ComboFix 07-08-30.3 - "chriss" 2007-09-05 23:12:00.3 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.588 [GMT 2:00]
((((((((((((((((((((((((( Files Created from 2007-08-05 to 2007-09-05 )))))))))))))))))))))))))))))))
2007-09-05 15:43 <DIR> d-a------ C:\WINDOWS.0\zts2.exe
2007-09-05 15:43 <DIR> d-a------ C:\WINDOWS.0\system32\vcmgcd32.dll
2007-09-05 15:43 <DIR> d-a------ C:\WINDOWS.0\system32\iifgfgf.dll
2007-09-05 15:43 <DIR> d-a------ C:\WINDOWS.0\rundll16.exe
2007-09-05 15:43 <DIR> d-a------ C:\WINDOWS.0\rundl132.dll
2007-09-05 15:43 <DIR> d-a------ C:\WINDOWS.0\logo1_.exe
2007-09-05 15:39 147,968 --a------ C:\WINDOWS.0\R.COM
2007-09-05 15:39 137,216 --a------ C:\WINDOWS.0\system32\T.COM
2007-09-05 15:05 182,912 --a------ C:\WINDOWS.0\system32\dllcache\ndis.sys
2007-09-05 14:39 51,200 --a------ C:\WINDOWS.0\nircmd.exe
2007-09-05 10:43 23 --ahs---- C:\WINDOWS.0\system32\bceebdcc9_r.dll
2007-09-05 10:43 <DIR> d-------- C:\Program Files\jv16 PowerTools 2007
2007-09-05 10:15 23 --ahs---- C:\WINDOWS.0\system32\bceebdcc9_g.dll
2007-09-05 10:15 <DIR> d-------- C:\Program Files\RegSupreme
2007-09-04 23:24 <DIR> d-------- C:\Program Files\ClearProg
2007-09-04 21:13 138,624 --a------ C:\WINDOWS.0\system32\drivers\sp_rsdrv2.sys
2007-09-04 21:09 <DIR> d-------- C:\Program Files\Spyware Terminator
2007-09-04 21:09 <DIR> d-------- C:\Program Files\Crawler
2007-09-04 21:09 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Spyware Terminator
2007-09-03 23:11 159,744 --a------ C:\WINDOWS.0\system32\hasher.dll
2007-09-03 23:11 <DIR> d-------- C:\Program Files\Trisnap Technologies
2007-09-03 11:28 146,208 --ahs---- C:\WINDOWS.0\system32\drivers\fidbox2.dat
2007-09-03 11:28 1,659,424 --ahs---- C:\WINDOWS.0\system32\drivers\fidbox.dat
2007-09-03 11:28 <DIR> d-------- C:\Program Files\Kaspersky Lab
2007-09-03 11:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Kaspersky Lab
2007-08-20 18:03 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-08-07 09:50 <DIR> d-------- C:\Program Files\Phoner
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-09-05 23:05 536216 --ahs---- C:\WINDOWS.0\system32\drivers\fidbox2.idx
2007-09-05 23:05 1604 --ahs---- C:\WINDOWS.0\system32\drivers\fidbox.idx
2007-07-25 09:24 76560 --a------ C:\WINDOWS.0\system32\drivers\tmcomm.sys
2007-07-25 08:26 --------- d-------- C:\Program Files\HJT
2007-07-16 22:32 77312 --a------ C:\WINDOWS.0\ua2.dll
2007-07-13 08:56 --------- d-------- C:\Program Files\Skype
2007-07-13 08:56 --------- d-------- C:\Program Files\Common Files\Skype
2004-03-16 20:21 475 --a------ C:\Program Files\INSTALL.LOG
2004-03-11 13:27 40960 --a------ C:\Program Files\Uninstall_CDS.exe
2003-10-13 19:34 266 ---h----- C:\Program Files\desktop.ini
2003-10-13 19:34 11253 ---h----- C:\Program Files\folder.htt
2003-09-22 23:19 2095 --a------ C:\Program Files\uninstall.log
2000-08-09 14:26 3030 --a------ C:\Program Files\odbc.inf
((((((((((((((((((((((((((((( snapshot_2007-09-05_151305.00 )))))))))))))))))))))))))))))))))))))))))
------w 1,862,144 2007-08-31 08:16:02 C:\WINDOWS.0\Temp\CTun.exe
----a-w 163,328 2007-03-13 08:57:12 C:\WINDOWS.0\erdnt\subs\F3M\ERDNT.EXE
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WService"="WService.EXE" [2002-01-30 08:23 C:\WINDOWS.0\system32\WService.exe]
"AtiPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-10 21:10]
"mouseElf"="C:\PROGRA~1\GENIUS~1\GNETMOUS.EXE" [2003-05-13 10:41]
"Mirabilis ICQ"="C:\PROGRA~1\ICQ\ICQNet.exe" [2003-10-14 17:36]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-09-05 08:19]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-08-13 19:05]
"CloneCDElbyCDFL"="C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2001-12-06 13:09]
"CloneCDTray"="C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe" [2002-04-15 09:12]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 17:35]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe" [2004-11-25 12:59]
"DataLayer"="C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE" [2004-11-30 14:02]
"WorldClock"="" []
"Omnipage"="D:\Program Files\ScanSoft\OmniPageSE\opware32.exe" [2003-07-14 16:37]
"Acrobat Assistant 8.0"="G:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 23:24]
"SpyHunter"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe" [2007-04-26 19:03]
"kis"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" [2006-03-24 18:09]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2007-09-04 21:11]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS.0\system32\ctfmon.exe" [2004-08-18 00:49]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-09-22 16:10]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2004-11-24 12:29]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-07-02 17:10]
"WorldClock"="C:\Documents and Settings\chriss\Plocha\wclock30\wclock30.exe" [2006-10-29 14:46]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe
R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\C:\WINDOWS.0\system32\drivers\sp_rsdrv2.sys
R2 DgiVecp;Team MFP Comm Driver;C:\WINDOWS.0\system32\Drivers\DgiVecp.sys
R2 SpPortEx;Samsung Port Exclusion;C:\WINDOWS.0\system32\Drivers\SpPortEx.sys
R3 AVMWAN;NDIS WAN CAPI Treiber;C:\WINDOWS.0\system32\DRIVERS\avmwan.sys
R3 genmcmnUSB;USB Scroll Mouse Driver;C:\WINDOWS.0\system32\DRIVERS\gflmouhid.sys
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS.0\system32\DRIVERS\psched.sys
S2 P1C1394;Phase One 1394 Camera Driver;C:\WINDOWS.0\system32\Drivers\p1c1394.sys
S2 Tablet2k;Serial Tablet Port Driver;"C:\WINDOWS.0\System32\Drivers\Tablet2k.sys"
S3 ati2mtaa;ati2mtaa;C:\WINDOWS.0\system32\DRIVERS\ati2mtaa.sys
S3 fxusbase;ISDN@2lines-Connector (WinXP/2000);C:\WINDOWS.0\system32\DRIVERS\fxusbase.sys
S3 MSIRCOMM;Microsoft IR Communications Driver;C:\WINDOWS.0\system32\DRIVERS\MSIRCOMM.sys
S3 NETFRITZ;AVM FRITZ!web PPP over ISDN;C:\WINDOWS.0\system32\DRIVERS\NETFRITZ.SYS
S3 ovt530;TM507A USB Camera;C:\WINDOWS.0\system32\Drivers\ov530vid.sys
S3 TClass2k;Tablet Class Driver;C:\WINDOWS.0\system32\DRIVERS\TClass2k.sys
S3 UCTblHid;HID Tablet Port Driver;C:\WINDOWS.0\system32\DRIVERS\UCTblHid.sys
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Schedule
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-05 23:16:00
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-09-05 23:17:00
C:\ComboFix2.txt ... 2007-09-05 17:12
C:\ComboFix-quarantined-files.txt ... 2007-09-05 23:17
--- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:20:00, on 5.9.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\System32\Ati2evxx.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\Program Files\Sygate\SPF\Smc.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\WINDOWS.0\system32\Ati2evxx.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS.0\system32\WService.EXE
C:\PROGRA~1\GENIUS~1\GNETMOUS.EXE
C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe
C:\PROGRA~1\ICQ\ICQ.exe
D:\Program Files\ScanSoft\OmniPageSE\opware32.exe
G:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\chriss\Plocha\wclock30\wclock30.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS.0\System32\svchost.exe
C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS.0\system32\wscntfy.exe
C:\WINDOWS.0\explorer.exe
L:\HiJackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [WService] WService.EXE
O4 - HKLM\..\Run: [AtiPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\GENIUS~1\GNETMOUS.EXE
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [Omnipage] D:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "G:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WorldClock] "C:\Documents and Settings\chriss\Plocha\wclock30\wclock30.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: RemoteScan Server.lnk = C:\Program Files\RemoteScan Server\RemoteScanServer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O8 - Extra context menu item: Append to existing PDF - res://G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Chinese Navigation - {35980F6E-A137-4E50-953D-813BB8556899} - C:\WINDOWS.0\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Chinese Navigation - {35980F6E-A137-4E50-953D-813BB8556899} - C:\WINDOWS.0\System32\shdocvw.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows.0\system32\nwprovau.dll
O16 - DPF: {3717DF57-0396-463D-98B7-647C7DC6898A} - http://delivery.inet-traffic.com/intdel.exe
O16 - DPF: {4ADC518E-B607-11D4-B395-0001020F4519} (SigVer Class) - https://portal.ozp.cz/obj/Signer.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 0939995642
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS.0\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS.0\system32\ati2sgag.exe (file missing)
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\Smc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: SysEnforce - Unknown owner - C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE
O23 - Service: WinTab Service (WinTabService) - Unknown owner - C:\WINDOWS.0\System32\Drivers\WTSRV.EXE (file missing)
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/chriss/LOCALS~1/Temp/msohtml1/01/clip_image001.gif
--
End of file - 10377 bytes
Připojení v tahu, hledám pachatele
-
Chriss1
- nováček
- Příspěvky: 15
- Registrován: září 07
- Bydliště: Eliasova 35, P-6
- Pohlaví:
- Stav:
Offline
Všechno jsem provedl dle instrukcí. Začíná se to lepšit...skype má připojení...akorát exporer se pokouší na portu 1900 někam připojovat a regedit se snaží přejmenovat na bmp...kdyžtak mi poraďte co mám na firewalu a tom spywareterminatoru povolovat a co zakazovat...abych to nějak nesabotoval to Vaše úsilí.
Díky za pomoc!
Chriss
Chriss
-
Chriss1
- nováček
- Příspěvky: 15
- Registrován: září 07
- Bydliště: Eliasova 35, P-6
- Pohlaví:
- Stav:
Offline
toto je aktuální výpis mwavu
Thu Sep 06 12:05:23 2007 => System found infected with trojan-downloader.bat.ftp.ab Trojan-Downloader (swsc.exe)! Action taken: Nic nebylo provedeno.
Thu Sep 06 12:05:23 2007 => System found infected with trojan-downloader.bat.ftp.ab Trojan-Downloader (moveex.exe)! Action taken: Nic nebylo provedeno.
Thu Sep 06 12:05:23 2007 => System found infected with trojan-downloader.bat.ftp.ab Trojan-Downloader (swreg.exe)! Action taken: Nic nebylo provedeno.
Thu Sep 06 12:05:27 2007 => System found infected with zlob Trojan-Downloader (install.dat)! Action taken: Nic nebylo provedeno.
Thu Sep 06 12:04:53 2007 => ERROR!!! Invalid Entry "%SystemRoot%\System32\Drivers\WTSRV.EXE" in SYSTEM\CurrentControlSet\Services\WinTabService...
Thu Sep 06 12:05:19 2007 => System found infected with killav.nbd Browser Hijacker ({e0e899ab-f487-11d5-8d29-0050ba6940e3})! Action taken: Nic nebylo provedeno.
Thu Sep 06 12:05:23 2007 => System found infected with trojan-downloader.bat.ftp.ab Trojan-Downloader (moveex.exe)! Action taken: Nic nebylo provedeno.
Thu Sep 06 12:05:23 2007 => System found infected with trojan-downloader.bat.ftp.ab Trojan-Downloader (swreg.exe)! Action taken: Nic nebylo provedeno.
Thu Sep 06 12:05:27 2007 => System found infected with zlob Trojan-Downloader (install.dat)! Action taken: Nic nebylo provedeno.
Thu Sep 06 12:04:53 2007 => ERROR!!! Invalid Entry "%SystemRoot%\System32\Drivers\WTSRV.EXE" in SYSTEM\CurrentControlSet\Services\WinTabService...
Thu Sep 06 12:05:19 2007 => System found infected with killav.nbd Browser Hijacker ({e0e899ab-f487-11d5-8d29-0050ba6940e3})! Action taken: Nic nebylo provedeno.
Díky za pomoc!
Chriss
Chriss
Použij znovu Avenger a vlož do něj tento script:
Folders to delete:
C:\Program Files\Crawler
C:\PROGRA~1\FLASHGET
Po restartu sem vlož log který ti vyběhne.
Ohledně připojení na internet zkus zkusit SREng:
Stáhni si SREng, rozbal ho do vlastní složky a spusť ho.
Klikni na System Repair a klikni na záložku Advanced Repair.
Poté klikni dole vlevo na tlačítko Winsock Reset. Objeví se ti hláška, že nemáš při této opeeraci - prohlížet stránky, odesílat maily atd. tak klikni na OK.
Vyskočí ti další hláška kde odklikni Yes poté ti vyskočí další hláška kde odklikni OK a restartuj PC.
Poté řekni jestli máš (ještě) nějaké problémy s PC.
Folders to delete:
C:\Program Files\Crawler
C:\PROGRA~1\FLASHGET
Po restartu sem vlož log který ti vyběhne.
Ohledně připojení na internet zkus zkusit SREng:
Stáhni si SREng, rozbal ho do vlastní složky a spusť ho.
Klikni na System Repair a klikni na záložku Advanced Repair.
Poté klikni dole vlevo na tlačítko Winsock Reset. Objeví se ti hláška, že nemáš při této opeeraci - prohlížet stránky, odesílat maily atd. tak klikni na OK.
Vyskočí ti další hláška kde odklikni Yes poté ti vyskočí další hláška kde odklikni OK a restartuj PC.
Poté řekni jestli máš (ještě) nějaké problémy s PC.
-
Chriss1
- nováček
- Příspěvky: 15
- Registrován: září 07
- Bydliště: Eliasova 35, P-6
- Pohlaví:
- Stav:
Offline
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\^dmrfrtx
*******************
Script file located at: \??\C:\WINDOWS.0\qoftxuku.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Folder C:\Program Files\Crawler deleted successfully.
Folder C:\PROGRA~1\FLASHGET deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
Explorer se mi snaží připojit po startu na portu 1900 na ip 239.255.255.250, já mu to na firewalu zakazuju, je to dobře?
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\^dmrfrtx
*******************
Script file located at: \??\C:\WINDOWS.0\qoftxuku.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Folder C:\Program Files\Crawler deleted successfully.
Folder C:\PROGRA~1\FLASHGET deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
Explorer se mi snaží připojit po startu na portu 1900 na ip 239.255.255.250, já mu to na firewalu zakazuju, je to dobře?
Díky za pomoc!
Chriss
Chriss
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 5 hostů