2009-02-16 05:18 --------- d-----w c:\program files\Google
2009-02-15 18:23 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-02-14 16:09 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-02-04 07:27 3,488,768 ----a-w c:\windows\system32\drivers\ati2mtag.sys
2009-02-04 05:03 290,816 ----a-w c:\windows\system32\atiok3x2.dll
2009-02-04 04:56 442,368 ----a-w c:\windows\system32\ATIDEMGX.dll
2009-02-04 04:55 324,096 ----a-w c:\windows\system32\ati2dvag.dll
2009-02-04 04:44 196,608 ----a-w c:\windows\system32\atipdlxx.dll
2009-02-04 04:44 155,648 ----a-w c:\windows\system32\Oemdspif.dll
2009-02-04 04:43 43,520 ----a-w c:\windows\system32\ati2edxx.dll
2009-02-04 04:43 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe
2009-02-04 04:43 155,648 ----a-w c:\windows\system32\ati2evxx.dll
2009-02-04 04:41 602,112 ----a-w c:\windows\system32\ati2evxx.exe
2009-02-04 04:40 53,248 ----a-w c:\windows\system32\ATIDDC.DLL
2009-02-04 04:30 3,884,768 ----a-w c:\windows\system32\ati3duag.dll
2009-02-04 04:14 2,645,504 ----a-w c:\windows\system32\ativvaxx.dll
2009-02-04 03:54 471,040 ----a-w c:\windows\system32\atikvmag.dll
2009-02-04 03:52 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll
2009-02-04 03:52 17,408 ----a-w c:\windows\system32\atitvo32.dll
2009-02-04 03:46 626,688 ----a-w c:\windows\system32\ati2cqag.dll
2009-02-04 03:44 307,200 ----a-w c:\windows\system32\atiiiexx.dll
2009-02-03 20:05 593,920 ------w c:\windows\system32\ati2sgag.exe
2009-02-01 19:35 --------- d-----w c:\documents and settings\fk\Application Data\Hamachi
2009-01-24 20:14 103,736 ----a-w c:\windows\system32\PnkBstrB.exe
2009-01-23 14:38 66,872 ----a-w c:\windows\system32\PnkBstrA.exe
2009-01-23 14:38 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-01-23 14:28 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-20 12:44 --------- d-----w c:\program files\FOXCONN
2009-01-19 15:26 --------- d-----w c:\program files\Conduit
2009-01-18 11:01 25,280 ----a-w c:\windows\system32\drivers\hamachi.sys
2009-01-18 11:01 --------- d-----w c:\program files\Hamachi
2009-01-05 22:33 3,751,995 ----a-w c:\windows\system32\GPhotos.scr
2008-03-02 17:11 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2008-09-06 18:36 848 --sha-w c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"HydraVisionDesktopManager"="c:\program files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe" [2003-09-15 270336]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-03 61440]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^T-Com Softphone Slovak.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\T-Com Softphone Slovak.lnk
backup=c:\windows\pss\T-Com Softphone Slovak.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^fk^Start Menu^Programs^Startup^Rychlé hledání Microsoft.lnk]
path=c:\documents and settings\fk\Start Menu\Programs\Startup\Rychlé hledání Microsoft.lnk
backup=c:\windows\pss\Rychlé hledání Microsoft.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^fk^Start Menu^Programs^Startup^Spuštění Office.lnk]
path=c:\documents and settings\fk\Start Menu\Programs\Startup\Spuštění Office.lnk
backup=c:\windows\pss\Spuštění Office.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
--a------ 2007-12-31 15:29 962560 c:\program files\Ares\Ares.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 17:24 1694208 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
--a------ 2001-09-24 06:59 73728 c:\program files\NavNT\vptray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-r------- 2005-05-03 11:43 69632 c:\windows\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-r------- 2007-02-26 08:03 16125440 c:\windows\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-r------- 2006-05-16 11:04 2879488 c:\windows\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Opera\\Opera.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"d:\\uživatelia\\Matej\\Miranda_IM_Bagr_pack_v1.3.1\\Miranda IM Bagr pack\\miranda32.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"e:\\games\\FIFA 2008\\FIFA08.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\games\\COD\\iw3mp.exe"=
"e:\\games\\Flatout\\FlatOut Ultimate Carnage\\Fouc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [2005-12-06 35328]
R3 PSched;QoS Packet Scheduler;c:\windows\system32\drivers\psched.sys [2004-08-03 69120]
S2 gupdate1c98fa4c6fabf20;Google Update Service (gupdate1c98fa4c6fabf20);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-15 133104]
S3 FXDrv32;FXDrv32;\??\w:\fxdrv32.sys --> w:\FXDrv32.sys [?]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b7981bac-ec2c-11dc-925f-001c250dcc60}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
2009-02-23 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-15 20:36]
2009-02-23 c:\windows\Tasks\PCConfidential.job
- c:\program files\Winferno\PC Confidential\PCConfidential.exe []
2008-10-23 c:\windows\Tasks\rpc.job
- c:\program files\Winferno\RegistryPowerCleaner\RegPowerClean.exe []
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\fk\Application Data\Mozilla\Firefox\Profiles\xbokys09.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-23 13:47:31
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1993962763-583907252-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-1993962763-583907252-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B7159C5B-B59F-BE8D-564F-510D95E23D1C}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"hacpmakmnbhehgcn"=hex:61,61,00,7e
"hacpmakmicomcbja"=hex:61,61,00,7e
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(664)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\NavLogon.dll
.
Completion time: 2009-02-23 13:48:27
ComboFix-quarantined-files.txt 2009-02-23 12:48:25
ComboFix2.txt 2009-01-19 18:13:11
Pre-Run: 16,197,562,368 bytes free
Post-Run: 13 adresárov, 16,257,826,816 voľných bajtov
205 --- E O F --- 2008-04-10 11:34:20
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu
keylogger tam asi nebyl schválně..
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
File::
c:\windows\system32\KGyGaAvL.sys
Folder::
c:\windows\system32\NtmsData
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000000
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
-
mates13494
- Level 1.5
- Příspěvky: 103
- Registrován: únor 09
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu
ComboFix 09-02-21.01 - fk 2009-02-23 16:11:12.5 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.1023.581 [GMT 1:00]
Running from: c:\documents and settings\fk\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\fk\Desktop\CFScript.txt
FW: Norton Internet Worm Protection *disabled*
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
c:\windows\system32\KGyGaAvL.sys
c:\windows\system32\NtmsData -- Whitelisted --
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((( Files Created from 2009-01-23 to 2009-02-23 )))))))))))))))))))))))))))))))
.
2009-02-23 11:45 . 2009-02-23 11:45 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-23 11:45 . 2009-02-23 11:45 <DIR> d-------- c:\documents and settings\fk\Application Data\Malwarebytes
2009-02-23 11:45 . 2009-02-23 11:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-23 11:45 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-23 11:45 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-22 12:20 . 2009-02-22 12:20 45 --a------ c:\windows\system32\initdebug.nfo
2009-02-22 11:12 . 2009-02-22 11:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\ATI
2009-02-22 11:11 . 2009-02-22 11:11 0 --a------ c:\windows\ativpsrm.bin
2009-02-15 19:26 . 2009-02-15 19:27 <DIR> d-------- c:\program files\UberIcon
2009-02-15 19:18 . 2009-02-15 19:18 <DIR> d-------- c:\documents and settings\fk\Application Data\360desktop
2009-02-13 20:01 . 2009-02-13 20:01 <DIR> d-------- c:\windows\system32\xlive
2009-02-11 21:21 . 2009-02-11 21:21 <DIR> d-------- c:\windows\system32\IOSUBSYS
2009-02-10 21:36 . 2009-02-15 19:23 <DIR> d-------- c:\program files\7-Zip
2009-02-07 18:17 . 2009-02-07 18:17 <DIR> d--h----- c:\windows\system32\GroupPolicy
2009-02-04 20:29 . 2009-02-04 20:29 <DIR> d-------- c:\windows\system32\NtmsData
2009-02-04 06:57 . 2009-02-04 06:57 11,702,272 --a------ c:\windows\system32\atioglxx.dll
2009-02-04 05:13 . 2009-02-04 05:13 121,808 --a------ c:\windows\system32\ativvaxx.cap
2009-02-04 04:58 . 2009-02-04 04:58 49,664 --a------ c:\windows\system32\amdpcom32.dll
2009-02-04 04:53 . 2009-02-04 04:53 122,880 --a------ c:\windows\system32\atiadlxx.dll
2009-02-04 03:43 . 2009-02-04 03:43 45,056 --a------ c:\windows\system32\aticalrt.dll
2009-02-04 03:42 . 2009-02-04 03:42 45,056 --a------ c:\windows\system32\aticalcl.dll
2009-02-04 03:40 . 2009-02-04 03:40 3,244,032 --a------ c:\windows\system32\aticaldd.dll
2009-01-31 17:33 . 2009-01-31 17:33 <DIR> d-------- c:\program files\CCleaner
2009-01-25 13:34 . 2009-02-11 21:49 <DIR> d-------- c:\documents and settings\fk\Application Data\gtk-2.0
2009-01-25 13:34 . 2009-01-25 13:34 <DIR> d-------- c:\documents and settings\fk\.thumbnails
2009-01-25 13:33 . 2009-02-15 20:25 <DIR> d-------- c:\documents and settings\fk\.gimp-2.6
2009-01-25 13:32 . 2009-01-25 13:32 <DIR> d-------- c:\program files\GIMP-2.0
2009-01-25 13:32 . 2009-01-25 13:33 <DIR> d-------- c:\documents and settings\fk\.gegl-0.0
2009-01-23 15:29 . 2009-01-23 15:29 <DIR> d--hs---- c:\windows\ftpcache
2009-01-23 15:29 . 2009-01-23 15:29 22,328 --a------ c:\documents and settings\fk\Application Data\PnkBstrK.sys
2009-01-23 15:28 . 2009-01-23 15:28 272 --a------ c:\windows\game.ini
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-22 10:09 --------- d-----w c:\program files\ATI Technologies
2009-02-21 14:58 --------- d-----w c:\documents and settings\fk\Application Data\Skype
2009-02-21 14:57 --------- d-----w c:\documents and settings\fk\Application Data\skypePM
2009-02-16 05:18 --------- d-----w c:\program files\Google
2009-02-15 18:23 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-02-14 16:09 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-02-04 07:27 3,488,768 ----a-w c:\windows\system32\drivers\ati2mtag.sys
2009-02-04 05:03 290,816 ----a-w c:\windows\system32\atiok3x2.dll
2009-02-04 04:56 442,368 ----a-w c:\windows\system32\ATIDEMGX.dll
2009-02-04 04:55 324,096 ----a-w c:\windows\system32\ati2dvag.dll
2009-02-04 04:44 196,608 ----a-w c:\windows\system32\atipdlxx.dll
2009-02-04 04:44 155,648 ----a-w c:\windows\system32\Oemdspif.dll
2009-02-04 04:43 43,520 ----a-w c:\windows\system32\ati2edxx.dll
2009-02-04 04:43 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe
2009-02-04 04:43 155,648 ----a-w c:\windows\system32\ati2evxx.dll
2009-02-04 04:41 602,112 ----a-w c:\windows\system32\ati2evxx.exe
2009-02-04 04:40 53,248 ----a-w c:\windows\system32\ATIDDC.DLL
2009-02-04 04:30 3,884,768 ----a-w c:\windows\system32\ati3duag.dll
2009-02-04 04:14 2,645,504 ----a-w c:\windows\system32\ativvaxx.dll
2009-02-04 03:54 471,040 ----a-w c:\windows\system32\atikvmag.dll
2009-02-04 03:52 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll
2009-02-04 03:52 17,408 ----a-w c:\windows\system32\atitvo32.dll
2009-02-04 03:46 626,688 ----a-w c:\windows\system32\ati2cqag.dll
2009-02-04 03:44 307,200 ----a-w c:\windows\system32\atiiiexx.dll
2009-02-03 20:05 593,920 ------w c:\windows\system32\ati2sgag.exe
2009-02-01 19:35 --------- d-----w c:\documents and settings\fk\Application Data\Hamachi
2009-01-24 20:14 103,736 ----a-w c:\windows\system32\PnkBstrB.exe
2009-01-23 14:38 66,872 ----a-w c:\windows\system32\PnkBstrA.exe
2009-01-23 14:38 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-01-23 14:28 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-20 12:44 --------- d-----w c:\program files\FOXCONN
2009-01-19 15:26 --------- d-----w c:\program files\Conduit
2009-01-18 11:01 25,280 ----a-w c:\windows\system32\drivers\hamachi.sys
2009-01-18 11:01 --------- d-----w c:\program files\Hamachi
2009-01-05 22:33 3,751,995 ----a-w c:\windows\system32\GPhotos.scr
2008-03-02 17:11 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"HydraVisionDesktopManager"="c:\program files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe" [2003-09-15 270336]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-03 61440]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^T-Com Softphone Slovak.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\T-Com Softphone Slovak.lnk
backup=c:\windows\pss\T-Com Softphone Slovak.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^fk^Start Menu^Programs^Startup^Rychlé hledání Microsoft.lnk]
path=c:\documents and settings\fk\Start Menu\Programs\Startup\Rychlé hledání Microsoft.lnk
backup=c:\windows\pss\Rychlé hledání Microsoft.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^fk^Start Menu^Programs^Startup^Spuštění Office.lnk]
path=c:\documents and settings\fk\Start Menu\Programs\Startup\Spuštění Office.lnk
backup=c:\windows\pss\Spuštění Office.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
--a------ 2007-12-31 15:29 962560 c:\program files\Ares\Ares.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 17:24 1694208 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
--a------ 2001-09-24 06:59 73728 c:\program files\NavNT\vptray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-r------- 2005-05-03 11:43 69632 c:\windows\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-r------- 2007-02-26 08:03 16125440 c:\windows\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-r------- 2006-05-16 11:04 2879488 c:\windows\SkyTel.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Opera\\Opera.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"d:\\uživatelia\\Matej\\Miranda_IM_Bagr_pack_v1.3.1\\Miranda IM Bagr pack\\miranda32.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"e:\\games\\FIFA 2008\\FIFA08.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\games\\COD\\iw3mp.exe"=
"e:\\games\\Flatout\\FlatOut Ultimate Carnage\\Fouc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [2005-12-06 35328]
R3 PSched;QoS Packet Scheduler;c:\windows\system32\drivers\psched.sys [2004-08-03 69120]
S2 gupdate1c98fa4c6fabf20;Google Update Service (gupdate1c98fa4c6fabf20);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-15 133104]
S3 FXDrv32;FXDrv32;\??\w:\fxdrv32.sys --> w:\FXDrv32.sys [?]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b7981bac-ec2c-11dc-925f-001c250dcc60}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
2009-02-23 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-15 20:36]
2009-02-23 c:\windows\Tasks\PCConfidential.job
- c:\program files\Winferno\PC Confidential\PCConfidential.exe []
2008-10-23 c:\windows\Tasks\rpc.job
- c:\program files\Winferno\RegistryPowerCleaner\RegPowerClean.exe []
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\fk\Application Data\Mozilla\Firefox\Profiles\xbokys09.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-23 16:12:50
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1993962763-583907252-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-1993962763-583907252-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B7159C5B-B59F-BE8D-564F-510D95E23D1C}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"hacpmakmnbhehgcn"=hex:61,61,00,7e
"hacpmakmicomcbja"=hex:61,61,00,7e
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(664)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\NavLogon.dll
.
Completion time: 2009-02-23 16:13:55
ComboFix-quarantined-files.txt 2009-02-23 15:13:52
ComboFix2.txt 2009-02-23 12:48:29
ComboFix3.txt 2009-01-19 18:13:11
Pre-Run: 16 133 148 672 bytes free
Post-Run: 13 adresárov, 16,120,856,576 voľných bajtov
203 --- E O F --- 2008-04-10 11:34:20
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.1023.581 [GMT 1:00]
Running from: c:\documents and settings\fk\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\fk\Desktop\CFScript.txt
FW: Norton Internet Worm Protection *disabled*
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
c:\windows\system32\KGyGaAvL.sys
c:\windows\system32\NtmsData -- Whitelisted --
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((( Files Created from 2009-01-23 to 2009-02-23 )))))))))))))))))))))))))))))))
.
2009-02-23 11:45 . 2009-02-23 11:45 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-23 11:45 . 2009-02-23 11:45 <DIR> d-------- c:\documents and settings\fk\Application Data\Malwarebytes
2009-02-23 11:45 . 2009-02-23 11:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-23 11:45 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-23 11:45 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-22 12:20 . 2009-02-22 12:20 45 --a------ c:\windows\system32\initdebug.nfo
2009-02-22 11:12 . 2009-02-22 11:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\ATI
2009-02-22 11:11 . 2009-02-22 11:11 0 --a------ c:\windows\ativpsrm.bin
2009-02-15 19:26 . 2009-02-15 19:27 <DIR> d-------- c:\program files\UberIcon
2009-02-15 19:18 . 2009-02-15 19:18 <DIR> d-------- c:\documents and settings\fk\Application Data\360desktop
2009-02-13 20:01 . 2009-02-13 20:01 <DIR> d-------- c:\windows\system32\xlive
2009-02-11 21:21 . 2009-02-11 21:21 <DIR> d-------- c:\windows\system32\IOSUBSYS
2009-02-10 21:36 . 2009-02-15 19:23 <DIR> d-------- c:\program files\7-Zip
2009-02-07 18:17 . 2009-02-07 18:17 <DIR> d--h----- c:\windows\system32\GroupPolicy
2009-02-04 20:29 . 2009-02-04 20:29 <DIR> d-------- c:\windows\system32\NtmsData
2009-02-04 06:57 . 2009-02-04 06:57 11,702,272 --a------ c:\windows\system32\atioglxx.dll
2009-02-04 05:13 . 2009-02-04 05:13 121,808 --a------ c:\windows\system32\ativvaxx.cap
2009-02-04 04:58 . 2009-02-04 04:58 49,664 --a------ c:\windows\system32\amdpcom32.dll
2009-02-04 04:53 . 2009-02-04 04:53 122,880 --a------ c:\windows\system32\atiadlxx.dll
2009-02-04 03:43 . 2009-02-04 03:43 45,056 --a------ c:\windows\system32\aticalrt.dll
2009-02-04 03:42 . 2009-02-04 03:42 45,056 --a------ c:\windows\system32\aticalcl.dll
2009-02-04 03:40 . 2009-02-04 03:40 3,244,032 --a------ c:\windows\system32\aticaldd.dll
2009-01-31 17:33 . 2009-01-31 17:33 <DIR> d-------- c:\program files\CCleaner
2009-01-25 13:34 . 2009-02-11 21:49 <DIR> d-------- c:\documents and settings\fk\Application Data\gtk-2.0
2009-01-25 13:34 . 2009-01-25 13:34 <DIR> d-------- c:\documents and settings\fk\.thumbnails
2009-01-25 13:33 . 2009-02-15 20:25 <DIR> d-------- c:\documents and settings\fk\.gimp-2.6
2009-01-25 13:32 . 2009-01-25 13:32 <DIR> d-------- c:\program files\GIMP-2.0
2009-01-25 13:32 . 2009-01-25 13:33 <DIR> d-------- c:\documents and settings\fk\.gegl-0.0
2009-01-23 15:29 . 2009-01-23 15:29 <DIR> d--hs---- c:\windows\ftpcache
2009-01-23 15:29 . 2009-01-23 15:29 22,328 --a------ c:\documents and settings\fk\Application Data\PnkBstrK.sys
2009-01-23 15:28 . 2009-01-23 15:28 272 --a------ c:\windows\game.ini
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-22 10:09 --------- d-----w c:\program files\ATI Technologies
2009-02-21 14:58 --------- d-----w c:\documents and settings\fk\Application Data\Skype
2009-02-21 14:57 --------- d-----w c:\documents and settings\fk\Application Data\skypePM
2009-02-16 05:18 --------- d-----w c:\program files\Google
2009-02-15 18:23 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-02-14 16:09 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-02-04 07:27 3,488,768 ----a-w c:\windows\system32\drivers\ati2mtag.sys
2009-02-04 05:03 290,816 ----a-w c:\windows\system32\atiok3x2.dll
2009-02-04 04:56 442,368 ----a-w c:\windows\system32\ATIDEMGX.dll
2009-02-04 04:55 324,096 ----a-w c:\windows\system32\ati2dvag.dll
2009-02-04 04:44 196,608 ----a-w c:\windows\system32\atipdlxx.dll
2009-02-04 04:44 155,648 ----a-w c:\windows\system32\Oemdspif.dll
2009-02-04 04:43 43,520 ----a-w c:\windows\system32\ati2edxx.dll
2009-02-04 04:43 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe
2009-02-04 04:43 155,648 ----a-w c:\windows\system32\ati2evxx.dll
2009-02-04 04:41 602,112 ----a-w c:\windows\system32\ati2evxx.exe
2009-02-04 04:40 53,248 ----a-w c:\windows\system32\ATIDDC.DLL
2009-02-04 04:30 3,884,768 ----a-w c:\windows\system32\ati3duag.dll
2009-02-04 04:14 2,645,504 ----a-w c:\windows\system32\ativvaxx.dll
2009-02-04 03:54 471,040 ----a-w c:\windows\system32\atikvmag.dll
2009-02-04 03:52 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll
2009-02-04 03:52 17,408 ----a-w c:\windows\system32\atitvo32.dll
2009-02-04 03:46 626,688 ----a-w c:\windows\system32\ati2cqag.dll
2009-02-04 03:44 307,200 ----a-w c:\windows\system32\atiiiexx.dll
2009-02-03 20:05 593,920 ------w c:\windows\system32\ati2sgag.exe
2009-02-01 19:35 --------- d-----w c:\documents and settings\fk\Application Data\Hamachi
2009-01-24 20:14 103,736 ----a-w c:\windows\system32\PnkBstrB.exe
2009-01-23 14:38 66,872 ----a-w c:\windows\system32\PnkBstrA.exe
2009-01-23 14:38 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-01-23 14:28 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-20 12:44 --------- d-----w c:\program files\FOXCONN
2009-01-19 15:26 --------- d-----w c:\program files\Conduit
2009-01-18 11:01 25,280 ----a-w c:\windows\system32\drivers\hamachi.sys
2009-01-18 11:01 --------- d-----w c:\program files\Hamachi
2009-01-05 22:33 3,751,995 ----a-w c:\windows\system32\GPhotos.scr
2008-03-02 17:11 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"HydraVisionDesktopManager"="c:\program files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe" [2003-09-15 270336]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-03 61440]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^T-Com Softphone Slovak.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\T-Com Softphone Slovak.lnk
backup=c:\windows\pss\T-Com Softphone Slovak.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^fk^Start Menu^Programs^Startup^Rychlé hledání Microsoft.lnk]
path=c:\documents and settings\fk\Start Menu\Programs\Startup\Rychlé hledání Microsoft.lnk
backup=c:\windows\pss\Rychlé hledání Microsoft.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^fk^Start Menu^Programs^Startup^Spuštění Office.lnk]
path=c:\documents and settings\fk\Start Menu\Programs\Startup\Spuštění Office.lnk
backup=c:\windows\pss\Spuštění Office.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
--a------ 2007-12-31 15:29 962560 c:\program files\Ares\Ares.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 17:24 1694208 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
--a------ 2001-09-24 06:59 73728 c:\program files\NavNT\vptray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-r------- 2005-05-03 11:43 69632 c:\windows\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-r------- 2007-02-26 08:03 16125440 c:\windows\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-r------- 2006-05-16 11:04 2879488 c:\windows\SkyTel.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Opera\\Opera.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"d:\\uživatelia\\Matej\\Miranda_IM_Bagr_pack_v1.3.1\\Miranda IM Bagr pack\\miranda32.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"e:\\games\\FIFA 2008\\FIFA08.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\games\\COD\\iw3mp.exe"=
"e:\\games\\Flatout\\FlatOut Ultimate Carnage\\Fouc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [2005-12-06 35328]
R3 PSched;QoS Packet Scheduler;c:\windows\system32\drivers\psched.sys [2004-08-03 69120]
S2 gupdate1c98fa4c6fabf20;Google Update Service (gupdate1c98fa4c6fabf20);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-15 133104]
S3 FXDrv32;FXDrv32;\??\w:\fxdrv32.sys --> w:\FXDrv32.sys [?]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b7981bac-ec2c-11dc-925f-001c250dcc60}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
2009-02-23 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-15 20:36]
2009-02-23 c:\windows\Tasks\PCConfidential.job
- c:\program files\Winferno\PC Confidential\PCConfidential.exe []
2008-10-23 c:\windows\Tasks\rpc.job
- c:\program files\Winferno\RegistryPowerCleaner\RegPowerClean.exe []
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\fk\Application Data\Mozilla\Firefox\Profiles\xbokys09.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-23 16:12:50
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1993962763-583907252-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-1993962763-583907252-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B7159C5B-B59F-BE8D-564F-510D95E23D1C}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"hacpmakmnbhehgcn"=hex:61,61,00,7e
"hacpmakmicomcbja"=hex:61,61,00,7e
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(664)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\NavLogon.dll
.
Completion time: 2009-02-23 16:13:55
ComboFix-quarantined-files.txt 2009-02-23 15:13:52
ComboFix2.txt 2009-02-23 12:48:29
ComboFix3.txt 2009-01-19 18:13:11
Pre-Run: 16 133 148 672 bytes free
Post-Run: 13 adresárov, 16,120,856,576 voľných bajtov
203 --- E O F --- 2008-04-10 11:34:20
-
mates13494
- Level 1.5
- Příspěvky: 103
- Registrován: únor 09
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:15:27, on 23.2.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\uživatelia\Matej\pre PC\HJT\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [HydraVisionDesktopManager] "C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://arcade.icq.com/online/online2/lu ... uncher.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Google Update Service (gupdate1c98fa4c6fabf20) (gupdate1c98fa4c6fabf20) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
--
End of file - 5260 bytes
Scan saved at 16:15:27, on 23.2.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\uživatelia\Matej\pre PC\HJT\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [HydraVisionDesktopManager] "C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://arcade.icq.com/online/online2/lu ... uncher.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Google Update Service (gupdate1c98fa4c6fabf20) (gupdate1c98fa4c6fabf20) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
--
End of file - 5260 bytes
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu
Toto otestuj na Virustotal
c:\windows\system32\NtmsData
Vlož sem pak odkaz výsledku, pokud bude větší kapacita , napiš co tam je za soubory.
c:\windows\system32\NtmsData
Vlož sem pak odkaz výsledku, pokud bude větší kapacita , napiš co tam je za soubory.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
-
mates13494
- Level 1.5
- Příspěvky: 103
- Registrován: únor 09
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu
Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.0.0.93 2009.02.23 -
AhnLab-V3 2009.2.24.0 2009.02.23 -
AntiVir 7.9.0.88 2009.02.23 -
Authentium 5.1.0.4 2009.02.23 -
Avast 4.8.1335.0 2009.02.23 -
AVG 8.0.0.237 2009.02.23 -
BitDefender 7.2 2009.02.23 -
CAT-QuickHeal 10.00 2009.02.22 -
ClamAV 0.94.1 2009.02.23 -
Comodo 983 2009.02.20 -
DrWeb 4.44.0.09170 2009.02.23 -
eSafe 7.0.17.0 2009.02.19 -
eTrust-Vet 31.6.6369 2009.02.23 -
F-Prot 4.4.4.56 2009.02.23 -
F-Secure 8.0.14470.0 2009.02.23 -
Fortinet 3.117.0.0 2009.02.23 -
GData 19 2009.02.23 -
Ikarus T3.1.1.45.0 2009.02.23 -
K7AntiVirus 7.10.639 2009.02.21 -
Kaspersky 7.0.0.125 2009.02.23 -
McAfee 5533 2009.02.22 -
McAfee+Artemis 5534 2009.02.23 -
Microsoft 1.4306 2009.02.23 -
NOD32 3881 2009.02.23 -
Norman 6.00.06 2009.02.23 -
nProtect 2009.1.8.0 2009.02.23 -
Panda 10.0.0.10 2009.02.23 -
PCTools 4.4.2.0 2009.02.23 -
Prevx1 V2 2009.02.23 -
Rising 21.18.02.00 2009.02.23 -
SecureWeb-Gateway 6.7.6 2009.02.23 -
Sophos 4.39.0 2009.02.23 -
Sunbelt 3.2.1855.2 2009.02.17 -
Symantec 10 2009.02.23 -
TheHacker 6.3.2.5.263 2009.02.23 -
TrendMicro 8.700.0.1004 2009.02.23 -
VBA32 3.12.10.0 2009.02.22 -
ViRobot 2009.2.23.1618 2009.02.23 -
VirusBuster 4.5.11.0 2009.02.22 -
Rozšiřující informace
File size: 172032 bytes
MD5...: bae4f667d81785bb05ff816f72790e91
SHA1..: b21e9d776e47bbc1d0840eda3f1869edf4b1a68f
SHA256: f8b987ac4510c036baeeed481c03b1faa0a6030b1879610585e1d4e5d1463599
SHA512: c247c5b9ab07983e9b4574c27032e556b8ec310355594efd4dd4f9f76b26c7d8
e4a098050ba9efc5f895f2bbb3b6d0b15542ccff2b627f33bdb8f84637a74581
ssdeep: 768:tQulYtIW5s0AWC4zbVhJDlvmN6s6VFfN0+v7F99x+fpls1iL:ZW5pw6LV1d
PEiD..: -
TrID..: File type identification
Unknown!
PEInfo: -
a-squared 4.0.0.93 2009.02.23 -
AhnLab-V3 2009.2.24.0 2009.02.23 -
AntiVir 7.9.0.88 2009.02.23 -
Authentium 5.1.0.4 2009.02.23 -
Avast 4.8.1335.0 2009.02.23 -
AVG 8.0.0.237 2009.02.23 -
BitDefender 7.2 2009.02.23 -
CAT-QuickHeal 10.00 2009.02.22 -
ClamAV 0.94.1 2009.02.23 -
Comodo 983 2009.02.20 -
DrWeb 4.44.0.09170 2009.02.23 -
eSafe 7.0.17.0 2009.02.19 -
eTrust-Vet 31.6.6369 2009.02.23 -
F-Prot 4.4.4.56 2009.02.23 -
F-Secure 8.0.14470.0 2009.02.23 -
Fortinet 3.117.0.0 2009.02.23 -
GData 19 2009.02.23 -
Ikarus T3.1.1.45.0 2009.02.23 -
K7AntiVirus 7.10.639 2009.02.21 -
Kaspersky 7.0.0.125 2009.02.23 -
McAfee 5533 2009.02.22 -
McAfee+Artemis 5534 2009.02.23 -
Microsoft 1.4306 2009.02.23 -
NOD32 3881 2009.02.23 -
Norman 6.00.06 2009.02.23 -
nProtect 2009.1.8.0 2009.02.23 -
Panda 10.0.0.10 2009.02.23 -
PCTools 4.4.2.0 2009.02.23 -
Prevx1 V2 2009.02.23 -
Rising 21.18.02.00 2009.02.23 -
SecureWeb-Gateway 6.7.6 2009.02.23 -
Sophos 4.39.0 2009.02.23 -
Sunbelt 3.2.1855.2 2009.02.17 -
Symantec 10 2009.02.23 -
TheHacker 6.3.2.5.263 2009.02.23 -
TrendMicro 8.700.0.1004 2009.02.23 -
VBA32 3.12.10.0 2009.02.22 -
ViRobot 2009.2.23.1618 2009.02.23 -
VirusBuster 4.5.11.0 2009.02.22 -
Rozšiřující informace
File size: 172032 bytes
MD5...: bae4f667d81785bb05ff816f72790e91
SHA1..: b21e9d776e47bbc1d0840eda3f1869edf4b1a68f
SHA256: f8b987ac4510c036baeeed481c03b1faa0a6030b1879610585e1d4e5d1463599
SHA512: c247c5b9ab07983e9b4574c27032e556b8ec310355594efd4dd4f9f76b26c7d8
e4a098050ba9efc5f895f2bbb3b6d0b15542ccff2b627f33bdb8f84637a74581
ssdeep: 768:tQulYtIW5s0AWC4zbVhJDlvmN6s6VFfN0+v7F99x+fpls1iL:ZW5pw6LV1d
PEiD..: -
TrID..: File type identification
Unknown!
PEInfo: -
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u
takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš
Aktualizuj javu:
Java SE Runtime Environment 6u12
Vyber OS ( předpokládám Windows), zatržítko agree-continue
Vyber:
Windows Offline Installation
jre-6u12-windows-i586-p.exe
Ostatní javy odeber v přidat/odebrat programy.
Vše.
Kód: Vybrat vše
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u
takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš
Aktualizuj javu:
Java SE Runtime Environment 6u12
Vyber OS ( předpokládám Windows), zatržítko agree-continue
Vyber:
Windows Offline Installation
jre-6u12-windows-i586-p.exe
Ostatní javy odeber v přidat/odebrat programy.
Vše.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Kdo je online
Uživatelé prohlížející si toto fórum: Majestic-12 [Bot] a 104 hostů