SPyware alert

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

Odpovědět
dastin
Level 1
Level 1
Příspěvky: 51
Registrován: říjen 08
Pohlaví: Nespecifikováno
Stav:
Offline

SPyware alert

Příspěvekod dastin » 14 lis 2009 13:44

viewtopic.php?f=47&t=46783&p=319944#p319944

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:44:05, on 14.11.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\OETRN.EXE
C:\WINDOWS\system32\lsf2f4f5.exe
D:\Program files\QIP\qip.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bsplayer-search.com/startpage
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program Files\BS.Player ControlBar\BSToolbar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OEXPRESS] C:\WINDOWS\OETRN.EXE
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [Steam] "D:\Hry\FM 10\Steam.exe" -silent
O4 - HKCU\..\Run: [lsf2f4f5.exe] C:\WINDOWS\system32\lsf2f4f5.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint - Náhled - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Přidat na seznam k tisku - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint - Tisk - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Vysokorychlostní tisk - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\WINDOWS\System32\appdrvrem01.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Služba Google Update (gupdate1c9d246f258506c) (gupdate1c9d246f258506c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe



Prosím o kontrolu ..
--
End of file - 9074 bytes
Nahoru
Reklama
Top
pitimir
Level 3.5
Level 3.5
Příspěvky: 850
Registrován: srpen 09
Pohlaví: Muž
Stav:
Offline

Re: SPyware alert

Příspěvekod pitimir » 14 lis 2009 14:08

Nazdar.

Stiahni DDS. Uloz na plochu, ukonci vsetky spustene programy a spust ho. Po skonceni scanu sa otvoria vysledky v 2 oknach - DDS.txt a Attach.txt. Obsah oboch by som rad videl.
Nemam rad amaterizmus...

A adresat odkazu to vie :)
Nahoru
dastin
Level 1
Level 1
Příspěvky: 51
Registrován: říjen 08
Pohlaví: Nespecifikováno
Stav:
Offline

Re: SPyware alert

Příspěvekod dastin » 14 lis 2009 14:18

ahoj,,DDS z toho odkazu stahnout nejde a nikde jinde jsem ho nenašel.
Nahoru
pitimir
Level 3.5
Level 3.5
Příspěvky: 850
Registrován: srpen 09
Pohlaví: Muž
Stav:
Offline

Re: SPyware alert

Příspěvekod pitimir » 14 lis 2009 15:31

Co tento link?

http://download.bleepingcomputer.com/sUBs/dds.scr
Nemam rad amaterizmus...

A adresat odkazu to vie :)
Nahoru
dastin
Level 1
Level 1
Příspěvky: 51
Registrován: říjen 08
Pohlaví: Nespecifikováno
Stav:
Offline

Re: SPyware alert

Příspěvekod dastin » 14 lis 2009 15:38

jojo ten jede :) ..

DDS

DDS (Ver_09-10-26.01) - NTFSx86
Run by Petr at 15:37:38,48 on so 14.11.2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.1022.641 [GMT 1:00]

AV: avast! antivirus 4.8.1335 [VPS 091114-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\OETRN.EXE
C:\WINDOWS\system32\lsf2f4f5.exe
C:\Documents and Settings\Petr\Dokumenty\Stažené soubory\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.bsplayer-search.com/startpage
uURLSearchHooks: H - No File
uURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
uURLSearchHooks: free-downloads.net Toolbar: {ecdee021-0d17-467f-a1ff-c7a115230949} - c:\program files\free-downloads.net\tbfree.dll
mWinlogon: UIHost=%SystemRoot%\system32\logonui.exe
BHO: WebTransBHO Class: {2db66063-bb98-466a-aa0d-3e7acf5ed853} - c:\windows\WebIE.dll
BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: free-downloads.net Toolbar: {ecdee021-0d17-467f-a1ff-c7a115230949} - c:\program files\free-downloads.net\tbfree.dll
TB: WebTranslator: {bfc32e1d-ee75-4a48-bc60-104e11ee2431} - c:\windows\WebIE.dll
TB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
TB: BS.Player ControlBar: {2c688203-7eb3-4327-9995-1cb417ba23f9} - c:\program files\bs.player controlbar\BSToolbar.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: free-downloads.net Toolbar: {ecdee021-0d17-467f-a1ff-c7a115230949} - c:\program files\free-downloads.net\tbfree.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [OEXPRESS] c:\windows\OETRN.EXE
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [SpywareTerminatorUpdate] "c:\program files\spyware terminator\SpywareTerminatorUpdate.exe"
uRun: [Steam] "d:\hry\fm 10\Steam.exe" -silent
uRun: [lsf2f4f5.exe] c:\windows\system32\lsf2f4f5.exe
mRun: [nwiz] nwiz.exe /install
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SpywareTerminator] "c:\program files\spyware terminator\SpywareTerminatorShield.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\nabdka~1\programy\posput~1\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\nabdka~1\programy\posput~1\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Easy-WebPrint - Náhled - c:\program files\canon\easy-webprint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint - Přidat na seznam k tisku - c:\program files\canon\easy-webprint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint - Tisk - c:\program files\canon\easy-webprint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint - Vysokorychlostní tisk - c:\program files\canon\easy-webprint\Toolband.dll/RC_HSPrint.html
IE: {BFC32E1D-EE75-4A48-BC60-104E11EE2431}
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6.5\ICQ.exe
IE: {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\windows\WebIE.dll
IE: {CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://icq.oberon-media.com/Gameshell/G ... meHost.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\petr\dataap~1\mozilla\firefox\profiles\twkc5eow.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - plugin: c:\documents and settings\petr\data aplikacă­\mozilla\firefox\profiles\twkc5eow.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\program files\google\google updater\2.4.1698.5652\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.XMLHttpRequest.channel", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.jit.chrome", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("security.checkloaduri", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("bidi.characterset", 1);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\channel-prefs.js - pref("app.update.channel", "release");
c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");

============= SERVICES / DRIVERS ===============

R1 appdrv01;Application Driver (01);c:\windows\system32\drivers\appdrv01.sys [2009-1-15 3100776]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-2 114768]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2009-10-16 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-12-2 20560]
R2 ICQ Service;ICQ Service;c:\program files\icq6toolbar\ICQ Service.exe [2008-12-5 222456]
S2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\system32\appdrvrem01.exe svc --> c:\windows\system32\appdrvrem01.exe svc [?]
S2 gupdate1c9d246f258506c;Služba Google Update (gupdate1c9d246f258506c);c:\program files\google\update\GoogleUpdate.exe [2009-5-11 133104]
S3 FXDrv32;FXDrv32;\??\e:\fxdrv32.sys --> e:\FXDrv32.sys [?]

=============== Created Last 30 ================

2009-12-28 20:23:07 12611 ----a-w- c:\windows\1az5addwa952751.cpl
2009-12-27 05:55:06 12093 ----a-w- c:\windows\z3245tr9j62c.dll
2009-12-25 20:36:33 12089 ----a-w- c:\windows\59a5spazse670.bin
2009-12-24 04:27:50 11700 ----a-w- c:\windows\151zhacktoo957b.ocx
2009-12-24 03:27:28 14683 ----a-w- c:\windows\18523spambotz9a.bin
2009-12-22 02:40:03 6285 ----a-w- c:\windows\system32\15369vizus2e05.exe
2009-12-21 16:16:15 15735 ----a-w- c:\windows\system32\20080worz9e25.bin
2009-12-18 09:29:10 12387 ----a-w- c:\windows\system32\3d589iz724.bin
2009-12-16 09:09:33 9460 ----a-w- c:\windows\system32\59e3zackdoor29955.ocx
2009-12-16 02:21:33 4808 ----a-w- c:\windows\system32\9947h9cktzo581.ocx
2009-12-15 15:16:19 10809 ----a-w- c:\windows\3c19sz5ware872.exe
2009-12-14 23:33:39 7506 ----a-w- c:\windows\system32\388d59eal6z4.bin
2009-12-14 14:41:49 11935 ----a-w- c:\windows\78zebac5door9434.bin
2009-12-14 06:39:54 7206 ----a-w- c:\windows\system32\ez9addwar5395.ocx
2009-12-13 23:36:28 10177 ----a-w- c:\windows\system32\94z8spa5bot479.cpl
2009-12-12 01:08:53 8604 ----a-w- c:\windows\system32\2789n9t-z-v5ruse0.exe
2009-12-11 19:36:15 4018 ----a-w- c:\windows\system32\6315tr9j2z7.cpl
2009-12-11 13:15:08 14109 ----a-w- c:\windows\system32\6z54worm6e69.dll
2009-12-11 12:53:01 18206 ----a-w- c:\windows\system32\5b85spa9ze2602.dll
2009-12-09 16:36:33 5874 ----a-w- c:\windows\system32\75f9thzeat6052.exe
2009-12-09 05:23:49 4090 ----a-w- c:\windows\system32\4a705hizf1597.ocx
2009-12-05 21:10:10 3476 ----a-w- c:\windows\9af9vir36z5.cpl
2009-12-04 23:52:31 14237 ----a-w- c:\windows\946abackzoor757.exe
2009-12-04 09:43:38 5605 ----a-w- c:\windows\system32\b4fbackd5or69z9.bin
2009-12-03 22:39:40 5441 ----a-w- c:\windows\5129wzrm401.dll
2009-12-03 21:10:41 12923 ----a-w- c:\windows\45c8th9ef273z.cpl
2009-12-02 23:14:16 9684 ----a-w- c:\windows\99z9s5y1c5.bin
2009-11-27 01:43:07 4683 ----a-w- c:\windows\1f56thie92623z.exe
2009-11-26 07:07:50 11509 ----a-w- c:\windows\system32\213z2spa9botd55.cpl
2009-11-26 05:01:40 3827 ----a-w- c:\windows\79d4downlozder5493.cpl
2009-11-25 20:55:57 4003 ----a-w- c:\windows\1c9dspywarz511.cpl
2009-11-23 18:42:07 7993 ----a-w- c:\windows\system32\21ezsp9ware5023.exe
2009-11-22 23:52:45 2698 ----a-w- c:\windows\15955spyza4.dll
2009-11-22 04:37:52 11814 ----a-w- c:\windows\z893spy5885.dll
2009-11-21 22:20:10 4678 ----a-w- c:\windows\5880spywz5e991.exe
2009-11-21 12:15:23 11840 ----a-w- c:\windows\3005659ambot3zb.bin
2009-11-20 14:35:32 17767 ----a-w- c:\windows\system32\280zthre5t92222.ocx
2009-11-18 21:19:42 5425 ----a-w- c:\windows\system32\271z3viru5793.dll
2009-11-18 20:08:40 2797 ----a-w- c:\windows\5915hzckto5l5f4.dll
2009-11-18 04:02:45 4388 ----a-w- c:\windows\9515spy5za.bin
2009-11-17 09:20:34 17105 ----a-w- c:\windows\system32\79395py516z.ocx
2009-11-15 19:26:12 17611 ----a-w- c:\windows\system32\25647zpambot935.cpl
2009-11-14 21:52:27 18327 ----a-w- c:\windows\77z5vir962.dll
2009-11-14 12:34:19 0 d-----w- c:\program files\Trend Micro
2009-11-14 01:02:58 14310 ----a-w- c:\windows\system32\z59589roj418.cpl
2009-11-13 23:30:35 18320 ----a-w- c:\windows\15116sp9mbzt150.ocx
2009-11-13 20:54:17 15564 ----a-w- c:\windows\system32\66a9bac95oor1123z.exe
2009-11-13 12:24:45 5837 ----a-w- c:\windows\529cstzal2035.exe
2009-11-12 14:43:14 12954 ----a-w- c:\windows\483zpamb9t585.ocx
2009-11-10 08:58:34 16291 ----a-w- c:\windows\18987vi5usz189.cpl
2009-11-08 02:15:58 12457 ----a-w- c:\windows\7b19zackdoor1545.bin
2009-11-07 19:38:37 10362 ----a-w- c:\windows\system32\5725s95al299z.exe
2009-11-07 03:50:50 7950 ----a-w- c:\windows\system32\dfbazdwar520879.exe
2009-11-05 18:44:27 7868 ----a-w- c:\windows\791est5a960z.exe
2009-11-05 06:29:21 10538 ----a-w- c:\windows\system32\2958thzef1894.ocx
2009-11-04 06:46:51 12640 ----a-w- c:\windows\z9740not-a-vir5s3409.bin
2009-11-03 10:18:39 15538 ----a-w- c:\windows\system32\5de9vi9128z5.cpl
2009-10-28 04:05:15 6011 ----a-w- c:\windows\system32\52z5ha9ktool22e.exe
2009-10-28 00:44:48 18160 ----a-w- c:\windows\6dd0v5r904z.ocx
2009-10-27 15:40:00 17382 ----a-w- c:\windows\system32\27601zp95da5.dll
2009-10-27 10:51:23 17651 ----a-w- c:\windows\1b599zd5are2802.cpl
2009-10-26 11:54:31 4040 ----a-w- c:\windows\54499hreat32290z.cpl
2009-10-26 06:18:53 3963 ----a-w- c:\windows\57118spzm9ot292.bin
2009-10-25 10:37:08 11377 ----a-w- c:\windows\5754spaz9e1717.cpl
2009-10-24 23:46:56 8359 ----a-w- c:\windows\9z49vir5665.ocx
2009-10-24 12:15:28 9045 ----a-w- c:\windows\465zvir994.cpl
2009-10-16 10:06:27 54156 ---ha-w- c:\windows\QTFont.qfn
2009-10-16 10:06:27 1409 ----a-w- c:\windows\QTFont.for
2009-10-16 09:27:05 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-10-16 09:27:05 0 d-----w- c:\docume~1\alluse~1\dataap~1\Spybot - Search & Destroy
2009-10-16 09:26:44 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-10-16 09:26:44 0 d-----w- c:\docume~1\petr\dataap~1\Spyware Terminator
2009-10-16 09:26:40 0 d-----w- c:\program files\Spyware Terminator
2009-10-16 09:26:40 0 d-----w- c:\docume~1\alluse~1\dataap~1\Spyware Terminator

==================== Find3M ====================

2009-11-10 13:27:40 78030 ----a-w- c:\windows\system32\perfc005.dat
2009-11-10 13:27:40 429018 ----a-w- c:\windows\system32\perfh005.dat
2009-10-12 19:49:42 10003 ----a-w- c:\windows\9853virus9c7z.bin
2009-10-12 06:03:28 6441 ----a-w- c:\windows\system32\4605a5dwarz4959.dll
2009-10-10 01:30:10 4129 ----a-w- c:\windows\system32\260379acktooz7955.bin
2009-10-08 14:12:38 8146 ----a-w- c:\windows\system32\26719spa5b9t7d4z.dll
2009-10-08 06:41:36 11783 ----a-w- c:\windows\system32\179bt5ief31z7.dll
2009-10-07 09:46:51 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-10-05 08:10:05 14274 ----a-w- c:\windows\9660wormc5z.dll
2009-10-02 21:42:26 14104 ----a-w- c:\windows\system32\65cazackdoo91489.exe
2009-09-28 00:09:49 18344 ----a-w- c:\windows\22689ha5ktool7dbz.dll
2009-09-27 07:23:26 3030 ----a-w- c:\windows\system32\6322spzmbot950.dll
2009-09-26 13:32:44 10579 ----a-w- c:\windows\system32\99927virus7z5.bin
2009-09-26 10:59:16 9756 ----a-w- c:\windows\592bspzware103.exe
2009-09-22 22:23:32 6351 ----a-w- c:\windows\system32\f19spzrse115.exe
2009-09-21 20:01:42 8313 ----a-w- c:\windows\592eth5eaz7032.exe
2009-09-21 17:09:41 17888 ----a-w- c:\windows\system32\795et5ie9z2.exe
2009-09-18 05:53:35 4570 ----a-w- c:\windows\system32\7339sparze659.dll
2009-09-17 12:44:06 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-09-17 12:44:06 249856 ------w- c:\windows\Setup1.exe
2009-09-16 19:55:15 7855 ----a-w- c:\windows\system32\2z95virus5c9.bin
2009-09-16 13:44:37 16229 ----a-w- c:\windows\system32\25951not-a-zi9us35a.dll
2009-09-16 02:38:52 6071 ----a-w- c:\windows\system32\z2499spa59ot29a.dll
2009-09-15 09:34:01 12275 ----a-w- c:\windows\system32\zefcs5ea91364.dll
2009-09-13 00:09:10 4892 ----a-w- c:\windows\system32\28988viruz501.exe
2009-09-11 22:40:21 4920 ----a-w- c:\windows\304et5rea91z335.exe
2009-09-11 14:35:41 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 13:23:50 8523 ----a-w- c:\windows\179165izus42d.dll
2009-09-07 23:57:47 3075 ----a-w- c:\windows\15azsteal1933.bin
2009-09-05 05:11:05 10319 ----a-w- c:\windows\1bcaazdware96265.exe
2009-09-05 04:32:14 13820 ----a-w- c:\windows\system32\2e5fsparsz1594.dll
2009-09-04 20:47:46 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 09:14:08 9210 ----a-w- c:\windows\881down5zade9974.bin
2009-09-04 00:17:15 15145 ----a-w- c:\windows\2442nzt-a-vi9us5e7.bin
2009-09-01 18:55:51 9685 ----a-w- c:\windows\672fa9dwar511z2.bin
2009-08-27 22:35:27 9199 ----a-w- c:\windows\1290vir29z5.exe
2009-08-27 17:01:05 9230 ----a-w- c:\windows\18194hacktozl350.exe
2009-08-26 11:48:46 8976 ----a-w- c:\windows\34e4spa95e30z0.dll
2009-08-26 08:16:32 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-21 10:51:57 10104 ----a-w- c:\windows\system32\1996addwaze2156.dll
2009-08-20 17:17:17 3298 ----a-w- c:\windows\25819virusza0.dll
2009-08-19 17:08:07 4912 ----a-w- c:\windows\5454worm498z.dll
2009-08-18 17:42:07 16688 ----a-w- c:\windows\system32\7191thr5at2686z.dll
2009-08-16 22:59:51 12728 ----a-w- c:\windows\6517zddw5re14289.exe

============= FINISH: 15:38:08,01 ===============
Nahoru
dastin
Level 1
Level 1
Příspěvky: 51
Registrován: říjen 08
Pohlaví: Nespecifikováno
Stav:
Offline

Re: SPyware alert

Příspěvekod dastin » 14 lis 2009 15:39

attach


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 1.12.2008 14:47:41
System Uptime: 14.11.2009 10:24:56 (5 hours ago)

Motherboard: Foxconn | | G31MV/G31MV-K
Processor: Procesor Intel Pentium III Xeon | Socket 775 | 2499/200mhz
Processor: Procesor Intel Pentium III Xeon | Socket 775 | 2499/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 39 GiB total, 0,993 GiB free.
D: is FIXED (NTFS) - 73 GiB total, 2,198 GiB free.
E: is CDROM ()
G: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP375: 4.11.2009 14:08:15 - Kontrolní bod systému
RP376: 5.11.2009 17:56:59 - Kontrolní bod systému
RP377: 7.11.2009 12:00:05 - Kontrolní bod systému
RP378: 8.11.2009 20:59:22 - Kontrolní bod systému
RP379: 10.11.2009 16:00:56 - Kontrolní bod systému
RP380: 11.11.2009 10:08:26 - Software Distribution Service 3.0
RP381: 13.11.2009 12:59:02 - Kontrolní bod systému
RP382: 13.11.2009 23:05:08 - Spyware Terminator - restore point

==== Installed Programs ======================

Čeština do Daemon tools 4.08HE
AAC Decoder
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8 - Czech
Advanced SystemCare 3
Aktualizace systému Windows XP (KB894391)
Aktualizace systému Windows XP (KB898461)
Aktualizace systému Windows XP (KB908531)
Aktualizace systému Windows XP (KB910437)
Aktualizace systému Windows XP (KB916595)
Aktualizace systému Windows XP (KB920872)
Aktualizace systému Windows XP (KB922582)
Aktualizace systému Windows XP (KB925720)
Aktualizace systému Windows XP (KB930916)
Aktualizace systému Windows XP (KB951072-v2)
Aktualizace systému Windows XP (KB955839)
Aktualizace systému Windows XP (KB967715)
Aktualizace systému Windows XP (KB968389)
Aktualizace systému Windows XP (KB973815)
Aktualizace zabezpečení aplikace Windows Media Player (KB911564)
Aktualizace zabezpečení aplikace Windows Media Player (KB952069)
Aktualizace zabezpečení aplikace Windows Media Player (KB954155)
Aktualizace zabezpečení aplikace Windows Media Player (KB968816)
Aktualizace zabezpečení aplikace Windows Media Player (KB973540)
Aktualizace zabezpečení aplikace Windows Media Player 11 (KB936782)
Aktualizace zabezpečení aplikace Windows Media Player 11 (KB954154)
Aktualizace zabezpečení aplikace Windows Media Player 6.4 (KB925398)
Aktualizace zabezpečení produktu Windows XP (KB941569)
Aktualizace zabezpečení systému Windows XP (KB890046)
Aktualizace zabezpečení systému Windows XP (KB896358)
Aktualizace zabezpečení systému Windows XP (KB896428)
Aktualizace zabezpečení systému Windows XP (KB900725)
Aktualizace zabezpečení systému Windows XP (KB901214)
Aktualizace zabezpečení systému Windows XP (KB902400)
Aktualizace zabezpečení systému Windows XP (KB905414)
Aktualizace zabezpečení systému Windows XP (KB905749)
Aktualizace zabezpečení systému Windows XP (KB908519)
Aktualizace zabezpečení systému Windows XP (KB913580)
Aktualizace zabezpečení systému Windows XP (KB914388)
Aktualizace zabezpečení systému Windows XP (KB914389)
Aktualizace zabezpečení systému Windows XP (KB918118)
Aktualizace zabezpečení systému Windows XP (KB918439)
Aktualizace zabezpečení systému Windows XP (KB920213)
Aktualizace zabezpečení systému Windows XP (KB920670)
Aktualizace zabezpečení systému Windows XP (KB920683)
Aktualizace zabezpečení systému Windows XP (KB923191)
Aktualizace zabezpečení systému Windows XP (KB923561)
Aktualizace zabezpečení systému Windows XP (KB923789)
Aktualizace zabezpečení systému Windows XP (KB925902)
Aktualizace zabezpečení systému Windows XP (KB926255)
Aktualizace zabezpečení systému Windows XP (KB926436)
Aktualizace zabezpečení systému Windows XP (KB929123)
Aktualizace zabezpečení systému Windows XP (KB930178)
Aktualizace zabezpečení systému Windows XP (KB932168)
Aktualizace zabezpečení systému Windows XP (KB935839)
Aktualizace zabezpečení systému Windows XP (KB935840)
Aktualizace zabezpečení systému Windows XP (KB938464)
Aktualizace zabezpečení systému Windows XP (KB943055)
Aktualizace zabezpečení systému Windows XP (KB943485)
Aktualizace zabezpečení systému Windows XP (KB944338-v2)
Aktualizace zabezpečení systému Windows XP (KB944653)
Aktualizace zabezpečení systému Windows XP (KB945553)
Aktualizace zabezpečení systému Windows XP (KB946648)
Aktualizace zabezpečení systému Windows XP (KB950749)
Aktualizace zabezpečení systému Windows XP (KB950762)
Aktualizace zabezpečení systému Windows XP (KB950974)
Aktualizace zabezpečení systému Windows XP (KB951066)
Aktualizace zabezpečení systému Windows XP (KB951376-v2)
Aktualizace zabezpečení systému Windows XP (KB951698)
Aktualizace zabezpečení systému Windows XP (KB951748)
Aktualizace zabezpečení systému Windows XP (KB952004)
Aktualizace zabezpečení systému Windows XP (KB952954)
Aktualizace zabezpečení systému Windows XP (KB954211)
Aktualizace zabezpečení systému Windows XP (KB954600)
Aktualizace zabezpečení systému Windows XP (KB955069)
Aktualizace zabezpečení systému Windows XP (KB956391)
Aktualizace zabezpečení systému Windows XP (KB956572)
Aktualizace zabezpečení systému Windows XP (KB956802)
Aktualizace zabezpečení systému Windows XP (KB956803)
Aktualizace zabezpečení systému Windows XP (KB956841)
Aktualizace zabezpečení systému Windows XP (KB956844)
Aktualizace zabezpečení systému Windows XP (KB957095)
Aktualizace zabezpečení systému Windows XP (KB957097)
Aktualizace zabezpečení systému Windows XP (KB958470)
Aktualizace zabezpečení systému Windows XP (KB958644)
Aktualizace zabezpečení systému Windows XP (KB958687)
Aktualizace zabezpečení systému Windows XP (KB958690)
Aktualizace zabezpečení systému Windows XP (KB958869)
Aktualizace zabezpečení systému Windows XP (KB959426)
Aktualizace zabezpečení systému Windows XP (KB960225)
Aktualizace zabezpečení systému Windows XP (KB960715)
Aktualizace zabezpečení systému Windows XP (KB960803)
Aktualizace zabezpečení systému Windows XP (KB960859)
Aktualizace zabezpečení systému Windows XP (KB961371)
Aktualizace zabezpečení systému Windows XP (KB961373)
Aktualizace zabezpečení systému Windows XP (KB961501)
Aktualizace zabezpečení systému Windows XP (KB968537)
Aktualizace zabezpečení systému Windows XP (KB969059)
Aktualizace zabezpečení systému Windows XP (KB969898)
Aktualizace zabezpečení systému Windows XP (KB969947)
Aktualizace zabezpečení systému Windows XP (KB970238)
Aktualizace zabezpečení systému Windows XP (KB971486)
Aktualizace zabezpečení systému Windows XP (KB971557)
Aktualizace zabezpečení systému Windows XP (KB971633)
Aktualizace zabezpečení systému Windows XP (KB971657)
Aktualizace zabezpečení systému Windows XP (KB971961)
Aktualizace zabezpečení systému Windows XP (KB973346)
Aktualizace zabezpečení systému Windows XP (KB973354)
Aktualizace zabezpečení systému Windows XP (KB973507)
Aktualizace zabezpečení systému Windows XP (KB973525)
Aktualizace zabezpečení systému Windows XP (KB973869)
Aktualizace zabezpečení systému Windows XP (KB974112)
Aktualizace zabezpečení systému Windows XP (KB974571)
Aktualizace zabezpečení systému Windows XP (KB975025)
Aktualizace zabezpečení systému Windows XP (KB975467)
Apple Software Update
ArcSoft PhotoStudio 5.5
µTorrent
AutoUpdate
avast! Antivirus
BS.Player ControlBar
BS.Player FREE
Call of Duty(R) 4 - Modern Warfare(TM)
Canon MP Navigator 3.0
Canon MP160
Canon Utilities Easy-PhotoPrint
CCleaner (remove only)
Counter-Strike 1.6
Czech Soccer Manager 2002 Final Edition
Důležitá aktualizace aplikace Windows Media Player 11 (KB959772)
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
Donar Player
DVD Shrink 3.2
DVDFab Platinum 3.1.7.6
Easy-WebPrint
EXPERTool
Fair Strike
FastStone Capture 5.3
FIFA 09
FIFA 10
Football Manager 2009
Football Manager 2010
free-downloads.net Toolbar
Google Earth
Google Chrome
Google Update Helper
Google Updater
H.264 Decoder
Hamachi 1.0.3.0
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB954550-v5)
ICQ Toolbar
ICQ6.5
Imperial Glory
JannieBall
Java(TM) 6 Update 13
Kodek 0.16 CZ
KShutdown
Light Artist 1.4
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
MKV Splitter
Mozilla Firefox (3.5.5)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
Need for Speed™ Undercover
Nero 7 Essentials
Nero Suite
NHL® 09
NVIDIA Drivers
Officers
Ogg Vorbis ACM Codec
OpenOffice.org 3.0
Oprava hotfix aplikace Windows Media Player 11 (KB939683)
Oprava Hotfix systému Windows XP (KB935448)
Oprava Hotfix systému Windows XP (KB952287)
Oprava Hotfix systému Windows XP (KB961118)
Oprava Hotfix systému Windows XP (KB970653-v3)
Oprava Hotfix systému Windows XP číslo KB886185
Oprava Hotfix systému Windows XP číslo KB888302
Oprava Hotfix systému Windows XP číslo KB890859
Oprava Hotfix systému Windows XP číslo KB891781
PC Translator
PhotoFilter 1.0
PowerDVD
QIP 2005 8090
QIP Infium JadrisPack 2.4.3 (9030)
QuickTime
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Registrace uživatele zařízení Canon MP160
Skype™ 3.8
Smart Defrag 1.11
Soldier of Fortune Payback
Soldier of Fortune: Payback SK (beta)
Spybot - Search & Destroy
Spyware Terminator
Steam
Total Commander (Remove or Repair)
Total Immersion Racing
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VC80CRTRedist - 8.0.50727.762
Virtual DJ - Atomix Productions
WebFldrs XP
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
WinRAR

==== End Of File ===========================
Nahoru
pitimir
Level 3.5
Level 3.5
Příspěvky: 850
Registrován: srpen 09
Pohlaví: Muž
Stav:
Offline

Re: SPyware alert

Příspěvekod pitimir » 14 lis 2009 15:44

Pekne...

Stiahni ComboFix - NESPUSTAT.

Presun ikonu CF na plochu, vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall a otvor poznamkovy blok. Donho skopiruj:

Kód: Vybrat vše

KillAll::
DDS::
uStart Page = hxxp://www.bsplayer-search.com/startpage
uURLSearchHooks: H - No File
uURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
TB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
uRun: [lsf2f4f5.exe] c:\windows\system32\lsf2f4f5.exe
IE: {BFC32E1D-EE75-4A48-BC60-104E11EE2431}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://icq.oberon-media.com/Gameshell/G ... meHost.cab

Folder::
c:\program files\icq6toolbar

FireFox::
FF - ProfilePath - c:\docume~1\petr\dataap~1\mozilla\firefox\profiles\twkc5eow.default\
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=

Driver::
ICQ Service

Extra::

Replicator::

StepDel::

Uloz na plochu ako CFScript.txt a mysou pretiahni nad ikonou CF.

Obrázek

Program script spracuje a spravi novy log.


Pozor: Ak po aplikacii skriptu nenabehne Windows, restartuj PC, stlac F8 a zvol Poslednu znamu funkcnu konfiguraciu.
Nemam rad amaterizmus...

A adresat odkazu to vie :)
Nahoru
dastin
Level 1
Level 1
Příspěvky: 51
Registrován: říjen 08
Pohlaví: Nespecifikováno
Stav:
Offline

Re: SPyware alert

Příspěvekod dastin » 14 lis 2009 16:18

Log z ComboFixu

ComboFix 09-11-14.03 - Petr 14.11.2009 15:59..2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.1022.664 [GMT 1:00]
Spuštěný z: c:\documents and settings\Petr\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Petr\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 091114-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ieuinit.inf
c:\program files\icq6toolbar\ICQToolBar.dll
c:\windows\10092spz950.dll
c:\windows\10339zckdoor2157.dll
c:\windows\10662vi9usz53.dll
c:\windows\107bs9ezl15.dll
c:\windows\10937hac95ool217z.cpl
c:\windows\115529pzmbot518.dll
c:\windows\11z4vi52099.dll
c:\windows\1290vir29z5.exe
c:\windows\12953hackt9o53z1.exe
c:\windows\1298z9a5ktool46f.bin
c:\windows\12z9spar5e679.bin
c:\windows\13110s9amz5t723.exe
c:\windows\13460zor5297.bin
c:\windows\13509tzoj38f5.ocx
c:\windows\13556wor56z29.ocx
c:\windows\13735vzru944f.ocx
c:\windows\1375sp9zare680.exe
c:\windows\139dzhi5f2449.ocx
c:\windows\139fthreatz5839.ocx
c:\windows\14156z955a.cpl
c:\windows\142555o9m38az.ocx
c:\windows\14507sp94za.exe
c:\windows\14719no5-a-vzrus1f9.cpl
c:\windows\14802z9y258.cpl
c:\windows\14942wor559z.bin
c:\windows\14z60spam9ot625.exe
c:\windows\1507backdoor1z09.exe
c:\windows\1507not-a-virusz9b.bin
c:\windows\15095ownloaz9r1002.dll
c:\windows\15116sp9mbzt150.ocx
c:\windows\151zhacktoo957b.ocx
c:\windows\1554z9py5f4.exe
c:\windows\15590spz8c.ocx
c:\windows\15905spy66fz.exe
c:\windows\15955spyza4.dll
c:\windows\1599ste5lz233.dll
c:\windows\15azsteal1933.bin
c:\windows\15c0adzw9r52650.dll
c:\windows\161spa9se50z.bin
c:\windows\168189r5jzf4.cpl
c:\windows\1694vzr305.dll
c:\windows\17049troz355.bin
c:\windows\179165izus42d.dll
c:\windows\18194hacktozl350.exe
c:\windows\18523spambotz9a.bin
c:\windows\18987vi5usz189.cpl
c:\windows\19474not-a59zrus344.ocx
c:\windows\1949sparse13z95.dll
c:\windows\19704spa5bot7cz.exe
c:\windows\198z1sp9mbot245.bin
c:\windows\19d9spar5e21z8.exe
c:\windows\19z22v95us21d.exe
c:\windows\19z38vir5s758.ocx
c:\windows\1a35s9yzare677.ocx
c:\windows\1az5addwa952751.cpl
c:\windows\1azcaddware9159.bin
c:\windows\1b599zd5are2802.cpl
c:\windows\1bcaazdware96265.exe
c:\windows\1c39dowzloader653.bin
c:\windows\1c55thiefz869.ocx
c:\windows\1c9dspywarz511.cpl
c:\windows\1cadzir9354.bin
c:\windows\1edaadd9arz5247.bin
c:\windows\1f56thie92623z.exe
c:\windows\1z5dspy9are692.dll
c:\windows\1z7dst95l2624.bin
c:\windows\1z958wo9m6bd.cpl
c:\windows\20264not-a9virusz9b5.ocx
c:\windows\206thi9f25z5.exe
c:\windows\20916zacktool5a75.bin
c:\windows\21059zpambot4ff5.ocx
c:\windows\21093vi9uz5f6.exe
c:\windows\213169pz352.bin
c:\windows\213athr95tz5130.bin
c:\windows\213z5w9rm6ee.ocx
c:\windows\21495vizus390.cpl
c:\windows\21591nzt9a-virus68.dll
c:\windows\21594zpambot359.bin
c:\windows\2185ztro979f.cpl
c:\windows\219z8h5cktool3d9.exe
c:\windows\21z2hac9too51aa.dll
c:\windows\2209not-a-viruzc85.bin
c:\windows\22173trzj95d.cpl
c:\windows\22689ha5ktool7dbz.dll
c:\windows\22989rzj54.cpl
c:\windows\2396zwor552b.bin
c:\windows\239aad5warez83.cpl
c:\windows\23aft9re5z19436.bin
c:\windows\243675ot-a-virus5z79.exe
c:\windows\2442nzt-a-vi9us5e7.bin
c:\windows\2476hz9kto5l11b.exe
c:\windows\24961trz555b.bin
c:\windows\253z9parse913.ocx
c:\windows\25413viru549z.cpl
c:\windows\25625noz-a-virus90.dll
c:\windows\257z0s5y96.ocx
c:\windows\25819virusza0.dll
c:\windows\258z4virus97a.exe
c:\windows\25912not-a-vizu934e.bin
c:\windows\25e7sp9rze665.dll
c:\windows\25z3backd59r3160.cpl
c:\windows\25z849acktool245.cpl
c:\windows\26254spamb9z79d.dll
c:\windows\2653wzr9427.ocx
c:\windows\266349izus205.dll
c:\windows\267639acktozl4b75.dll
c:\windows\273059o5mz9c.ocx
c:\windows\27551troz939.ocx
c:\windows\27578sp51z9.exe
c:\windows\27619wozm6f59.ocx
c:\windows\28098zor5743.cpl
c:\windows\28423spamz59480.cpl
c:\windows\286cszywa95578.bin
c:\windows\291735pazbot349.ocx
c:\windows\292fth95at2z950.cpl
c:\windows\29356hzck5ool772.exe
c:\windows\29754hacktzol56f.ocx
c:\windows\298z1hackt9ol151.bin
c:\windows\299b5parse229z.cpl
c:\windows\29z93h59ktool3fc.dll
c:\windows\2a5fzir30859.bin
c:\windows\2ab8s59alz257.bin
c:\windows\2c87thr9at5026z.cpl
c:\windows\2c90z5ief2178.ocx
c:\windows\2d03st9al15z3.cpl
c:\windows\2d159hief1588z.dll
c:\windows\2da9v5r3980z.bin
c:\windows\2e469tezl535.cpl
c:\windows\2f629p5zare2713.ocx
c:\windows\2f955ownloazer179.bin
c:\windows\2z59no5-a9virus1c6.exe
c:\windows\2z645hacktoo955.dll
c:\windows\2z821sp54b9.cpl
c:\windows\2z966spy59f5.cpl
c:\windows\3005659ambot3zb.bin
c:\windows\30223tro52z09.dll
c:\windows\3045tzo54df9.ocx
c:\windows\304et5rea91z335.exe
c:\windows\30591h9cktool52cz.ocx
c:\windows\30745viz9s78e.bin
c:\windows\308685ot-a-vzrusf09.bin
c:\windows\30888nzt-a-viru5391.dll
c:\windows\30989zr5548.bin
c:\windows\31122zpa9bot3395.cpl
c:\windows\31135n95-a-virusa4z.exe
c:\windows\3135sp95se290z.exe
c:\windows\315989o5z706.ocx
c:\windows\3191z5py19c.ocx
c:\windows\32055z9rm3b6.ocx
c:\windows\32056virz916a.cpl
c:\windows\32156h9cktoolz3.dll
c:\windows\32596virzs2e9.dll
c:\windows\32z6bac5doo92495.dll
c:\windows\3314szarse22795.bin
c:\windows\3395wozm239.exe
c:\windows\3456d5wzloa9er1631.ocx
c:\windows\34e4spa95e30z0.dll
c:\windows\34z1down5oader1389.dll
c:\windows\35539wzr9153.cpl
c:\windows\358csz9al2059.dll
c:\windows\3595dow9loazer1126.dll
c:\windows\35zfa9dware11815.cpl
c:\windows\3645add9arez5655.ocx
c:\windows\3672zir99305.cpl
c:\windows\3690steaz5473.exe
c:\windows\36a6stea59559z.dll
c:\windows\3779b5ckdo9r1z60.cpl
c:\windows\3806sp9m5otfaz.cpl
c:\windows\386fth9zf2650.dll
c:\windows\3911vzrus550.exe
c:\windows\3930no9-a-vir5s21dz.dll
c:\windows\394hacktozl295.cpl
c:\windows\3995dozn5oader1762.ocx
c:\windows\3995v5rusz51.ocx
c:\windows\399szar5e1455.bin
c:\windows\3a3zt5reat246179.dll
c:\windows\3b15spar9z1616.bin
c:\windows\3ba4threz519932.dll
c:\windows\3c19sz5ware872.exe
c:\windows\3ffzaddware58179.dll
c:\windows\3fzdspar9e27185.cpl
c:\windows\3z389virus295.cpl
c:\windows\4005bac9dzor1427.ocx
c:\windows\4049sparsz2795.ocx
c:\windows\4086z592679.bin
c:\windows\40z45py699.bin
c:\windows\41089irus2z5.cpl
c:\windows\4198spywa9ez553.bin
c:\windows\4279z5eal492.cpl
c:\windows\4309zte5l1918.ocx
c:\windows\432c5hrea989z3.bin
c:\windows\4395zir1840.cpl
c:\windows\4528wzrm549.exe
c:\windows\4573zorm199.ocx
c:\windows\4586szyw9re207.bin
c:\windows\458c9ir1955z.exe
c:\windows\45c8th9ef273z.cpl
c:\windows\465zvir994.cpl
c:\windows\4694thzef5922.cpl
c:\windows\483zpamb9t585.ocx
c:\windows\492troj596z.ocx
c:\windows\4b9fspars51099z.bin
c:\windows\4d75azdw95e1932.ocx
c:\windows\4e45dowzloader9598.cpl
c:\windows\4fcav5r915z.ocx
c:\windows\4z59vir8739.cpl
c:\windows\4z96viru5517.cpl
c:\windows\505z9hreat1026.exe
c:\windows\5090zroj1c7.bin
c:\windows\5129wzrm401.dll
c:\windows\5130steal97z5.dll
c:\windows\51790wozm598.dll
c:\windows\519zspyware951.exe
c:\windows\5219hack9o5lzcc.ocx
c:\windows\529cstzal2035.exe
c:\windows\533e9ac5dzor1450.ocx
c:\windows\54499hreat32290z.cpl
c:\windows\5454worm498z.dll
c:\windows\5478hacktzole9.cpl
c:\windows\54f59irz985.ocx
c:\windows\5551tzief29589.dll
c:\windows\5558wzrm9f1.cpl
c:\windows\5559zhief2942.bin
c:\windows\564zsteal29969.dll
c:\windows\56622zo9m2fa.cpl
c:\windows\56918worz4de9.dll
c:\windows\57118spzm9ot292.bin
c:\windows\5754spaz9e1717.cpl
c:\windows\57626wzrm7a9.cpl
c:\windows\579th5zf3146.cpl
c:\windows\5880spywz5e991.exe
c:\windows\58ffa5dzare1809.ocx
c:\windows\5915hzckto5l5f4.dll
c:\windows\5915threat2983z.dll
c:\windows\592bspzware103.exe
c:\windows\592eth5eaz7032.exe
c:\windows\59929szambot701.bin
c:\windows\59a5spazse670.bin
c:\windows\59bcbackdooz793.ocx
c:\windows\59c9thief5371z.bin
c:\windows\59z85troj659.bin
c:\windows\5a42sze5l1906.dll
c:\windows\5aazs5eal6689.bin
c:\windows\5ba5sparse3971z.bin
c:\windows\5c05bzckdo5r2950.exe
c:\windows\5c05downloa9zr2541.dll
c:\windows\5c1ev5z2999.exe
c:\windows\5c4ebackdoo59862z.bin
c:\windows\5c72z9r2106.cpl
c:\windows\5c9szarse912.dll
c:\windows\5d6cs9arse1z94.bin
c:\windows\5d955ackzoor2654.exe
c:\windows\5da9adzware5821.exe
c:\windows\5dzaddwar52795.dll
c:\windows\5z15downlo5d9r1481.dll
c:\windows\5z241troj6779.exe
c:\windows\5z28not9a-5irus21e.bin
c:\windows\615troz9a9.dll
c:\windows\6502zh95at951.exe
c:\windows\6517zddw5re14289.exe
c:\windows\653zspy13b9.dll
c:\windows\69705pywaze4.exe
c:\windows\69z6virus50e9.dll
c:\windows\6bfddow9loader1z545.cpl
c:\windows\6z30backd9or27655.dll
c:\windows\6zdback9oor3235.cpl
c:\windows\7799thief1z945.cpl
c:\windows\77d19zdwa5e955.dll
c:\windows\77z5vir962.dll
c:\windows\78zebac5door9434.bin
c:\windows\7b19zackdoor1545.bin
c:\windows\7c22addw5rez996.exe
c:\windows\7d9bthief1559z.exe
c:\windows\7e27addwa59z23.cpl
c:\windows\7f56thief1965z.exe
c:\windows\8825ackdz9r2236.exe
c:\windows\9171t5oj39z.dll
c:\windows\91not-5-vzr9s1ab.exe
c:\windows\924bsteal1z58.dll
c:\windows\9279zorm35.exe
c:\windows\946abackzoor757.exe
c:\windows\9541ztea52609.cpl
c:\windows\958tzi9f67.dll
c:\windows\9660wormc5z.dll
c:\windows\98565iz2424.dll
c:\windows\9904backdoor29z15.exe
c:\windows\9995w9zm66f5.cpl
c:\windows\9dbzaddw5re2276.dll
c:\windows\9dcfadd5zre1888.bin
c:\windows\ae9ba5zdoor2624.dll
c:\windows\bzf5ir13439.dll
c:\windows\c65v95234z.dll
c:\windows\efaa9dwaz52180.exe
c:\windows\fafthief195z.exe
c:\windows\fc0sza9se1351.bin
c:\windows\system32\1247zhackto5lc9.dll
c:\windows\system32\163035roj69dz.bin
c:\windows\system32\165455pz293.dll
c:\windows\system32\18592wzrm94b.dll
c:\windows\system32\1z56795ojd4.dll
c:\windows\system32\20080worz9e25.bin
c:\windows\system32\27601zp95da5.dll
c:\windows\system32\285ddown5o9der21z7.bin
c:\windows\system32\2881413623.dat
c:\windows\system32\29201zorm1e5.bin
c:\windows\system32\3a96thrzat5099.exe
c:\windows\system32\3d589iz724.bin
c:\windows\system32\51858zpy3b29.exe
c:\windows\system32\54ddaddwa9e43z.dll
c:\windows\system32\555z5parse599.exe
c:\windows\system32\5725s95al299z.exe
c:\windows\system32\5b85spa9ze2602.dll
c:\windows\system32\66a9bac95oor1123z.exe
c:\windows\system32\6z54worm6e69.dll
c:\windows\system32\73385iz2988.dll
c:\windows\system32\7b59zir184.bin
c:\windows\system32\854059yz8.dll
c:\windows\system32\9159irz540.exe
c:\windows\system32\99zpy6145.exe
c:\windows\system32\c02backdoo95520z.bin
c:\windows\system32\lsf2f4f5.exe
c:\windows\z0966v5rus196.cpl
c:\windows\z1906troj5975.exe
c:\windows\z2838spambo56b59.cpl
c:\windows\z2932spam5ot1a1.dll
c:\windows\z3245tr9j62c.dll
c:\windows\z5653t9oj67e.cpl
c:\windows\z608back59or1306.cpl
c:\windows\z755o9m439.cpl
c:\windows\z893spy5885.dll
c:\windows\z9740not-a-vir5s3409.bin
c:\windows\zedbthr9at25575.exe

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ICQ_SERVICE
-------\Legacy_TDSSSERV.SYS
-------\Service_ICQ Service
-------\Service_TDSSserv.sys


((((((((((((((((((((((((( Soubory vytvořené od 2009-10-14 do 2009-11-14 )))))))))))))))))))))))))))))))
.

2009-12-22 02:40 . 2009-12-22 02:40 6285 ----a-w- c:\windows\system32\15369vizus2e05.exe
2009-12-14 23:33 . 2009-12-14 23:33 7506 ----a-w- c:\windows\system32\388d59eal6z4.bin
2009-12-12 01:08 . 2009-12-12 01:08 8604 ----a-w- c:\windows\system32\2789n9t-z-v5ruse0.exe
2009-12-09 16:36 . 2009-12-09 16:36 5874 ----a-w- c:\windows\system32\75f9thzeat6052.exe
2009-12-04 09:43 . 2009-12-04 09:43 5605 ----a-w- c:\windows\system32\b4fbackd5or69z9.bin
2009-12-02 23:14 . 2009-12-02 23:14 9684 ----a-w- c:\windows\99z9s5y1c5.bin
2009-11-23 18:42 . 2009-11-23 18:42 7993 ----a-w- c:\windows\system32\21ezsp9ware5023.exe
2009-11-18 21:19 . 2009-11-18 21:19 5425 ----a-w- c:\windows\system32\271z3viru5793.dll
2009-11-18 04:02 . 2009-11-18 04:02 4388 ----a-w- c:\windows\9515spy5za.bin
2009-11-14 12:34 . 2009-11-14 12:34 -------- d-----w- c:\program files\Trend Micro
2009-11-07 03:50 . 2009-11-07 03:50 7950 ----a-w- c:\windows\system32\dfbazdwar520879.exe
2009-11-05 18:44 . 2009-11-05 18:44 7868 ----a-w- c:\windows\791est5a960z.exe
2009-10-28 04:05 . 2009-10-28 04:05 6011 ----a-w- c:\windows\system32\52z5ha9ktool22e.exe
2009-10-16 09:27 . 2009-10-16 09:27 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-16 09:26 . 2009-10-16 09:26 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-10-16 09:26 . 2009-11-13 22:11 -------- d-----w- c:\program files\Spyware Terminator

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-14 14:59 . 2008-12-05 15:53 -------- d-----w- c:\program files\ICQ6Toolbar
2009-11-14 07:18 . 2009-09-01 08:10 -------- d-----w- c:\program files\Total Immersion Racing
2009-11-13 17:54 . 2008-12-07 10:34 -------- d-----w- c:\program files\Czech Soccer Manager 2002 FE
2009-11-10 13:27 . 2004-08-18 12:00 78030 ----a-w- c:\windows\system32\perfc005.dat
2009-11-10 13:27 . 2004-08-18 12:00 429018 ----a-w- c:\windows\system32\perfh005.dat
2009-10-30 19:33 . 2009-01-24 19:18 -------- d-----w- c:\program files\Sports Interactive
2009-10-15 12:03 . 2009-08-08 10:07 -------- d-----w- c:\program files\Kodak
2009-10-15 11:48 . 2008-12-01 14:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-12 19:49 . 2009-10-12 19:49 10003 ----a-w- c:\windows\9853virus9c7z.bin
2009-10-12 06:03 . 2009-10-12 06:03 6441 ----a-w- c:\windows\system32\4605a5dwarz4959.dll
2009-10-10 01:30 . 2009-10-10 01:30 4129 ----a-w- c:\windows\system32\260379acktooz7955.bin
2009-10-08 14:12 . 2009-10-08 14:12 8146 ----a-w- c:\windows\system32\26719spa5b9t7d4z.dll
2009-10-08 06:41 . 2009-10-08 06:41 11783 ----a-w- c:\windows\system32\179bt5ief31z7.dll
2009-10-07 09:47 . 2009-10-07 09:46 -------- d-----w- c:\program files\Hamachi
2009-10-07 09:46 . 2009-10-07 09:46 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-10-02 21:42 . 2009-10-02 21:42 14104 ----a-w- c:\windows\system32\65cazackdoo91489.exe
2009-09-27 07:23 . 2009-09-27 07:23 3030 ----a-w- c:\windows\system32\6322spzmbot950.dll
2009-09-26 13:32 . 2009-09-26 13:32 10579 ----a-w- c:\windows\system32\99927virus7z5.bin
2009-09-22 22:23 . 2009-09-22 22:23 6351 ----a-w- c:\windows\system32\f19spzrse115.exe
2009-09-21 17:09 . 2009-09-21 17:09 17888 ----a-w- c:\windows\system32\795et5ie9z2.exe
2009-09-18 05:53 . 2009-09-18 05:53 4570 ----a-w- c:\windows\system32\7339sparze659.dll
2009-09-17 12:47 . 2009-09-17 12:43 -------- d-----w- c:\program files\JannieBall
2009-09-17 12:44 . 2009-09-17 12:43 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-09-17 12:44 . 2009-09-17 12:43 249856 ------w- c:\windows\Setup1.exe
2009-09-16 19:55 . 2009-09-16 19:55 7855 ----a-w- c:\windows\system32\2z95virus5c9.bin
2009-09-16 13:44 . 2009-09-16 13:44 16229 ----a-w- c:\windows\system32\25951not-a-zi9us35a.dll
2009-09-16 02:38 . 2009-09-16 02:38 6071 ----a-w- c:\windows\system32\z2499spa59ot29a.dll
2009-09-15 09:34 . 2009-09-15 09:34 12275 ----a-w- c:\windows\system32\zefcs5ea91364.dll
2009-09-13 00:09 . 2009-09-13 00:09 4892 ----a-w- c:\windows\system32\28988viruz501.exe
2009-09-11 14:35 . 2004-08-18 12:00 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-05 04:32 . 2009-09-05 04:32 13820 ----a-w- c:\windows\system32\2e5fsparsz1594.dll
2009-09-04 20:47 . 2004-08-18 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 09:14 . 2009-09-04 09:14 9210 ----a-w- c:\windows\881down5zade9974.bin
2009-09-01 18:55 . 2009-09-01 18:55 9685 ----a-w- c:\windows\672fa9dwar511z2.bin
2009-08-26 08:16 . 2004-08-18 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-21 10:51 . 2009-08-21 10:51 10104 ----a-w- c:\windows\system32\1996addwaze2156.dll
2009-08-18 17:42 . 2009-08-18 17:42 16688 ----a-w- c:\windows\system32\7191thr5at2686z.dll
2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2008-09-15 1784856]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2008-09-15 05:47 1784856 ----a-w- c:\program files\free-downloads.net\tbfree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2008-09-15 1784856]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OEXPRESS"="c:\windows\OETRN.EXE" [2008-12-02 26624]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-02-22 2272592]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-30 39408]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2009-10-16 3055616]
"Steam"="d:\hry\FM 10\Steam.exe" [2009-10-30 1217808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-20 7110656]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-05 148888]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-10-16 2172416]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-07-20 1519616]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-04-10 16861184]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,\

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Hry\\Soldier of Fortune\\sof3.exe"=
"d:\\Hry\\S.T.A.L.K.E.R. - Clear Sky\\S.T.A.L.K.E.R. - Clear Sky\\bin\\xrEngine.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2009\\fm.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\iw3mp.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Valve\\cstrike\\hltv.exe"=
"d:\\Program files\\QIP\\qip.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"d:\\Hry\\Fifa 10\\FIFA10.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Hry\\FM 10\\fm.exe"=

R1 appdrv01;Application Driver (01);c:\windows\system32\drivers\appdrv01.sys [15.1.2009 21:10 3100776]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2.12.2008 16:26 114768]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [16.10.2009 10:26 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2.12.2008 16:26 20560]
S2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc --> c:\windows\System32\appdrvrem01.exe svc [?]
S2 gupdate1c9d246f258506c;Služba Google Update (gupdate1c9d246f258506c);c:\program files\Google\Update\GoogleUpdate.exe [11.5.2009 15:44 133104]
S3 FXDrv32;FXDrv32;\??\e:\fxdrv32.sys --> e:\FXDrv32.sys [?]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - MBR
*Deregistered* - mbr
.
Obsah adresáře 'Naplánované úlohy'

2009-11-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-30 16:48]

2009-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-11 14:44]

2009-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-11 14:44]

2009-10-18 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-04-27 16:15]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint - Náhled - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint - Přidat na seznam k tisku - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint - Tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint - Vysokorychlostní tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
FF - ProfilePath - c:\documents and settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\twkc5eow.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - plugin: c:\program files\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-14 16:09
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x867671F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x867671f8
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-73586283-789336058-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(792)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll

- - - - - - - > 'lsass.exe'(848)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll

- - - - - - - > 'explorer.exe'(3584)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll
c:\windows\TrnOEH.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2009-11-14 16:18 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-11-14 15:18

Před spuštěním: 1 477 984 256
Po spuštění: 1 385 201 664

- - End Of File - - 7AFF864CF91A7B2333DA4803F2C6BEFE
Nahoru
dastin
Level 1
Level 1
Příspěvky: 51
Registrován: říjen 08
Pohlaví: Nespecifikováno
Stav:
Offline

Re: SPyware alert

Příspěvekod dastin » 14 lis 2009 16:20

Vypadá to, že už je to v pořádku ... Moc Dík
Nahoru
pitimir
Level 3.5
Level 3.5
Příspěvky: 850
Registrován: srpen 09
Pohlaví: Muž
Stav:
Offline

Re: SPyware alert

Příspěvekod pitimir » 14 lis 2009 16:29

Ale este tam ostal bordel...len neutekaj ;)

Presun ikonu CF na plochu, vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall a otvor poznamkovy blok. Donho skopiruj:

Kód: Vybrat vše

http://pc-help.cz/viewtopic.php?f=70&t=46785

KillAll::
Collect::
c:\windows\system32\15369vizus2e05.exe
c:\windows\system32\388d59eal6z4.bin
c:\windows\system32\2789n9t-z-v5ruse0.exe
c:\windows\system32\75f9thzeat6052.exe
c:\windows\system32\b4fbackd5or69z9.bin
c:\windows\99z9s5y1c5.bin
c:\windows\system32\21ezsp9ware5023.exe
c:\windows\system32\271z3viru5793.dll
c:\windows\9515spy5za.bin
c:\windows\system32\dfbazdwar520879.exe
c:\windows\791est5a960z.exe
c:\windows\system32\52z5ha9ktool22e.exe
c:\windows\9853virus9c7z.bin
c:\windows\system32\4605a5dwarz4959.dll
c:\windows\system32\260379acktooz7955.bin
c:\windows\system32\26719spa5b9t7d4z.dll
c:\windows\system32\179bt5ief31z7.dll
c:\windows\system32\65cazackdoo91489.exe
c:\windows\system32\6322spzmbot950.dll
c:\windows\system32\99927virus7z5.bin
c:\windows\system32\f19spzrse115.exe
c:\windows\system32\795et5ie9z2.exe
c:\windows\system32\7339sparze659.dll
c:\windows\system32\2z95virus5c9.bin
c:\windows\system32\25951not-a-zi9us35a.dll
c:\windows\system32\z2499spa59ot29a.dll
c:\windows\system32\zefcs5ea91364.dll
c:\windows\system32\28988viruz501.exe
c:\windows\system32\2e5fsparsz1594.dll
c:\windows\system32\msasn1.dll
c:\windows\881down5zade9974.bin
c:\windows\672fa9dwar511z2.bin
c:\windows\system32\1996addwaze2156.dll
c:\windows\system32\7191thr5at2686z.dll

Folder::
c:\program files\ICQ6Toolbar

RegNull::
[HKEY_USERS\S-1-5-21-73586283-789336058-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]

Uloz na plochu ako CFScript.txt a mysou pretiahni nad ikonou CF.

Obrázek

Program script spracuje a spravi novy log.


Pozor: Ak po aplikacii skriptu nenabehne Windows, restartuj PC, stlac F8 a zvol Poslednu znamu funkcnu konfiguraciu.
Nemam rad amaterizmus...

A adresat odkazu to vie :)
Nahoru
Odpovědět

Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 33 hostů