Logfile of HijackThis v1.99.1
Scan saved at 19:43:02, on 14.5.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\MSI\BToes Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\MSI\BToes Bluetooth Software\BTTray.exe
C:\Program Files\NETGEAR\WG511U Configuration Utility\wlancfgu.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\NMSSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Martin\Plocha\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\TRANSLAT\WEBIE.DLL
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\TRANSLAT\WEBIE.DLL
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: NETGEAR WG511U Smart Wizard.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {50E43D86-A74D-11D0-98CE-004005249458} (AnimatedGif Control) - https://www.mojebanka.cz/jars/confwiz/MVSGif.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7967006937
O16 - DPF: {A8482EAF-A1F3-4934-AE3F-56EB195A50BF} (DeskUpdate - Activex Control) - http://support.fujitsu-siemens.de/DeskU ... ctivex.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://asp04.photoprintit.de/microsite/ ... loader.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\MSI\BToes Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
prosím o kontrolu
-
Damned
- Tvůrce článků
-
Master Level 9
- Příspěvky: 8353
- Registrován: prosinec 06
- Bydliště: Rokycany
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: prosím o kontrolu
Spusť si HJT a fixni (zaškrtnout čtvereček před názvem hodnoty a zmáčknout "Fix checked")
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
Pak si stáhni novější HJT z mého podpisu a dej sem poté nový log z nového HJT.
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
Pak si stáhni novější HJT z mého podpisu a dej sem poté nový log z nového HJT.
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Re: prosím o kontrolu
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:33:20, on 14.5.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\MSI\BToes Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\MSI\BToes Bluetooth Software\BTTray.exe
C:\Program Files\NETGEAR\WG511U Configuration Utility\wlancfgu.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\NMSSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\TRANSLAT\WEBIE.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\TRANSLAT\WEBIE.DLL
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: NETGEAR WG511U Smart Wizard.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {50E43D86-A74D-11D0-98CE-004005249458} (AnimatedGif Control) - https://www.mojebanka.cz/jars/confwiz/MVSGif.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7967006937
O16 - DPF: {A8482EAF-A1F3-4934-AE3F-56EB195A50BF} (DeskUpdate - Activex Control) - http://support.fujitsu-siemens.de/DeskU ... ctivex.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://asp04.photoprintit.de/microsite/ ... loader.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\MSI\BToes Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
--
End of file - 9422 bytes
Scan saved at 20:33:20, on 14.5.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\MSI\BToes Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\MSI\BToes Bluetooth Software\BTTray.exe
C:\Program Files\NETGEAR\WG511U Configuration Utility\wlancfgu.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\NMSSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\TRANSLAT\WEBIE.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\TRANSLAT\WEBIE.DLL
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: NETGEAR WG511U Smart Wizard.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {50E43D86-A74D-11D0-98CE-004005249458} (AnimatedGif Control) - https://www.mojebanka.cz/jars/confwiz/MVSGif.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7967006937
O16 - DPF: {A8482EAF-A1F3-4934-AE3F-56EB195A50BF} (DeskUpdate - Activex Control) - http://support.fujitsu-siemens.de/DeskU ... ctivex.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://asp04.photoprintit.de/microsite/ ... loader.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\MSI\BToes Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
--
End of file - 9422 bytes
-
Damned
- Tvůrce článků
-
Master Level 9
- Příspěvky: 8353
- Registrován: prosinec 06
- Bydliště: Rokycany
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: prosím o kontrolu
Na druhý pohled tam nevidím nic špatné, ale pro jistotu:
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Re: prosím o kontrolu
Malwarebytes' Anti-Malware 1.36
Verze databáze: 2131
Windows 5.1.2600 Service Pack 3
14.5.2009 20:52:07
mbam-log-2009-05-14 (20-52-03).txt
Typ skenu: Rychlý sken
Objektu skenováno: 83378
Uplynulý cas: 4 minute(s), 29 second(s)
Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 19
Infikované hodnoty registru: 3
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0
Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)
Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)
Infikované klíce registru:
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\xbtb01621.ietoolbar (Adware.SoftMate) -> No action taken.
HKEY_CLASSES_ROOT\xbtb01621.ietoolbar.1 (Adware.SoftMate) -> No action taken.
HKEY_CLASSES_ROOT\xbtb01621.xbtb01621 (Adware.SoftMate) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{621feacd-8857-43a6-ae26-451d670d5370} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-f3embed (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> No action taken.
Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované složky:
(Žádné zákerné položky nebyly zjišteny)
Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)
Verze databáze: 2131
Windows 5.1.2600 Service Pack 3
14.5.2009 20:52:07
mbam-log-2009-05-14 (20-52-03).txt
Typ skenu: Rychlý sken
Objektu skenováno: 83378
Uplynulý cas: 4 minute(s), 29 second(s)
Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 19
Infikované hodnoty registru: 3
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0
Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)
Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)
Infikované klíce registru:
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\xbtb01621.ietoolbar (Adware.SoftMate) -> No action taken.
HKEY_CLASSES_ROOT\xbtb01621.ietoolbar.1 (Adware.SoftMate) -> No action taken.
HKEY_CLASSES_ROOT\xbtb01621.xbtb01621 (Adware.SoftMate) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{621feacd-8857-43a6-ae26-451d670d5370} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-f3embed (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> No action taken.
Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované složky:
(Žádné zákerné položky nebyly zjišteny)
Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)
-
Damned
- Tvůrce článků
-
Master Level 9
- Příspěvky: 8353
- Registrován: prosinec 06
- Bydliště: Rokycany
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: prosím o kontrolu
Tak pokračuj:
Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Re: prosím o kontrolu
Malwarebytes' Anti-Malware 1.36
Verze databáze: 2131
Windows 5.1.2600 Service Pack 3
14.5.2009 21:13:43
mbam-log-2009-05-14 (21-13-43).txt
Typ skenu: Rychlý sken
Objektu skenováno: 83381
Uplynulý cas: 4 minute(s), 8 second(s)
Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 19
Infikované hodnoty registru: 3
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0
Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)
Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)
Infikované klíce registru:
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xbtb01621.ietoolbar (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xbtb01621.ietoolbar.1 (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xbtb01621.xbtb01621 (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{621feacd-8857-43a6-ae26-451d670d5370} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-f3embed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované složky:
(Žádné zákerné položky nebyly zjišteny)
Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)
Verze databáze: 2131
Windows 5.1.2600 Service Pack 3
14.5.2009 21:13:43
mbam-log-2009-05-14 (21-13-43).txt
Typ skenu: Rychlý sken
Objektu skenováno: 83381
Uplynulý cas: 4 minute(s), 8 second(s)
Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 19
Infikované hodnoty registru: 3
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0
Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)
Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)
Infikované klíce registru:
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xbtb01621.ietoolbar (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xbtb01621.ietoolbar.1 (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xbtb01621.xbtb01621 (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{621feacd-8857-43a6-ae26-451d670d5370} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-f3embed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované složky:
(Žádné zákerné položky nebyly zjišteny)
Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)
-
Damned
- Tvůrce článků
-
Master Level 9
- Příspěvky: 8353
- Registrován: prosinec 06
- Bydliště: Rokycany
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: prosím o kontrolu
Mrkneme se ještě na ComboFix
Při práci s CF vypni rezidentní štít antiviru a defenderu a odpoj se od internetu
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Při práci s CF vypni rezidentní štít antiviru a defenderu a odpoj se od internetu
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Re: prosím o kontrolu
ComboFix 09-05-13.04 - Martin 14.05.2009 21:27.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1014.339 [GMT 2:00]
Spuštěný z: c:\documents and settings\Martin\Plocha\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Outdated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-04-14 do 2009-05-14 )))))))))))))))))))))))))))))))
.
2009-05-14 18:04 . 2009-05-14 18:04 -------- d-----w c:\program files\Trend Micro
2009-05-14 17:06 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-14 17:06 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-14 17:06 . 2009-05-14 17:06 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-11 18:18 . 2005-05-31 12:10 17516 ----a-w c:\windows\system32\drivers\frmupgr.sys
2009-05-11 18:18 . 2005-05-31 12:06 44163 ----a-w c:\windows\system32\drivers\btwhid.sys
2009-04-27 11:55 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-27 11:55 . 2009-03-06 14:23 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-27 11:55 . 2009-02-09 11:25 111104 -c----w c:\windows\system32\dllcache\services.exe
2009-04-27 11:55 . 2009-02-09 10:56 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-27 11:55 . 2009-02-09 10:56 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-27 11:55 . 2009-02-09 10:56 684032 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-27 11:55 . 2009-02-09 10:56 728064 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-27 11:55 . 2009-02-09 10:56 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-27 11:55 . 2009-02-09 10:56 709632 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-27 11:40 . 2008-04-21 21:15 216576 -c----w c:\windows\system32\dllcache\wordpad.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-14 19:26 . 2006-01-19 08:26 -------- d-----w c:\program files\Symantec AntiVirus
2009-05-12 18:37 . 2007-08-23 17:02 -------- d-----w c:\program files\AnyDATA
2009-05-12 18:37 . 2006-01-19 08:21 -------- d-----w c:\program files\CyberLink
2009-05-12 18:37 . 2006-01-18 14:51 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-12 18:35 . 2008-10-19 23:32 -------- d-----w c:\program files\Oberon Media
2009-05-08 09:12 . 2009-03-23 13:54 -------- d-----w c:\program files\SUPERAntiSpyware
2009-05-04 19:22 . 2006-01-18 16:18 -------- d-----w c:\program files\Codec Pack - All In 1
2009-05-04 19:22 . 2006-01-18 16:18 737280 -c--a-w c:\windows\iun6002.exe
2009-05-02 07:59 . 2001-10-25 14:00 92114 ----a-w c:\windows\system32\perfc005.dat
2009-05-02 07:59 . 2001-10-25 14:00 462136 ----a-w c:\windows\system32\perfh005.dat
2009-03-31 13:05 . 2009-03-31 13:05 -------- d-----w c:\program files\Windows Defender
2009-03-31 08:10 . 2006-01-19 08:26 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-03-31 08:09 . 2006-01-19 08:26 -------- d-----w c:\program files\Symantec
2009-03-25 15:46 . 2009-03-25 15:46 -------- d-----w c:\program files\Microsoft Silverlight
2009-03-25 15:35 . 2009-03-25 15:35 -------- d-----w c:\program files\MSBuild
2009-03-25 15:35 . 2009-03-25 15:35 -------- d-----w c:\program files\Reference Assemblies
2009-03-25 15:28 . 2009-03-25 15:28 -------- d-----w c:\program files\Microsoft
2009-03-25 15:21 . 2009-03-25 15:21 -------- d-----w c:\program files\Windows Desktop Search
2009-03-25 09:12 . 2006-01-19 09:15 -------- d-----w c:\program files\Microsoft Works
2009-03-25 08:32 . 2009-03-25 08:32 -------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2009-03-24 13:20 . 2008-01-10 16:51 -------- d-----w c:\program files\ICQ6
2009-03-24 08:09 . 2009-03-24 08:09 -------- d-----w c:\program files\AVG
2009-03-24 07:55 . 2007-03-28 18:14 -------- d-----w c:\program files\ESET
2009-03-23 13:54 . 2009-03-23 13:54 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-23 13:48 . 2009-03-23 13:48 15781 ----a-w c:\windows\system32\drivers\mdc8021x.sys
2009-03-23 13:48 . 2009-03-22 10:23 -------- d-----w c:\program files\NETGEAR
2009-03-06 14:23 . 2004-08-17 13:49 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:14 . 2004-08-17 13:49 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 17:13 . 2004-08-17 13:49 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-19 09:40 . 2007-03-30 16:46 1386 -c--a-w c:\windows\mozver.dat
2008-10-19 23:26 . 2008-10-19 23:24 39 -c--a-w c:\program files\mjf_drm1.txt
2006-09-22 21:06 . 2006-09-22 21:06 27977025 -c--a-w c:\program files\Pack_Vista_Inspirat_1.1.exe
2006-09-22 20:33 . 2006-09-22 20:32 472042 -c--a-w c:\program files\xp-icons.zip
2006-09-22 20:23 . 2006-09-22 20:23 12119320 -c--a-w c:\program files\iconpackager_public.exe
2006-02-01 16:03 . 2006-02-01 16:02 92 -c--a-w c:\program files\prefs.ini
2006-02-01 16:02 . 2006-02-01 16:02 10849 -c-ha-w c:\program files\fotbal.GID
2006-02-01 16:02 . 2006-02-01 16:02 409 -c--a-w c:\program files\errlog.txt
2006-02-01 16:01 . 2006-02-01 16:01 355 -c--a-w c:\program files\_DEISREG.ISR
2008-07-21 21:40 . 2008-07-21 21:40 0 -csh--w c:\windows\S468BFF56.tmp
.
((((((((((((((((((((((((((((( SnapShot@2009-05-14_17.31.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-01-19 09:17 . 2009-05-14 18:02 23040 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2006-01-19 09:17 . 2009-05-05 18:01 23040 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2006-01-19 09:17 . 2009-05-05 18:01 61440 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2006-01-19 09:17 . 2009-05-14 18:02 61440 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2006-01-19 09:17 . 2009-05-05 18:01 27136 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2006-01-19 09:17 . 2009-05-14 18:02 27136 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2006-01-19 09:17 . 2009-05-14 18:02 11264 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2006-01-19 09:17 . 2009-05-05 18:01 11264 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2006-01-19 09:17 . 2009-05-14 18:02 86016 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2006-01-19 09:17 . 2009-05-05 18:01 86016 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2006-01-19 09:17 . 2009-05-14 18:02 12288 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2006-01-19 09:17 . 2009-05-05 18:01 12288 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2007-03-22 18:05 . 2007-03-22 18:05 97632 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\PP7X32.DLL
+ 2006-01-19 09:17 . 2009-05-14 18:02 4096 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2006-01-19 09:17 . 2009-05-05 18:01 4096 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2006-01-19 09:17 . 2009-05-14 18:02 409600 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2006-01-19 09:17 . 2009-05-05 18:01 409600 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2006-01-19 09:17 . 2009-05-05 18:01 286720 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2006-01-19 09:17 . 2009-05-14 18:02 286720 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2006-01-19 09:17 . 2009-05-05 18:01 249856 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2006-01-19 09:17 . 2009-05-14 18:02 249856 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2006-01-19 09:17 . 2009-05-05 18:01 794624 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2006-01-19 09:17 . 2009-05-14 18:02 794624 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2006-01-19 09:17 . 2009-05-14 18:02 135168 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2006-01-19 09:17 . 2009-05-05 18:01 135168 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2006-01-19 09:17 . 2009-05-14 18:02 593920 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2006-01-19 09:17 . 2009-05-05 18:01 593920 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2006-01-18 18:25 . 2009-05-07 07:16 24699336 c:\windows\system32\MRT.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"ares"="c:\program files\Ares\Ares.exe" [2007-12-31 962560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-27 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-27 532480]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-12-05 125536]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-07-12 14679552]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\MSI\BToes Bluetooth Software\BTTray.exe [2005-5-31 577597]
NETGEAR WG511U Smart Wizard.lnk - c:\program files\NETGEAR\WG511U Configuration Utility\wlancfgu.exe [2009-3-23 503870]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Fujitsu\\Plugfree\\PfChat.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\OpenVPN\\bin\\openvpn.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Ares Ultra\\Ares Ultra.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [17.2.2009 12:43 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17.2.2009 12:43 55024]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 19:19 13592]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [22.3.2009 15:04 17149]
R3 EKBfltr;ENE Keyboard Controller;c:\windows\system32\drivers\EKBfltr.sys [14.1.2005 11:22 5504]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [31.3.2009 10:12 101936]
R3 FUJ02E1;%FUJ02E1.DeviceDesc%;c:\windows\system32\drivers\FUJ02E1.sys [18.10.2004 16:08 5632]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [17.1.2004 1:00 4864]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [3.8.2004 23:04 69120]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17.2.2009 12:43 7408]
R3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [1.10.2006 14:37 26624]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\drivers\adusbser.sys [23.8.2007 19:30 93440]
S3 elSerial;elSerial Filter driver;c:\windows\system32\DRIVERS\elserial.sys --> c:\windows\system32\DRIVERS\elserial.sys [?]
S3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [24.1.2006 18:33 6656]
S3 OIIBTUSB;Bluetooth USB Driver;c:\windows\system32\drivers\OIIBTUSB.sys [13.10.2005 14:45 511418]
S3 OiiNd2kU;Bluetooth Ndis Driver;c:\windows\system32\drivers\oiind2ku.sys [13.10.2005 14:45 8864]
S3 Oiivcomu;Bluetooth Virtual COM Port;c:\windows\system32\drivers\oiivcomu.sys [13.10.2005 14:45 14970]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [5.12.2006 16:32 119392]
S3 ubi_bus;Ubiquam CDMA2000 Composite Device driver (WDM);c:\windows\system32\drivers\ubi_bus.sys [2.11.2005 18:34 58352]
S3 ubi_mdfl;Ubiquam CDMA2000 Filter;c:\windows\system32\drivers\ubi_mdfl.sys [2.11.2005 18:34 8336]
S3 ubi_mdm;Ubiquam CDMA2000 Drivers;c:\windows\system32\drivers\ubi_mdm.sys [2.11.2005 18:34 93872]
S3 VmbInfce;VmbInfce;c:\windows\system32\drivers\vmbinfce.sys --> c:\windows\system32\drivers\vmbinfce.sys [?]
S3 wg51und5;NETGEAR WG511U Wireless Network Adapter Service;c:\windows\system32\drivers\wg51und5.sys [23.3.2009 15:48 397152]
--- Ostatní služby/ovladače v paměti ---
*NewlyCreated* - NMSCFG
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bc6eb2e8-f6db-11dd-be46-000b5d954468}]
\Shell\AutoRun\command - E:\setupSNK.exe
.
Obsah adresáře 'Naplánované úlohy'
2008-10-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 11:42]
2009-05-14 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redi ... searchfor={searchTerms}
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\MSI\BToes Bluetooth Software\btsendto_ie_ctx.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\translat\WEBIE.DLL
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\www
DPF: {50E43D86-A74D-11D0-98CE-004005249458} - hxxps://www.mojebanka.cz/jars/confwiz/MVSGif.cab
DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} - hxxp://asp04.photoprintit.de/microsite/ ... loader.cab
FF - ProfilePath - c:\documents and settings\Martin\Data aplikací\Mozilla\Firefox\Profiles\im89bvd0.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-14 21:29
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1085031214-220523388-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-1085031214-220523388-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1052)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
- - - - - - - > 'explorer.exe'(2572)
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2009-05-14 21:31
ComboFix-quarantined-files.txt 2009-05-14 19:30
ComboFix2.txt 2009-05-14 17:33
Před spuštěním: Volných bajtů: 19 862 851 584
Po spuštění: Volných bajtů: 19 842 318 336
233 --- E O F --- 2009-05-14 18:02
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1014.339 [GMT 2:00]
Spuštěný z: c:\documents and settings\Martin\Plocha\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Outdated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-04-14 do 2009-05-14 )))))))))))))))))))))))))))))))
.
2009-05-14 18:04 . 2009-05-14 18:04 -------- d-----w c:\program files\Trend Micro
2009-05-14 17:06 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-14 17:06 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-14 17:06 . 2009-05-14 17:06 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-11 18:18 . 2005-05-31 12:10 17516 ----a-w c:\windows\system32\drivers\frmupgr.sys
2009-05-11 18:18 . 2005-05-31 12:06 44163 ----a-w c:\windows\system32\drivers\btwhid.sys
2009-04-27 11:55 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-27 11:55 . 2009-03-06 14:23 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-27 11:55 . 2009-02-09 11:25 111104 -c----w c:\windows\system32\dllcache\services.exe
2009-04-27 11:55 . 2009-02-09 10:56 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-27 11:55 . 2009-02-09 10:56 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-27 11:55 . 2009-02-09 10:56 684032 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-27 11:55 . 2009-02-09 10:56 728064 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-27 11:55 . 2009-02-09 10:56 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-27 11:55 . 2009-02-09 10:56 709632 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-27 11:40 . 2008-04-21 21:15 216576 -c----w c:\windows\system32\dllcache\wordpad.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-14 19:26 . 2006-01-19 08:26 -------- d-----w c:\program files\Symantec AntiVirus
2009-05-12 18:37 . 2007-08-23 17:02 -------- d-----w c:\program files\AnyDATA
2009-05-12 18:37 . 2006-01-19 08:21 -------- d-----w c:\program files\CyberLink
2009-05-12 18:37 . 2006-01-18 14:51 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-12 18:35 . 2008-10-19 23:32 -------- d-----w c:\program files\Oberon Media
2009-05-08 09:12 . 2009-03-23 13:54 -------- d-----w c:\program files\SUPERAntiSpyware
2009-05-04 19:22 . 2006-01-18 16:18 -------- d-----w c:\program files\Codec Pack - All In 1
2009-05-04 19:22 . 2006-01-18 16:18 737280 -c--a-w c:\windows\iun6002.exe
2009-05-02 07:59 . 2001-10-25 14:00 92114 ----a-w c:\windows\system32\perfc005.dat
2009-05-02 07:59 . 2001-10-25 14:00 462136 ----a-w c:\windows\system32\perfh005.dat
2009-03-31 13:05 . 2009-03-31 13:05 -------- d-----w c:\program files\Windows Defender
2009-03-31 08:10 . 2006-01-19 08:26 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-03-31 08:09 . 2006-01-19 08:26 -------- d-----w c:\program files\Symantec
2009-03-25 15:46 . 2009-03-25 15:46 -------- d-----w c:\program files\Microsoft Silverlight
2009-03-25 15:35 . 2009-03-25 15:35 -------- d-----w c:\program files\MSBuild
2009-03-25 15:35 . 2009-03-25 15:35 -------- d-----w c:\program files\Reference Assemblies
2009-03-25 15:28 . 2009-03-25 15:28 -------- d-----w c:\program files\Microsoft
2009-03-25 15:21 . 2009-03-25 15:21 -------- d-----w c:\program files\Windows Desktop Search
2009-03-25 09:12 . 2006-01-19 09:15 -------- d-----w c:\program files\Microsoft Works
2009-03-25 08:32 . 2009-03-25 08:32 -------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2009-03-24 13:20 . 2008-01-10 16:51 -------- d-----w c:\program files\ICQ6
2009-03-24 08:09 . 2009-03-24 08:09 -------- d-----w c:\program files\AVG
2009-03-24 07:55 . 2007-03-28 18:14 -------- d-----w c:\program files\ESET
2009-03-23 13:54 . 2009-03-23 13:54 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-23 13:48 . 2009-03-23 13:48 15781 ----a-w c:\windows\system32\drivers\mdc8021x.sys
2009-03-23 13:48 . 2009-03-22 10:23 -------- d-----w c:\program files\NETGEAR
2009-03-06 14:23 . 2004-08-17 13:49 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:14 . 2004-08-17 13:49 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 17:13 . 2004-08-17 13:49 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-19 09:40 . 2007-03-30 16:46 1386 -c--a-w c:\windows\mozver.dat
2008-10-19 23:26 . 2008-10-19 23:24 39 -c--a-w c:\program files\mjf_drm1.txt
2006-09-22 21:06 . 2006-09-22 21:06 27977025 -c--a-w c:\program files\Pack_Vista_Inspirat_1.1.exe
2006-09-22 20:33 . 2006-09-22 20:32 472042 -c--a-w c:\program files\xp-icons.zip
2006-09-22 20:23 . 2006-09-22 20:23 12119320 -c--a-w c:\program files\iconpackager_public.exe
2006-02-01 16:03 . 2006-02-01 16:02 92 -c--a-w c:\program files\prefs.ini
2006-02-01 16:02 . 2006-02-01 16:02 10849 -c-ha-w c:\program files\fotbal.GID
2006-02-01 16:02 . 2006-02-01 16:02 409 -c--a-w c:\program files\errlog.txt
2006-02-01 16:01 . 2006-02-01 16:01 355 -c--a-w c:\program files\_DEISREG.ISR
2008-07-21 21:40 . 2008-07-21 21:40 0 -csh--w c:\windows\S468BFF56.tmp
.
((((((((((((((((((((((((((((( SnapShot@2009-05-14_17.31.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-01-19 09:17 . 2009-05-14 18:02 23040 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2006-01-19 09:17 . 2009-05-05 18:01 23040 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2006-01-19 09:17 . 2009-05-05 18:01 61440 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2006-01-19 09:17 . 2009-05-14 18:02 61440 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2006-01-19 09:17 . 2009-05-05 18:01 27136 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2006-01-19 09:17 . 2009-05-14 18:02 27136 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2006-01-19 09:17 . 2009-05-14 18:02 11264 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2006-01-19 09:17 . 2009-05-05 18:01 11264 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2006-01-19 09:17 . 2009-05-14 18:02 86016 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2006-01-19 09:17 . 2009-05-05 18:01 86016 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2006-01-19 09:17 . 2009-05-14 18:02 12288 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2006-01-19 09:17 . 2009-05-05 18:01 12288 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2007-03-22 18:05 . 2007-03-22 18:05 97632 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\PP7X32.DLL
+ 2006-01-19 09:17 . 2009-05-14 18:02 4096 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2006-01-19 09:17 . 2009-05-05 18:01 4096 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2006-01-19 09:17 . 2009-05-14 18:02 409600 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2006-01-19 09:17 . 2009-05-05 18:01 409600 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2006-01-19 09:17 . 2009-05-05 18:01 286720 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2006-01-19 09:17 . 2009-05-14 18:02 286720 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2006-01-19 09:17 . 2009-05-05 18:01 249856 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2006-01-19 09:17 . 2009-05-14 18:02 249856 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2006-01-19 09:17 . 2009-05-05 18:01 794624 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2006-01-19 09:17 . 2009-05-14 18:02 794624 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2006-01-19 09:17 . 2009-05-14 18:02 135168 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2006-01-19 09:17 . 2009-05-05 18:01 135168 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2006-01-19 09:17 . 2009-05-14 18:02 593920 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2006-01-19 09:17 . 2009-05-05 18:01 593920 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2006-01-18 18:25 . 2009-05-07 07:16 24699336 c:\windows\system32\MRT.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"ares"="c:\program files\Ares\Ares.exe" [2007-12-31 962560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-27 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-27 532480]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-12-05 125536]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-07-12 14679552]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\MSI\BToes Bluetooth Software\BTTray.exe [2005-5-31 577597]
NETGEAR WG511U Smart Wizard.lnk - c:\program files\NETGEAR\WG511U Configuration Utility\wlancfgu.exe [2009-3-23 503870]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Fujitsu\\Plugfree\\PfChat.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\OpenVPN\\bin\\openvpn.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Ares Ultra\\Ares Ultra.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [17.2.2009 12:43 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17.2.2009 12:43 55024]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 19:19 13592]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [22.3.2009 15:04 17149]
R3 EKBfltr;ENE Keyboard Controller;c:\windows\system32\drivers\EKBfltr.sys [14.1.2005 11:22 5504]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [31.3.2009 10:12 101936]
R3 FUJ02E1;%FUJ02E1.DeviceDesc%;c:\windows\system32\drivers\FUJ02E1.sys [18.10.2004 16:08 5632]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [17.1.2004 1:00 4864]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [3.8.2004 23:04 69120]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17.2.2009 12:43 7408]
R3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [1.10.2006 14:37 26624]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\drivers\adusbser.sys [23.8.2007 19:30 93440]
S3 elSerial;elSerial Filter driver;c:\windows\system32\DRIVERS\elserial.sys --> c:\windows\system32\DRIVERS\elserial.sys [?]
S3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [24.1.2006 18:33 6656]
S3 OIIBTUSB;Bluetooth USB Driver;c:\windows\system32\drivers\OIIBTUSB.sys [13.10.2005 14:45 511418]
S3 OiiNd2kU;Bluetooth Ndis Driver;c:\windows\system32\drivers\oiind2ku.sys [13.10.2005 14:45 8864]
S3 Oiivcomu;Bluetooth Virtual COM Port;c:\windows\system32\drivers\oiivcomu.sys [13.10.2005 14:45 14970]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [5.12.2006 16:32 119392]
S3 ubi_bus;Ubiquam CDMA2000 Composite Device driver (WDM);c:\windows\system32\drivers\ubi_bus.sys [2.11.2005 18:34 58352]
S3 ubi_mdfl;Ubiquam CDMA2000 Filter;c:\windows\system32\drivers\ubi_mdfl.sys [2.11.2005 18:34 8336]
S3 ubi_mdm;Ubiquam CDMA2000 Drivers;c:\windows\system32\drivers\ubi_mdm.sys [2.11.2005 18:34 93872]
S3 VmbInfce;VmbInfce;c:\windows\system32\drivers\vmbinfce.sys --> c:\windows\system32\drivers\vmbinfce.sys [?]
S3 wg51und5;NETGEAR WG511U Wireless Network Adapter Service;c:\windows\system32\drivers\wg51und5.sys [23.3.2009 15:48 397152]
--- Ostatní služby/ovladače v paměti ---
*NewlyCreated* - NMSCFG
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bc6eb2e8-f6db-11dd-be46-000b5d954468}]
\Shell\AutoRun\command - E:\setupSNK.exe
.
Obsah adresáře 'Naplánované úlohy'
2008-10-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 11:42]
2009-05-14 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redi ... searchfor={searchTerms}
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\MSI\BToes Bluetooth Software\btsendto_ie_ctx.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\translat\WEBIE.DLL
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\www
DPF: {50E43D86-A74D-11D0-98CE-004005249458} - hxxps://www.mojebanka.cz/jars/confwiz/MVSGif.cab
DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} - hxxp://asp04.photoprintit.de/microsite/ ... loader.cab
FF - ProfilePath - c:\documents and settings\Martin\Data aplikací\Mozilla\Firefox\Profiles\im89bvd0.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-14 21:29
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1085031214-220523388-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-1085031214-220523388-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1052)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
- - - - - - - > 'explorer.exe'(2572)
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2009-05-14 21:31
ComboFix-quarantined-files.txt 2009-05-14 19:30
ComboFix2.txt 2009-05-14 17:33
Před spuštěním: Volných bajtů: 19 862 851 584
Po spuštění: Volných bajtů: 19 842 318 336
233 --- E O F --- 2009-05-14 18:02
-
Damned
- Tvůrce článků
-
Master Level 9
- Příspěvky: 8353
- Registrován: prosinec 06
- Bydliště: Rokycany
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: prosím o kontrolu
Na virustotal zkontroluj červeně označené soubory:
c:\program files\Ares\Ares.exe
c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\unbndico.exe
Dej sem potom výsledky skeneru.
c:\program files\Ares\Ares.exe
c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\unbndico.exe
Dej sem potom výsledky skeneru.
Naposledy upravil(a) Damned dne 14 kvě 2009 22:23, celkem upraveno 1 x.
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Re: prosím o kontrolu
Soubor Ares.exe přijatý 2009.05.08 04:37:03 (CET)
Současný stav: Dokončeno
Výsledek: 0/40 (0.00%)
Formátované Formátované
Vytisknout výsledky Vytisknout výsledky
Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.0.0.101 2009.05.08 -
AhnLab-V3 5.0.0.2 2009.05.07 -
AntiVir 7.9.0.160 2009.05.07 -
Antiy-AVL 2.0.3.1 2009.05.07 -
Authentium 5.1.2.4 2009.05.07 -
Avast 4.8.1335.0 2009.05.07 -
AVG 8.5.0.327 2009.05.07 -
BitDefender 7.2 2009.05.08 -
CAT-QuickHeal 10.00 2009.05.06 -
ClamAV 0.94.1 2009.05.08 -
Comodo 1154 2009.05.06 -
DrWeb 5.0.0.12182 2009.05.08 -
eSafe 7.0.17.0 2009.05.07 -
eTrust-Vet 31.6.6495 2009.05.08 -
F-Prot 4.4.4.56 2009.05.07 -
F-Secure 8.0.14470.0 2009.05.08 -
Fortinet 3.117.0.0 2009.05.07 -
GData 19 2009.05.08 -
Ikarus T3.1.1.49.0 2009.05.08 -
K7AntiVirus 7.10.728 2009.05.07 -
Kaspersky 7.0.0.125 2009.05.08 -
McAfee 5608 2009.05.07 -
McAfee+Artemis 5608 2009.05.07 -
McAfee-GW-Edition 6.7.6 2009.05.08 -
Microsoft 1.4602 2009.05.07 -
NOD32 4061 2009.05.07 -
Norman 6.01.05 2009.05.07 -
nProtect 2009.1.8.0 2009.05.08 -
Panda 10.0.0.14 2009.05.07 -
PCTools 4.4.2.0 2009.05.07 -
Prevx 3.0 2009.05.08 -
Rising 21.28.32.00 2009.05.07 -
Sophos 4.41.0 2009.05.08 -
Sunbelt 3.2.1858.2 2009.05.08 -
Symantec 1.4.4.12 2009.05.08 -
TheHacker 6.3.4.1.321 2009.05.07 -
TrendMicro 8.950.0.1092 2009.05.07 -
VBA32 3.12.10.4 2009.05.07 -
ViRobot 2009.5.8.1724 2009.05.08 -
VirusBuster 4.6.5.0 2009.05.07 -
Rozšiřující informace
Tamano archivo: 962560 bytes
MD5...: d7d6e683aec35e6aa664738e339c4e9f
SHA1..: 58d19ef289e94b6f1982240a2816ebe1faa6ef61
SHA256: 89f6b578fa3d3e205aff6647725efc671050116a272a5cd5e52897253d4d94b0
SHA512: f762f21906a7a7a13e8f68aa54468d7b40912c696d22b526b4d8bcd2e23ddd8a
8a14733286f87e2dc82bc64d9a986a2548adc1c0e9f6395e5dbfe6809627c044
ssdeep: 12288:uqhDRTH69wkTndh/DF1LuIREbh6XOlreOuCnq6pNxq+CRT+0VvjmtP0wDe
gB:JhDZ4TTdpJNibiOlqPIpNxx0+05Y5
PEiD..: ASPack v2.12
TrID..: File type identification
Win32 Executable Generic (58.3%)
Win16/32 Executable Delphi generic (14.1%)
Generic Win/DOS Executable (13.7%)
DOS Executable Generic (13.6%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x2ef001
timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)
machinetype.......: 0x14c (I386)
( 10 sections )
name viradd virsiz rawdsiz ntrpy md5
CODE 0x1000 0x279000 0xd4800 8.00 16376867f8b2024223871596345cd6b9
DATA 0x27a000 0x9000 0x5000 7.97 7d0f3046e92c174013ef14439ebe5e8f
BSS 0x283000 0x8000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.idata 0x28b000 0x4000 0x1400 7.92 3d5a571456e4cf19da10181fdcc6d541
.tls 0x28f000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rdata 0x290000 0x1000 0x200 0.35 19baf0a122d539a92940bb1668243167
.reloc 0x291000 0x1f000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x2b0000 0x3f000 0xa600 7.73 c84d9722fa0e983c4f4a82d2a343779a
.aspack 0x2ef000 0x6000 0x5800 6.01 bece1e5638fae2624feb319e6cf864f3
.adata 0x2f5000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
( 27 imports )
> kernel32.dll: GetProcAddress, GetModuleHandleA, LoadLibraryA
> user32.dll: GetKeyboardType
> advapi32.dll: RegQueryValueExA
> oleaut32.dll: SysFreeString
> advapi32.dll: RegSetValueExA
> version.dll: VerQueryValueW
> gdi32.dll: UnrealizeObject
> user32.dll: CreateWindowExW
> ole32.dll: IsEqualGUID
> oleaut32.dll: SafeArrayPtrOfIndex
> ole32.dll: CreateStreamOnHGlobal
> oleaut32.dll: GetErrorInfo
> comctl32.dll: ImageList_SetIconSize
> winspool.drv: OpenPrinterA
> shell32.dll: ShellExecuteW
> shell32.dll: SHGetSpecialFolderLocation
> comdlg32.dll: ChooseFontA
> winmm.dll: waveOutSetVolume
> ddraw.dll: DirectDrawCreate
> quartz.dll: AMGetErrorTextA
> wsock32.dll: inet_addr
> oledlg.dll: OleUIObjectPropertiesA
> shell32.dll: DragFinish
> shell32.dll: SHBrowseForFolderW
> advapi32.dll: StartServiceA
> wsock32.dll: inet_ntoa
> ole32.dll: CoCreateGuid
( 0 exports )
PDFiD.: -
RDS...: NSRL Reference Data Set
-
ThreatExpert info: http://www.threatexpert.com/report.aspx ... 8e339c4e9f
packers (Kaspersky): ASPack
packers (F-Prot): Aspack
Současný stav: Dokončeno
Výsledek: 0/40 (0.00%)
Formátované Formátované
Vytisknout výsledky Vytisknout výsledky
Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.0.0.101 2009.05.08 -
AhnLab-V3 5.0.0.2 2009.05.07 -
AntiVir 7.9.0.160 2009.05.07 -
Antiy-AVL 2.0.3.1 2009.05.07 -
Authentium 5.1.2.4 2009.05.07 -
Avast 4.8.1335.0 2009.05.07 -
AVG 8.5.0.327 2009.05.07 -
BitDefender 7.2 2009.05.08 -
CAT-QuickHeal 10.00 2009.05.06 -
ClamAV 0.94.1 2009.05.08 -
Comodo 1154 2009.05.06 -
DrWeb 5.0.0.12182 2009.05.08 -
eSafe 7.0.17.0 2009.05.07 -
eTrust-Vet 31.6.6495 2009.05.08 -
F-Prot 4.4.4.56 2009.05.07 -
F-Secure 8.0.14470.0 2009.05.08 -
Fortinet 3.117.0.0 2009.05.07 -
GData 19 2009.05.08 -
Ikarus T3.1.1.49.0 2009.05.08 -
K7AntiVirus 7.10.728 2009.05.07 -
Kaspersky 7.0.0.125 2009.05.08 -
McAfee 5608 2009.05.07 -
McAfee+Artemis 5608 2009.05.07 -
McAfee-GW-Edition 6.7.6 2009.05.08 -
Microsoft 1.4602 2009.05.07 -
NOD32 4061 2009.05.07 -
Norman 6.01.05 2009.05.07 -
nProtect 2009.1.8.0 2009.05.08 -
Panda 10.0.0.14 2009.05.07 -
PCTools 4.4.2.0 2009.05.07 -
Prevx 3.0 2009.05.08 -
Rising 21.28.32.00 2009.05.07 -
Sophos 4.41.0 2009.05.08 -
Sunbelt 3.2.1858.2 2009.05.08 -
Symantec 1.4.4.12 2009.05.08 -
TheHacker 6.3.4.1.321 2009.05.07 -
TrendMicro 8.950.0.1092 2009.05.07 -
VBA32 3.12.10.4 2009.05.07 -
ViRobot 2009.5.8.1724 2009.05.08 -
VirusBuster 4.6.5.0 2009.05.07 -
Rozšiřující informace
Tamano archivo: 962560 bytes
MD5...: d7d6e683aec35e6aa664738e339c4e9f
SHA1..: 58d19ef289e94b6f1982240a2816ebe1faa6ef61
SHA256: 89f6b578fa3d3e205aff6647725efc671050116a272a5cd5e52897253d4d94b0
SHA512: f762f21906a7a7a13e8f68aa54468d7b40912c696d22b526b4d8bcd2e23ddd8a
8a14733286f87e2dc82bc64d9a986a2548adc1c0e9f6395e5dbfe6809627c044
ssdeep: 12288:uqhDRTH69wkTndh/DF1LuIREbh6XOlreOuCnq6pNxq+CRT+0VvjmtP0wDe
gB:JhDZ4TTdpJNibiOlqPIpNxx0+05Y5
PEiD..: ASPack v2.12
TrID..: File type identification
Win32 Executable Generic (58.3%)
Win16/32 Executable Delphi generic (14.1%)
Generic Win/DOS Executable (13.7%)
DOS Executable Generic (13.6%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x2ef001
timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)
machinetype.......: 0x14c (I386)
( 10 sections )
name viradd virsiz rawdsiz ntrpy md5
CODE 0x1000 0x279000 0xd4800 8.00 16376867f8b2024223871596345cd6b9
DATA 0x27a000 0x9000 0x5000 7.97 7d0f3046e92c174013ef14439ebe5e8f
BSS 0x283000 0x8000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.idata 0x28b000 0x4000 0x1400 7.92 3d5a571456e4cf19da10181fdcc6d541
.tls 0x28f000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rdata 0x290000 0x1000 0x200 0.35 19baf0a122d539a92940bb1668243167
.reloc 0x291000 0x1f000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x2b0000 0x3f000 0xa600 7.73 c84d9722fa0e983c4f4a82d2a343779a
.aspack 0x2ef000 0x6000 0x5800 6.01 bece1e5638fae2624feb319e6cf864f3
.adata 0x2f5000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
( 27 imports )
> kernel32.dll: GetProcAddress, GetModuleHandleA, LoadLibraryA
> user32.dll: GetKeyboardType
> advapi32.dll: RegQueryValueExA
> oleaut32.dll: SysFreeString
> advapi32.dll: RegSetValueExA
> version.dll: VerQueryValueW
> gdi32.dll: UnrealizeObject
> user32.dll: CreateWindowExW
> ole32.dll: IsEqualGUID
> oleaut32.dll: SafeArrayPtrOfIndex
> ole32.dll: CreateStreamOnHGlobal
> oleaut32.dll: GetErrorInfo
> comctl32.dll: ImageList_SetIconSize
> winspool.drv: OpenPrinterA
> shell32.dll: ShellExecuteW
> shell32.dll: SHGetSpecialFolderLocation
> comdlg32.dll: ChooseFontA
> winmm.dll: waveOutSetVolume
> ddraw.dll: DirectDrawCreate
> quartz.dll: AMGetErrorTextA
> wsock32.dll: inet_addr
> oledlg.dll: OleUIObjectPropertiesA
> shell32.dll: DragFinish
> shell32.dll: SHBrowseForFolderW
> advapi32.dll: StartServiceA
> wsock32.dll: inet_ntoa
> ole32.dll: CoCreateGuid
( 0 exports )
PDFiD.: -
RDS...: NSRL Reference Data Set
-
ThreatExpert info: http://www.threatexpert.com/report.aspx ... 8e339c4e9f
packers (Kaspersky): ASPack
packers (F-Prot): Aspack
Re: prosím o kontrolu
Soubor unbndico.exe přijatý 2009.05.14 22:13:36 (CET)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 0/40 (0%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: 1.
Odhadovaný čas začátku mezi 46 a 66 sekundami.
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Formátované
Vytisknout výsledky Vytisknout výsledky
Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.
Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov.
Email:
Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.0.0.101 2009.05.14 -
AhnLab-V3 5.0.0.2 2009.05.14 -
AntiVir 7.9.0.166 2009.05.14 -
Antiy-AVL 2.0.3.1 2009.05.14 -
Authentium 5.1.2.4 2009.05.14 -
Avast 4.8.1335.0 2009.05.13 -
AVG 8.5.0.327 2009.05.14 -
BitDefender 7.2 2009.05.14 -
CAT-QuickHeal 10.00 2009.05.14 -
ClamAV 0.94.1 2009.05.14 -
Comodo 1157 2009.05.08 -
DrWeb 5.0.0.12182 2009.05.14 -
eSafe 7.0.17.0 2009.05.14 -
eTrust-Vet 31.6.6505 2009.05.14 -
F-Prot 4.4.4.56 2009.05.14 -
F-Secure 8.0.14470.0 2009.05.14 -
Fortinet 3.117.0.0 2009.05.14 -
GData 19 2009.05.14 -
Ikarus T3.1.1.49.0 2009.05.14 -
K7AntiVirus 7.10.735 2009.05.14 -
Kaspersky 7.0.0.125 2009.05.14 -
McAfee 5615 2009.05.14 -
McAfee+Artemis 5615 2009.05.14 -
McAfee-GW-Edition 6.7.6 2009.05.14 -
Microsoft 1.4602 2009.05.14 -
NOD32 4076 2009.05.14 -
Norman 6.01.05 2009.05.14 -
nProtect 2009.1.8.0 2009.05.14 -
Panda 10.0.0.14 2009.05.14 -
PCTools 4.4.2.0 2009.05.13 -
Prevx 3.0 2009.05.14 -
Rising 21.29.34.00 2009.05.14 -
Sophos 4.41.0 2009.05.14 -
Sunbelt 3.2.1858.2 2009.05.14 -
Symantec 1.4.4.12 2009.05.14 -
TheHacker 6.3.4.1.326 2009.05.14 -
TrendMicro 8.950.0.1092 2009.05.14 -
VBA32 3.12.10.5 2009.05.14 -
ViRobot 2009.5.14.1735 2009.05.14 -
VirusBuster 4.6.5.0 2009.05.14 -
Rozšiřující informace
File size: 23040 bytes
MD5...: ed63ae25e371f46fd7fafd91eccc53aa
SHA1..: 75041b0ef3b7a6bef02b903966c6c8273438c829
SHA256: f5e69ff2cb632738c0712152d5e615bcae404f13dccb810c1ce1d0bad4dca939
SHA512: 1567e44b14ecef3890364f453fdc81210740d82d7c73f54fbea073c245f2bca5
f7eb9028b3376649be5c6e6812122d4f8d5696e2c12d7909a0f91c9ebc5382ab
ssdeep: 192:gRbKKDKeUKD9gCms2KDN63TAGeKDh4VV:gpKKDKLKDaC12KDNIeKDh4b
PEiD..: -
TrID..: File type identification
Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x1000
timedatestamp.....: 0x3f73200f (Thu Sep 25 17:04:15 2003)
machinetype.......: 0x14c (I386)
( 2 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x10 0x200 0.21 8a19527026a849d64688e24dbeedb712
.rsrc 0x2000 0x53b0 0x5400 3.91 a2dcd72710a2e09c605a5c428d0830b7
( 0 imports )
( 0 exports )
PDFiD.: -
RDS...: NSRL Reference Data Set
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 0/40 (0%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: 1.
Odhadovaný čas začátku mezi 46 a 66 sekundami.
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Formátované
Vytisknout výsledky Vytisknout výsledky
Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.
Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov.
Email:
Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.0.0.101 2009.05.14 -
AhnLab-V3 5.0.0.2 2009.05.14 -
AntiVir 7.9.0.166 2009.05.14 -
Antiy-AVL 2.0.3.1 2009.05.14 -
Authentium 5.1.2.4 2009.05.14 -
Avast 4.8.1335.0 2009.05.13 -
AVG 8.5.0.327 2009.05.14 -
BitDefender 7.2 2009.05.14 -
CAT-QuickHeal 10.00 2009.05.14 -
ClamAV 0.94.1 2009.05.14 -
Comodo 1157 2009.05.08 -
DrWeb 5.0.0.12182 2009.05.14 -
eSafe 7.0.17.0 2009.05.14 -
eTrust-Vet 31.6.6505 2009.05.14 -
F-Prot 4.4.4.56 2009.05.14 -
F-Secure 8.0.14470.0 2009.05.14 -
Fortinet 3.117.0.0 2009.05.14 -
GData 19 2009.05.14 -
Ikarus T3.1.1.49.0 2009.05.14 -
K7AntiVirus 7.10.735 2009.05.14 -
Kaspersky 7.0.0.125 2009.05.14 -
McAfee 5615 2009.05.14 -
McAfee+Artemis 5615 2009.05.14 -
McAfee-GW-Edition 6.7.6 2009.05.14 -
Microsoft 1.4602 2009.05.14 -
NOD32 4076 2009.05.14 -
Norman 6.01.05 2009.05.14 -
nProtect 2009.1.8.0 2009.05.14 -
Panda 10.0.0.14 2009.05.14 -
PCTools 4.4.2.0 2009.05.13 -
Prevx 3.0 2009.05.14 -
Rising 21.29.34.00 2009.05.14 -
Sophos 4.41.0 2009.05.14 -
Sunbelt 3.2.1858.2 2009.05.14 -
Symantec 1.4.4.12 2009.05.14 -
TheHacker 6.3.4.1.326 2009.05.14 -
TrendMicro 8.950.0.1092 2009.05.14 -
VBA32 3.12.10.5 2009.05.14 -
ViRobot 2009.5.14.1735 2009.05.14 -
VirusBuster 4.6.5.0 2009.05.14 -
Rozšiřující informace
File size: 23040 bytes
MD5...: ed63ae25e371f46fd7fafd91eccc53aa
SHA1..: 75041b0ef3b7a6bef02b903966c6c8273438c829
SHA256: f5e69ff2cb632738c0712152d5e615bcae404f13dccb810c1ce1d0bad4dca939
SHA512: 1567e44b14ecef3890364f453fdc81210740d82d7c73f54fbea073c245f2bca5
f7eb9028b3376649be5c6e6812122d4f8d5696e2c12d7909a0f91c9ebc5382ab
ssdeep: 192:gRbKKDKeUKD9gCms2KDN63TAGeKDh4VV:gpKKDKLKDaC12KDNIeKDh4b
PEiD..: -
TrID..: File type identification
Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x1000
timedatestamp.....: 0x3f73200f (Thu Sep 25 17:04:15 2003)
machinetype.......: 0x14c (I386)
( 2 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x10 0x200 0.21 8a19527026a849d64688e24dbeedb712
.rsrc 0x2000 0x53b0 0x5400 3.91 a2dcd72710a2e09c605a5c428d0830b7
( 0 imports )
( 0 exports )
PDFiD.: -
RDS...: NSRL Reference Data Set
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 111 hostů