Chtěl bych poprosit o pomoc s trojským koněm. Když zapnu pc tak mi symantec ohlásí že našel trojskýho koně a uložil do karantény, z karantény jej úspěšně smažu, ale když zapnu pc další den tak to zahlásí znova.
Přikládám log z HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:01:41, on 24.7.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\WINDOWS\system32\rundll.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\retadpu320.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Uživatel\Dokumenty\Stahování\Hijack\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [system] rundll.exe
O4 - HKLM\..\RunServices: [system] rundll.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{ABF6B825-FDC3-4F94-8B1B-689C249DC3EE}: NameServer = 212.96.161.6,212.96.160.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Trojský kůň
Postupuj dle tohoto návodu.
Použij ten Avenger alespoň 2krát za sebou a poté sem dej nový log z HJT.
Tento soubor nechej zkontrolovat na Virustotalu:
C:\WINDOWS\retadpu320.exe
Pro lepší nalezení si zapni - Zobrazovat skryté a systémové soubory.
a zkopíruj sem výsledek.
Použij ten Avenger alespoň 2krát za sebou a poté sem dej nový log z HJT.
Tento soubor nechej zkontrolovat na Virustotalu:
C:\WINDOWS\retadpu320.exe
Pro lepší nalezení si zapni - Zobrazovat skryté a systémové soubory.
a zkopíruj sem výsledek.
tak jsem dal zkontrolovat ten soubor C:\WINDOWS\retadpu320.exe a tady je vysledek
AhnLab-V3 -no virus found
AntiVir -TR/Crypt.ULPM.Gen
Authentium -no virus found
Avast -Win32:Agent-HKJ
AVG -Downloader.Agent.NLE
BitDefender -no virus found
CAT-QuickHeal -(Suspicious) - DNAScan
ClamAV -no virus found
DrWeb -no virus found
eSafe -Win32.Agent.bls
eTrust-Vet -no virus found
Ewido -Downloader.Agent.bls
FileAdvisor -no virus found
Fortinet -W32/Agent.BLS!tr.dldr
F-Prot -no virus found
F-Secure -Trojan-Downloader.Win32.Agent.bls
Ikarus -Trojan-Downloader.Win32.Agent.bls
Kaspersky -Trojan-Downloader.Win32.Agent.bls
McAfee -Downloader-BCF
Microsoft -BrowserModifier:Win32/Matcash
NOD32v2 -a variant of Win32/TrojanDownloader.Agent.BLS
Norman -W32/Agent.BWZL
Panda -Suspicious file
Sophos -Mal/HckPk-D
Sunbelt -no virus found
Symantec -Downloader
TheHacker -Trojan/Downloader.Agent.bls
VBA32 -no virus found
VirusBuster -Trojan.DL.Agent.UJX
Webwasher-Gateway -Trojan.Crypt.ULPM.Gen
AhnLab-V3 -no virus found
AntiVir -TR/Crypt.ULPM.Gen
Authentium -no virus found
Avast -Win32:Agent-HKJ
AVG -Downloader.Agent.NLE
BitDefender -no virus found
CAT-QuickHeal -(Suspicious) - DNAScan
ClamAV -no virus found
DrWeb -no virus found
eSafe -Win32.Agent.bls
eTrust-Vet -no virus found
Ewido -Downloader.Agent.bls
FileAdvisor -no virus found
Fortinet -W32/Agent.BLS!tr.dldr
F-Prot -no virus found
F-Secure -Trojan-Downloader.Win32.Agent.bls
Ikarus -Trojan-Downloader.Win32.Agent.bls
Kaspersky -Trojan-Downloader.Win32.Agent.bls
McAfee -Downloader-BCF
Microsoft -BrowserModifier:Win32/Matcash
NOD32v2 -a variant of Win32/TrojanDownloader.Agent.BLS
Norman -W32/Agent.BWZL
Panda -Suspicious file
Sophos -Mal/HckPk-D
Sunbelt -no virus found
Symantec -Downloader
TheHacker -Trojan/Downloader.Agent.bls
VBA32 -no virus found
VirusBuster -Trojan.DL.Agent.UJX
Webwasher-Gateway -Trojan.Crypt.ULPM.Gen
zajimavy...po prvnim projeti toho avengeru a po resetu pc symantec nic nezahlasil....ani po druhym....tady je ten HJlist
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:21:39, on 24.7.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Uživatel\Dokumenty\Stahování\Hijack\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [system] rundll.exe
O4 - HKLM\..\RunServices: [system] rundll.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{ABF6B825-FDC3-4F94-8B1B-689C249DC3EE}: NameServer = 212.96.161.6,212.96.160.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:21:39, on 24.7.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Uživatel\Dokumenty\Stahování\Hijack\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [system] rundll.exe
O4 - HKLM\..\RunServices: [system] rundll.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{ABF6B825-FDC3-4F94-8B1B-689C249DC3EE}: NameServer = 212.96.161.6,212.96.160.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Ano to je všechno pokud již ti nic nehlásí symantec.
Pokud chceš pořádnej antivir tak ti poradím MWAV je to nejdůkladnější scaner co znám.
Jinak chci říct že MWAV neslouží jako náhrada normálního antiviru ale jen pro občasné scanování.
Pokud chceš pořádnej antivir tak ti poradím MWAV je to nejdůkladnější scaner co znám.
Jinak chci říct že MWAV neslouží jako náhrada normálního antiviru ale jen pro občasné scanování.
tak sem nechal projet MWAV a podle navodu jsem nasel tohle
Wed Jul 25 10:01:27 2007 => System found infected with mybugfreepc Corrupted Adware/Spyware ({71a2702f-c7d8-11d2-bef8-525400dfb47a})! Action taken: Nic nebylo provedeno.
Wed Jul 25 10:01:27 2007 => System found infected with mybugfreepc Corrupted Adware/Spyware ({71a27032-c7d8-11d2-bef8-525400dfb47a})! Action taken: Nic nebylo provedeno.
Wed Jul 25 10:01:27 2007 => System found infected with mybugfreepc Corrupted Adware/Spyware ({71a27034-c7d8-11d2-bef8-525400dfb47a})! Action taken: Nic nebylo provedeno.
Wed Jul 25 10:02:10 2007 => System found infected with mybugfreepc Corrupted Adware/Spyware ({71a2702d-c7d8-11d2-bef8-525400dfb47a})! Action taken: Nic nebylo provedeno.
Wed Jul 25 10:02:10 2007 => System found infected with mybugfreepc Corrupted Adware/Spyware ({71a2702e-c7d8-11d2-bef8-525400dfb47a})! Action taken: Nic nebylo provedeno.
Wed Jul 25 10:02:10 2007 => System found infected with mybugfreepc Corrupted Adware/Spyware ({71a27031-c7d8-11d2-bef8-525400dfb47a})! Action taken: Nic nebylo provedeno.
Wed Jul 25 10:02:10 2007 => System found infected with mybugfreepc Corrupted Adware/Spyware ({71a27033-c7d8-11d2-bef8-525400dfb47a})! Action taken: Nic nebylo provedeno.
Wed Jul 25 10:02:10 2007 => System found infected with mybugfreepc Corrupted Adware/Spyware ({71a27036-c7d8-11d2-bef8-525400dfb47a})! Action taken: Nic nebylo provedeno.
Wed Jul 25 10:02:11 2007 => Key found with NULL Character: HKLM\Software\Microsoft\Windows\CurrentVersion\System !!!
Wed Jul 25 10:02:11 2007 => Objekt "NULLBYTE Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Wed Jul 25 10:02:12 2007 => Offending Key found: HKCU\\ssubtimer6.ctimer !!!
Wed Jul 25 10:02:12 2007 => Objekt "mybugfreepc Corrupted Adware/Spyware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Wed Jul 25 10:02:12 2007 => Offending Key found: HKCU\\ssubtimer6.gsubclass !!!
Wed Jul 25 10:02:12 2007 => Objekt "mybugfreepc Corrupted Adware/Spyware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Wed Jul 25 10:02:12 2007 => Offending Key found: HKCU\\ssubtimer6.isubclass !!!
Wed Jul 25 10:02:12 2007 => Objekt "mybugfreepc Corrupted Adware/Spyware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Wed Jul 25 10:02:30 2007 => Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll". Provedené akce: Nic nebylo provedeno.
Wed Jul 25 10:02:32 2007 => Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" odkazuje na neplatný objekt "C:\Program Files\Atari\TopSpin-Demo\". Provedené akce: Nic nebylo provedeno.
Wed Jul 25 10:02:32 2007 => Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" odkazuje na neplatný objekt "C:\Program Files\Atari\". Provedené akce: Nic nebylo provedeno.
Wed Jul 25 10:02:32 2007 => Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" odkazuje na neplatný objekt "C:\WINDOWS\winsxs\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\". Provedené akce: Nic nebylo provedeno.
Wed Jul 25 10:02:32 2007 => Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" odkazuje na neplatný objekt "C:\WINDOWS\winsxs\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_39049d00\". Provedené akce: Nic nebylo provedeno.
Wed Jul 25 10:02:32 2007 => Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" odkazuje na neplatný objekt "C:\WINDOWS\winsxs\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_8e53b5fe\". Provedené akce: Nic nebylo provedeno.
Wed Jul 25 09:59:07 2007 => Scanning File C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\virus.avi
Wed Jul 25 10:02:33 2007 => Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".ccd". Provedené akce: Nic nebylo provedeno.
Wed Jul 25 10:02:33 2007 => Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".daa". Provedené akce: Nic nebylo provedeno.
Wed Jul 25 10:02:33 2007 => Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".dff". Provedené akce: Nic nebylo provedeno.
Wed Jul 25 10:02:33 2007 => Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".dir". Provedené akce: Nic nebylo provedeno.
Wed Jul 25 10:02:33 2007 => Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".txd". Provedené akce: Nic nebylo provedeno.
Wed Jul 25 10:02:33 2007 => Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{4B35F00C-E63D-40DC-9839-DF15A33EAC46}". Provedené akce: Nic nebylo provedeno.
Wed Jul 25 10:02:33 2007 => Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{60DE4033-9503-48D1-A483-7846BD217CA9}". Provedené akce: Nic nebylo provedeno.
Wed Jul 25 10:02:36 2007 => Soubor C:\WINDOWS\retadpu569.exe//PE_Patch.Upolyx//PE_Patch.UPX//UPX je infikovaný virem Trojan-Downloader.Win32.Agent.bls !! Provedené akce: Nic nebylo provedeno.
Wed Jul 25 10:03:55 2007 => Testování souboru C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\virus.avi
C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\wr-1-569.exe//PE_Patch.Upolyx//PE_Patch.UPX//UPX je infikovaný virem Trojan-Downloader.Win32.Small.eqn !! Provedené akce: Nic nebylo provedeno.
C:\DOCUME~1\UIVATE~1\LOCALS~1\TEMPOR~1\Content.IE5\012LDE67\retadpu[1].exe//PE_Patch.Upolyx//PE_Patch.UPX//UPX je infikovaný virem Trojan-Downloader.Win32.Agent.bls !! Provedené akce: Nic nebylo provedeno.
C:\DOCUME~1\UIVATE~1\LOCALS~1\TEMPOR~1\Content.IE5\MBS5WREP\retadpu[1].exe//PE_Patch.Upolyx//PE_Patch.UPX//UPX je infikovaný virem Trojan-Downloader.Win32.Agent.bls !! Provedené akce: Nic nebylo provedeno.
C:\DOCUME~1\UIVATE~1\LOCALS~1\TEMPOR~1\Content.IE5\MBS5WREP\wr-1-320[1].exe//PE_Patch.Upolyx//PE_Patch.UPX//UPX je infikovaný virem Trojan-Downloader.Win32.Small.eqn !! Provedené akce: Nic nebylo provedeno.
Wed Jul 25 10:04:55 2007 => Testovaných objektů: 31183
Wed Jul 25 10:04:55 2007 => Kritických objektů: 17
Wed Jul 25 10:04:55 2007 => Celkem vyléčených objektů: 0
Wed Jul 25 10:04:55 2007 => Celkem přejmenováno: 0
Wed Jul 25 10:04:55 2007 => Smazaných objektů: 0
Wed Jul 25 10:04:55 2007 => Celkem chyb: 16
Wed Jul 25 10:04:55 2007 => Uplynulý čas: 00:04:17
Wed Jul 25 10:04:55 2007 => Datum vydání databáze: 7/23/2007
Wed Jul 25 10:04:55 2007 => Verze virové databáze: 366732
Wed Jul 25 10:01:27 2007 => System found infected with mybugfreepc Corrupted Adware/Spyware ({71a2702f-c7d8-11d2-bef8-525400dfb47a})! Action taken: Nic nebylo provedeno.
Wed Jul 25 10:01:27 2007 => System found infected with mybugfreepc Corrupted Adware/Spyware ({71a27032-c7d8-11d2-bef8-525400dfb47a})! Action taken: Nic nebylo provedeno.
Wed Jul 25 10:01:27 2007 => System found infected with mybugfreepc Corrupted Adware/Spyware ({71a27034-c7d8-11d2-bef8-525400dfb47a})! Action taken: Nic nebylo provedeno.
Wed Jul 25 10:02:10 2007 => System found infected with mybugfreepc Corrupted Adware/Spyware ({71a2702d-c7d8-11d2-bef8-525400dfb47a})! Action taken: Nic nebylo provedeno.
Wed Jul 25 10:02:10 2007 => System found infected with mybugfreepc Corrupted Adware/Spyware ({71a2702e-c7d8-11d2-bef8-525400dfb47a})! Action taken: Nic nebylo provedeno.
Wed Jul 25 10:02:10 2007 => System found infected with mybugfreepc Corrupted Adware/Spyware ({71a27031-c7d8-11d2-bef8-525400dfb47a})! Action taken: Nic nebylo provedeno.
Wed Jul 25 10:02:10 2007 => System found infected with mybugfreepc Corrupted Adware/Spyware ({71a27033-c7d8-11d2-bef8-525400dfb47a})! Action taken: Nic nebylo provedeno.
Wed Jul 25 10:02:10 2007 => System found infected with mybugfreepc Corrupted Adware/Spyware ({71a27036-c7d8-11d2-bef8-525400dfb47a})! Action taken: Nic nebylo provedeno.
Wed Jul 25 10:02:11 2007 => Key found with NULL Character: HKLM\Software\Microsoft\Windows\CurrentVersion\System !!!
Wed Jul 25 10:02:11 2007 => Objekt "NULLBYTE Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Wed Jul 25 10:02:12 2007 => Offending Key found: HKCU\\ssubtimer6.ctimer !!!
Wed Jul 25 10:02:12 2007 => Objekt "mybugfreepc Corrupted Adware/Spyware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Wed Jul 25 10:02:12 2007 => Offending Key found: HKCU\\ssubtimer6.gsubclass !!!
Wed Jul 25 10:02:12 2007 => Objekt "mybugfreepc Corrupted Adware/Spyware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Wed Jul 25 10:02:12 2007 => Offending Key found: HKCU\\ssubtimer6.isubclass !!!
Wed Jul 25 10:02:12 2007 => Objekt "mybugfreepc Corrupted Adware/Spyware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Wed Jul 25 10:02:30 2007 => Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll". Provedené akce: Nic nebylo provedeno.
Wed Jul 25 10:02:32 2007 => Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" odkazuje na neplatný objekt "C:\Program Files\Atari\TopSpin-Demo\". Provedené akce: Nic nebylo provedeno.
Wed Jul 25 10:02:32 2007 => Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" odkazuje na neplatný objekt "C:\Program Files\Atari\". Provedené akce: Nic nebylo provedeno.
Wed Jul 25 10:02:32 2007 => Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" odkazuje na neplatný objekt "C:\WINDOWS\winsxs\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\". Provedené akce: Nic nebylo provedeno.
Wed Jul 25 10:02:32 2007 => Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" odkazuje na neplatný objekt "C:\WINDOWS\winsxs\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_39049d00\". Provedené akce: Nic nebylo provedeno.
Wed Jul 25 10:02:32 2007 => Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" odkazuje na neplatný objekt "C:\WINDOWS\winsxs\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_8e53b5fe\". Provedené akce: Nic nebylo provedeno.
Wed Jul 25 09:59:07 2007 => Scanning File C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\virus.avi
Wed Jul 25 10:02:33 2007 => Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".ccd". Provedené akce: Nic nebylo provedeno.
Wed Jul 25 10:02:33 2007 => Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".daa". Provedené akce: Nic nebylo provedeno.
Wed Jul 25 10:02:33 2007 => Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".dff". Provedené akce: Nic nebylo provedeno.
Wed Jul 25 10:02:33 2007 => Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".dir". Provedené akce: Nic nebylo provedeno.
Wed Jul 25 10:02:33 2007 => Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".txd". Provedené akce: Nic nebylo provedeno.
Wed Jul 25 10:02:33 2007 => Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{4B35F00C-E63D-40DC-9839-DF15A33EAC46}". Provedené akce: Nic nebylo provedeno.
Wed Jul 25 10:02:33 2007 => Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{60DE4033-9503-48D1-A483-7846BD217CA9}". Provedené akce: Nic nebylo provedeno.
Wed Jul 25 10:02:36 2007 => Soubor C:\WINDOWS\retadpu569.exe//PE_Patch.Upolyx//PE_Patch.UPX//UPX je infikovaný virem Trojan-Downloader.Win32.Agent.bls !! Provedené akce: Nic nebylo provedeno.
Wed Jul 25 10:03:55 2007 => Testování souboru C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\virus.avi
C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\wr-1-569.exe//PE_Patch.Upolyx//PE_Patch.UPX//UPX je infikovaný virem Trojan-Downloader.Win32.Small.eqn !! Provedené akce: Nic nebylo provedeno.
C:\DOCUME~1\UIVATE~1\LOCALS~1\TEMPOR~1\Content.IE5\012LDE67\retadpu[1].exe//PE_Patch.Upolyx//PE_Patch.UPX//UPX je infikovaný virem Trojan-Downloader.Win32.Agent.bls !! Provedené akce: Nic nebylo provedeno.
C:\DOCUME~1\UIVATE~1\LOCALS~1\TEMPOR~1\Content.IE5\MBS5WREP\retadpu[1].exe//PE_Patch.Upolyx//PE_Patch.UPX//UPX je infikovaný virem Trojan-Downloader.Win32.Agent.bls !! Provedené akce: Nic nebylo provedeno.
C:\DOCUME~1\UIVATE~1\LOCALS~1\TEMPOR~1\Content.IE5\MBS5WREP\wr-1-320[1].exe//PE_Patch.Upolyx//PE_Patch.UPX//UPX je infikovaný virem Trojan-Downloader.Win32.Small.eqn !! Provedené akce: Nic nebylo provedeno.
Wed Jul 25 10:04:55 2007 => Testovaných objektů: 31183
Wed Jul 25 10:04:55 2007 => Kritických objektů: 17
Wed Jul 25 10:04:55 2007 => Celkem vyléčených objektů: 0
Wed Jul 25 10:04:55 2007 => Celkem přejmenováno: 0
Wed Jul 25 10:04:55 2007 => Smazaných objektů: 0
Wed Jul 25 10:04:55 2007 => Celkem chyb: 16
Wed Jul 25 10:04:55 2007 => Uplynulý čas: 00:04:17
Wed Jul 25 10:04:55 2007 => Datum vydání databáze: 7/23/2007
Wed Jul 25 10:04:55 2007 => Verze virové databáze: 366732
Vyčisti PC CCleanerem.
A smaž tento soubor:
C:\WINDOWS\retadpu569.exe
Kdyby nešel smazat tak řekni.
Poté restartuj PC.
Po restartu spusť znovu MWAV klikni na Clear log poté na Update a pak na Scan.
Pak opět vyfiltruj ty řádky jak je to popsáno v návodu a zkopíruj sem ten upravený log.
A smaž tento soubor:
C:\WINDOWS\retadpu569.exe
Kdyby nešel smazat tak řekni.
Poté restartuj PC.
Po restartu spusť znovu MWAV klikni na Clear log poté na Update a pak na Scan.
Pak opět vyfiltruj ty řádky jak je to popsáno v návodu a zkopíruj sem ten upravený log.
na tom návodu sem četl, že ten MWAV by měl trvat hodinu a víc.....,ale mě trvá kolem 3 minut, je to možný??
jinak sem to po tom čištění nechal znova projet...výsledek-
Thu Jul 26 10:39:11 2007 => System found infected with mybugfreepc Corrupted Adware/Spyware ({71a27032-c7d8-11d2-bef8-525400dfb47a})! Action taken: Nic nebylo provedeno.
Thu Jul 26 10:39:11 2007 => System found infected with mybugfreepc Corrupted Adware/Spyware ({71a27034-c7d8-11d2-bef8-525400dfb47a})! Action taken: Nic nebylo provedeno.
Thu Jul 26 10:39:12 2007 => System found infected with mybugfreepc Corrupted Adware/Spyware ({71a2702d-c7d8-11d2-bef8-525400dfb47a})! Action taken: Nic nebylo provedeno.
Thu Jul 26 10:39:12 2007 => System found infected with mybugfreepc Corrupted Adware/Spyware ({71a2702e-c7d8-11d2-bef8-525400dfb47a})! Action taken: Nic nebylo provedeno.
Thu Jul 26 10:39:12 2007 => System found infected with mybugfreepc Corrupted Adware/Spyware ({71a27031-c7d8-11d2-bef8-525400dfb47a})! Action taken: Nic nebylo provedeno.
Thu Jul 26 10:39:12 2007 => System found infected with mybugfreepc Corrupted Adware/Spyware ({71a27033-c7d8-11d2-bef8-525400dfb47a})! Action taken: Nic nebylo provedeno.
Thu Jul 26 10:39:12 2007 => System found infected with mybugfreepc Corrupted Adware/Spyware ({71a27036-c7d8-11d2-bef8-525400dfb47a})! Action taken: Nic nebylo provedeno.
Thu Jul 26 10:39:13 2007 => Objekt "NULLBYTE Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Thu Jul 26 10:39:14 2007 => Offending Key found: HKCU\\ssubtimer6.ctimer !!!
Thu Jul 26 10:39:14 2007 => Objekt "mybugfreepc Corrupted Adware/Spyware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Thu Jul 26 10:39:14 2007 => Offending Key found: HKCU\\ssubtimer6.gsubclass !!!
Thu Jul 26 10:39:14 2007 => Objekt "mybugfreepc Corrupted Adware/Spyware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Thu Jul 26 10:39:14 2007 => Offending Key found: HKCU\\ssubtimer6.isubclass !!!
Thu Jul 26 10:39:14 2007 => Objekt "mybugfreepc Corrupted Adware/Spyware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Thu Jul 26 10:40:15 2007 => Testovaných objektů: 29151
Thu Jul 26 10:40:15 2007 => Kritických objektů: 11
Thu Jul 26 10:40:15 2007 => Celkem vyléčených objektů: 0
Thu Jul 26 10:40:15 2007 => Celkem přejmenováno: 0
Thu Jul 26 10:40:15 2007 => Smazaných objektů: 0
Thu Jul 26 10:40:15 2007 => Celkem chyb: 2
Thu Jul 26 10:40:15 2007 => Uplynulý čas: 00:01:26
Thu Jul 26 10:40:15 2007 => Datum vydání databáze: 7/26/2007
Thu Jul 26 10:40:15 2007 => Verze virové databáze: 367903
jinak sem to po tom čištění nechal znova projet...výsledek-
Thu Jul 26 10:39:11 2007 => System found infected with mybugfreepc Corrupted Adware/Spyware ({71a27032-c7d8-11d2-bef8-525400dfb47a})! Action taken: Nic nebylo provedeno.
Thu Jul 26 10:39:11 2007 => System found infected with mybugfreepc Corrupted Adware/Spyware ({71a27034-c7d8-11d2-bef8-525400dfb47a})! Action taken: Nic nebylo provedeno.
Thu Jul 26 10:39:12 2007 => System found infected with mybugfreepc Corrupted Adware/Spyware ({71a2702d-c7d8-11d2-bef8-525400dfb47a})! Action taken: Nic nebylo provedeno.
Thu Jul 26 10:39:12 2007 => System found infected with mybugfreepc Corrupted Adware/Spyware ({71a2702e-c7d8-11d2-bef8-525400dfb47a})! Action taken: Nic nebylo provedeno.
Thu Jul 26 10:39:12 2007 => System found infected with mybugfreepc Corrupted Adware/Spyware ({71a27031-c7d8-11d2-bef8-525400dfb47a})! Action taken: Nic nebylo provedeno.
Thu Jul 26 10:39:12 2007 => System found infected with mybugfreepc Corrupted Adware/Spyware ({71a27033-c7d8-11d2-bef8-525400dfb47a})! Action taken: Nic nebylo provedeno.
Thu Jul 26 10:39:12 2007 => System found infected with mybugfreepc Corrupted Adware/Spyware ({71a27036-c7d8-11d2-bef8-525400dfb47a})! Action taken: Nic nebylo provedeno.
Thu Jul 26 10:39:13 2007 => Objekt "NULLBYTE Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Thu Jul 26 10:39:14 2007 => Offending Key found: HKCU\\ssubtimer6.ctimer !!!
Thu Jul 26 10:39:14 2007 => Objekt "mybugfreepc Corrupted Adware/Spyware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Thu Jul 26 10:39:14 2007 => Offending Key found: HKCU\\ssubtimer6.gsubclass !!!
Thu Jul 26 10:39:14 2007 => Objekt "mybugfreepc Corrupted Adware/Spyware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Thu Jul 26 10:39:14 2007 => Offending Key found: HKCU\\ssubtimer6.isubclass !!!
Thu Jul 26 10:39:14 2007 => Objekt "mybugfreepc Corrupted Adware/Spyware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Thu Jul 26 10:40:15 2007 => Testovaných objektů: 29151
Thu Jul 26 10:40:15 2007 => Kritických objektů: 11
Thu Jul 26 10:40:15 2007 => Celkem vyléčených objektů: 0
Thu Jul 26 10:40:15 2007 => Celkem přejmenováno: 0
Thu Jul 26 10:40:15 2007 => Smazaných objektů: 0
Thu Jul 26 10:40:15 2007 => Celkem chyb: 2
Thu Jul 26 10:40:15 2007 => Uplynulý čas: 00:01:26
Thu Jul 26 10:40:15 2007 => Datum vydání databáze: 7/26/2007
Thu Jul 26 10:40:15 2007 => Verze virové databáze: 367903
Enermax Liberty 500W, Intel Pentium D 2,8GHz, ASUS P5LD2, 4GB DDR2, Seagate 500GB, Sapphire Radeon X1650Pro
Tamto jsou pozůstatky v registrech nejsou nijak nebezpečné.
Zkus nastavit MWAV dle tohoto - http://www.viry.cz/forum/viewtopic.php?t=4097
Zkus nastavit MWAV dle tohoto - http://www.viry.cz/forum/viewtopic.php?t=4097
Zpět na “Viry, antiviry, firewally…”
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 2 hosti