ComboFix 07-09-27 - Administrator 2001-09-26 18:39:26.1 - FAT32x86
Syst‚m Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.33 [GMT 2:00]
Running from: C:\Documents and Settings\Administrator\Plocha\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Administrator\Plocha\internet.lnk
C:\WINDOWS.0\system32\_000006_.tmp.dll
.
((((((((((((((((((((((((( Files Created from 2001-08-26 to 2001-09-26 )))))))))))))))))))))))))))))))
.
2001-09-26 18:38 51,200 --a------ C:\WINDOWS.0\NirCmd.exe
2001-09-26 17:45 <DIR> d-------- C:\Programs\Trend Micro
2001-09-26 17:29 <DIR> d-------- C:\!KillBox
2001-09-26 17:13 1,334 --a------ C:\WINDOWS.0\system32\tmp.reg
2001-09-26 16:35 <DIR> d-------- C:\Programs\Online Video Add-on
2001-09-23 18:08 <DIR> d-------- C:\WINDOWS.0\ShellNew
2001-09-20 11:08 22,752 --a------ C:\WINDOWS.0\system32\spupdsvc.exe
2001-09-20 00:03 82,944 --------- C:\WINDOWS.0\system32\dllcache\wdmaud.sys
2001-09-20 00:03 6,400 --------- C:\WINDOWS.0\system32\dllcache\splitter.sys
2001-09-20 00:03 27,648 --------- C:\WINDOWS.0\system32\dllcache\jgpl400.dll
2001-09-20 00:03 172,416 --------- C:\WINDOWS.0\system32\dllcache\kmixer.sys
2001-09-20 00:03 163,840 --------- C:\WINDOWS.0\system32\dllcache\jgdw400.dll
2001-09-20 00:02 <DIR> d--h----- C:\WINDOWS.0\$hf_mig$
2001-09-13 19:30 89,184 -ra------ C:\WINDOWS.0\system32\drivers\imagedrv.sys
2001-09-13 19:30 569,344 -ra------ C:\WINDOWS.0\system32\imagr5.dll
2001-09-13 19:30 544,768 -ra------ C:\WINDOWS.0\system32\imagx5.dll
2001-09-13 19:30 38,912 -ra------ C:\WINDOWS.0\system32\picn20.dll
2001-09-13 19:30 283,920 -ra------ C:\WINDOWS.0\system32\ImagXpr5.dll
2001-09-13 19:29 155,648 -ra------ C:\WINDOWS.0\system32\NeroCheck.exe
2001-09-13 19:29 <DIR> d-------- C:\Programs\Common Files\Ahead
2001-09-13 19:29 <DIR> d-------- C:\Programs\Ahead
2001-09-11 20:10 <DIR> d--h----- C:\Programs\InstallShield Installation Information
2001-09-11 20:10 <DIR> d-------- C:\Programs\CyberLink
2001-09-10 21:24 <DIR> d-------- C:\Programs\SiS7012
2001-09-10 21:23 <DIR> d-------- C:\Programs\Common Files\InstallShield
2001-09-10 21:22 <DIR> d-------- C:\unzipped
2001-09-10 20:01 304,640 --a------ C:\WINDOWS.0\IsUn0405.exe
2001-09-10 20:01 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2001-09-08 11:16 <DIR> d--hs---- C:\FOUND.000
2001-08-27 12:37 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-08-11 15:51 --------- d-------- C:\Programs\Hewlett-Packard
2007-08-11 15:51 --------- d-------- C:\Programs\Common Files\Hewlett-Packard
2007-08-09 20:04 --------- d-------- C:\Programs\HP
2007-08-09 20:04 --------- d-------- C:\Programs\Common Files\HP
2007-08-09 19:57 --------- d-------- C:\Programs\QIP
2007-08-06 12:14 --------- d-------- C:\Programs\microsoft frontpage
2007-04-20 22:29 142976 --a------ C:\WINDOWS.0\system32\drivers\usbport.sys
2007-04-20 20:34 80000 --a------ C:\WINDOWS.0\system32\drivers\parport.sys
2007-04-20 20:34 63744 --a------ C:\WINDOWS.0\system32\drivers\mf.sys
2007-04-20 20:34 61824 --a------ C:\WINDOWS.0\system32\drivers\nic1394.sys
2007-04-20 20:34 60800 --a------ C:\WINDOWS.0\system32\drivers\arp1394.sys
2007-04-20 20:34 58112 --a------ C:\WINDOWS.0\system32\drivers\vdmindvd.sys
2007-04-20 20:34 51712 --a------ C:\WINDOWS.0\system32\drivers\tosdvd.sys
2007-04-20 20:34 46336 --a------ C:\WINDOWS.0\system32\drivers\p3.sys
2007-04-20 20:34 4352 --a------ C:\WINDOWS.0\system32\drivers\swenum.sys
2007-04-20 20:34 41216 --a------ C:\WINDOWS.0\system32\drivers\amdk7.sys
2007-04-20 20:34 40832 --a------ C:\WINDOWS.0\system32\drivers\amdk6.sys
2007-04-20 20:34 40320 --a------ C:\WINDOWS.0\system32\drivers\crusoe.sys
2007-04-20 20:34 39168 --a------ C:\WINDOWS.0\system32\drivers\processr.sys
2007-04-20 20:34 30080 --a------ C:\WINDOWS.0\system32\drivers\modem.sys
2007-04-20 20:34 262528 --a------ C:\WINDOWS.0\system32\drivers\cinemst2.sys
2007-04-20 20:34 25472 --a------ C:\WINDOWS.0\system32\drivers\sonydcam.sys
2007-04-20 20:34 23936 --a------ C:\WINDOWS.0\system32\drivers\usbcamd2.sys
2007-04-20 20:34 23808 --a------ C:\WINDOWS.0\system32\drivers\usbcamd.sys
2007-04-20 20:34 23040 --a------ C:\WINDOWS.0\system32\drivers\mouclass.sys
2007-04-20 20:34 21376 --a------ C:\WINDOWS.0\system32\drivers\tsbvcap.sys
2007-04-20 20:34 18688 --a------ C:\WINDOWS.0\system32\drivers\cdaudio.sys
2007-04-20 20:34 16000 --a------ C:\WINDOWS.0\system32\drivers\usbintel.sys
2007-04-20 20:34 15488 --a------ C:\WINDOWS.0\system32\drivers\mssmbios.sys
2007-04-20 20:34 12928 --a------ C:\WINDOWS.0\system32\drivers\ndisuio.sys
2007-04-20 20:34 12416 --a------ C:\WINDOWS.0\system32\drivers\tunmp.sys
2007-04-20 20:34 12160 --a------ C:\WINDOWS.0\system32\drivers\fsvga.sys
2007-04-20 20:34 12032 --a------ C:\WINDOWS.0\system32\drivers\riodrv.sys
2007-04-20 20:34 12032 --a------ C:\WINDOWS.0\system32\drivers\rio8drv.sys
2007-04-20 20:34 12032 --a------ C:\WINDOWS.0\system32\drivers\nikedrv.sys
2007-04-20 20:34 11776 --a------ C:\WINDOWS.0\system32\drivers\cpqdap01.sys
2007-04-20 20:29 360576 --a------ C:\WINDOWS.0\system32\drivers\tcpip.sys
2007-04-20 20:24 225664 --a------ C:\WINDOWS.0\system32\drivers\tcpip6.sys
2007-04-20 20:24 163456 --a------ C:\WINDOWS.0\system32\drivers\nwrdr.sys
2007-02-09 13:10 574464 --a------ C:\WINDOWS.0\system32\drivers\ntfs.sys
2006-08-21 11:14 128896 --a------ C:\WINDOWS.0\system32\drivers\fltMgr.sys
2006-08-14 12:34 332928 --a------ C:\WINDOWS.0\system32\drivers\srv.sys
2006-07-13 10:48 202240 --a------ C:\WINDOWS.0\system32\drivers\RMCast.sys
2006-06-14 11:00 82944 --a------ C:\WINDOWS.0\system32\drivers\wdmaud.sys
2006-06-14 10:47 6400 --a------ C:\WINDOWS.0\system32\drivers\splitter.sys
2006-06-14 10:47 172416 --a------ C:\WINDOWS.0\system32\drivers\kmixer.sys
2006-05-05 11:47 174592 --a------ C:\WINDOWS.0\system32\drivers\rdbss.sys
2006-05-05 11:41 453120 --a------ C:\WINDOWS.0\system32\drivers\mrxsmb.sys
2006-03-17 02:33 262784 --a------ C:\WINDOWS.0\system32\drivers\http.sys
2006-02-15 02:22 142464 --a------ C:\WINDOWS.0\system32\drivers\aec.sys
2005-06-10 06:11 139528 --a------ C:\WINDOWS.0\system32\drivers\rdpwd.sys
2004-09-30 00:28 134912 --a------ C:\WINDOWS.0\system32\drivers\ipnat.sys
2004-08-17 15:49 40840 --a------ C:\WINDOWS.0\system32\drivers\termdd.sys
2004-08-17 15:49 21896 --a------ C:\WINDOWS.0\system32\drivers\tdtcp.sys
2004-08-17 15:49 12040 --a------ C:\WINDOWS.0\system32\drivers\tdpipe.sys
2004-08-17 15:45 73344 --a------ C:\WINDOWS.0\system32\drivers\sr.sys
2004-08-17 15:43 58240 --a------ C:\WINDOWS.0\system32\drivers\redbook.sys
2004-08-17 13:45 800000 --a------ C:\WINDOWS.0\system32\drivers\dmboot.sys
2004-08-17 13:45 24576 --a------ C:\WINDOWS.0\system32\drivers\kbdclass.sys
2004-08-17 13:45 153856 --a------ C:\WINDOWS.0\system32\drivers\dmio.sys
2004-08-17 13:44 64640 --a------ C:\WINDOWS.0\system32\drivers\serial.sys
2004-08-17 13:44 52480 --a------ C:\WINDOWS.0\system32\drivers\volsnap.sys
2004-08-17 13:44 52352 --a------ C:\WINDOWS.0\system32\drivers\i8042prt.sys
2004-08-17 13:44 39936 --a------ C:\WINDOWS.0\system32\drivers\intelppm.sys
2004-08-17 13:43 68736 --a------ C:\WINDOWS.0\system32\drivers\pci.sys
2004-08-17 13:43 188288 --a------ C:\WINDOWS.0\system32\drivers\acpi.sys
2004-08-17 13:43 119808 --a------ C:\WINDOWS.0\system32\drivers\pcmcia.sys
2004-08-03 23:15 60800 --a------ C:\WINDOWS.0\system32\drivers\sysaudio.sys
2004-08-03 23:15 145792 --a------ C:\WINDOWS.0\system32\drivers\portcls.sys
2004-08-03 23:15 140928 --a------ C:\WINDOWS.0\system32\drivers\ks.sys
2004-08-03 23:08 60288 --a------ C:\WINDOWS.0\system32\drivers\drmk.sys
2004-08-03 23:08 48640 --a------ C:\WINDOWS.0\system32\drivers\stream.sys
2004-08-03 23:08 31616 --a------ C:\WINDOWS.0\system32\drivers\usbccgp.sys
2004-08-03 23:08 10624 --a------ C:\WINDOWS.0\system32\drivers\gameenum.sys
2004-08-03 23:07 52864 --a------ C:\WINDOWS.0\system32\drivers\DMusic.sys
2004-08-03 23:07 41088 --a------ C:\WINDOWS.0\system32\drivers\SISAGP.SYS
2004-08-03 23:07 2944 --a------ C:\WINDOWS.0\system32\drivers\drmkaud.sys
2004-08-03 23:01 25856 --a------ C:\WINDOWS.0\system32\drivers\usbprint.sys
2004-08-03 23:01 196864 --a------ C:\WINDOWS.0\system32\drivers\rdpdr.sys
2004-08-03 22:58 7552 --a------ C:\WINDOWS.0\system32\drivers\MSKSSRV.sys
2004-08-03 22:58 5376 --a------ C:\WINDOWS.0\system32\drivers\MSPCLOCK.sys
2004-08-03 22:58 4992 --a------ C:\WINDOWS.0\system32\drivers\MSPQM.sys
2004-08-03 22:58 15104 --a------ C:\WINDOWS.0\system32\drivers\usbscan.sys
2004-08-03 22:29 1897408 --a------ C:\WINDOWS.0\system32\drivers\nv4_mini.sys
2004-08-03 21:15 107904 --a------ C:\WINDOWS.0\system32\drivers\mup.sys
2004-08-03 21:14 91776 --a------ C:\WINDOWS.0\system32\drivers\ndiswan.sys
2004-08-03 21:14 74752 --a------ C:\WINDOWS.0\system32\drivers\ipsec.sys
2004-08-03 21:14 63744 --a------ C:\WINDOWS.0\system32\drivers\cdfs.sys
2004-08-03 21:14 51328 --a------ C:\WINDOWS.0\system32\drivers\rasl2tp.sys
2004-08-03 21:14 49664 --a------ C:\WINDOWS.0\system32\drivers\classpnp.sys
2004-08-03 21:14 48384 --a------ C:\WINDOWS.0\system32\drivers\raspptp.sys
2004-08-03 21:14 182912 --a------ C:\WINDOWS.0\system32\drivers\ndis.sys
2004-08-03 21:14 162816 --a------ C:\WINDOWS.0\system32\drivers\netbt.sys
2004-08-03 21:14 143360 --a------ C:\WINDOWS.0\system32\drivers\fastfat.sys
2004-08-03 21:14 138496 --a------ C:\WINDOWS.0\system32\drivers\afd.sys
2004-08-03 21:08 57600 --a------ C:\WINDOWS.0\system32\drivers\usbhub.sys
2004-08-03 21:08 36224 --a------ C:\WINDOWS.0\system32\drivers\hidclass.sys
2004-08-03 21:08 24960 --a------ C:\WINDOWS.0\system32\drivers\hidparse.sys
2004-08-03 21:08 17024 --a------ C:\WINDOWS.0\system32\drivers\usbohci.sys
2004-08-03 21:07 79744 --a------ C:\WINDOWS.0\system32\drivers\videoprt.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D579A683-0CC7-4023-BAE7-0544D0D1DA3A}]
2001-09-26 17:33 11264 --a------ C:\Programs\Online Video Add-on\isfmdl.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{41F6170D-6AF8-4188-8D92-9DDAB3C71A78}"= C:\Programs\Online Video Add-on\ictmdl.dll [2001-09-26 16:35 63488]
[HKEY_CLASSES_ROOT\CLSID\{41F6170D-6AF8-4188-8D92-9DDAB3C71A78}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="C:\Programs\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"=0 (0x0)
"DisableStatusMessages"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceStartMenuLogoff"=0 (0x0)
"NoSMConfigurePrograms"=1 (0x1)
"NoUserNameInStartMenu"=1 (0x1)
"NoRecentDocsMenu"=1 (0x1)
"NoRecentDocsHistory"=1 (0x1)
"ForceClassicControlPanel"=1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"StartMenuLogoff"=1 (0x1)
"ForceStartMenuLogoff"=0 (0x0)
"NoSMConfigurePrograms"=1 (0x1)
"NoUserNameInStartMenu"=1 (0x1)
"NoRecentDocsMenu"=1 (0x1)
"NoRecentDocsHistory"=1 (0x1)
"ForceClassicControlPanel"=1 (0x1)
R2 SMTPSVC;Simple Mail Transport Protocol (SMTP);C:\WINDOWS.0\system32\inetsrv\inetinfo.exe
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS.0\system32\DRIVERS\psched.sys
R3 SiS7012;Service for AC'97 Sample Driver (WDM);C:\WINDOWS.0\system32\drivers\sis7012.sys
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService Alerter WebClient LmHosts upnphost SSDPSRV
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Schedule
.
Contents of the 'Scheduled Tasks' folder
"2001-09-26 16:04:08 C:\WINDOWS.0\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#998409835.job"
- C:\Programs\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe
"2001-09-26 16:04:14 C:\WINDOWS.0\Tasks\WebReg 20010926180411.job"
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-27 18:46:21
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Schedule]
"ServiceDll"="%SystemRoot%\system32\schedsvc.dll"
.
Completion time: 2007-09-27 18:47:31 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-27 18:47
.
--- E O F ---
Poradí někdo ohledně zrušení Security Toolbar7.1? (Vyřešeno) Vyřešeno
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Na log se ti podívám. ale bude to chvíli trvat.
K logu z HJT, nemáš tam vůbec žádné zabezpečení. Minimálně si tam zatím doinstaluj antivir.
Otestuj zatím některý z těchto souborů na VirusTotall a vlož sem výsledek.
C:\Programs\Online Video Add-on\ictmdl.dll
C:\Programs\Online Video Add-on\isfmdl.dll
C:\Programs\Online Video Add-on\icthis.exe
C:\Programs\Online Video Add-on\isfmntr.exe
Zatím ještě Pc projeď tímto a vlož sem z něho log.
Stáhni si SUPERAntiSpyware
Nainstaluj a spusť ho a klikni na tlačítko Check for Updates...
Po provedení Update klikni na tlačítko: Scan your computer
Zvol možnost: Perform Complete Scan a klikni na tlačítko Další >
Proběhne kontrola, po skončení vypíše vše co našel.
Ujisti se že všechny položko jsou zaškrtnuty a pak zvol tlačítko Další
Pak klikni na tlačítko Finish a měl by ses dostat na úvodní obrazovku.
Tam klikni na tlačítko: Preferences... a tam zvol záložku Statistics/Logs
Tam klikni na log s dnešním datem který tam bude a dej tlačítko: View Log...
Otevře se ti Okno s logem tak jeho obsah sem zkopíruj.
K logu z HJT, nemáš tam vůbec žádné zabezpečení. Minimálně si tam zatím doinstaluj antivir.
Otestuj zatím některý z těchto souborů na VirusTotall a vlož sem výsledek.
C:\Programs\Online Video Add-on\ictmdl.dll
C:\Programs\Online Video Add-on\isfmdl.dll
C:\Programs\Online Video Add-on\icthis.exe
C:\Programs\Online Video Add-on\isfmntr.exe
Zatím ještě Pc projeď tímto a vlož sem z něho log.
Stáhni si SUPERAntiSpyware
Nainstaluj a spusť ho a klikni na tlačítko Check for Updates...
Po provedení Update klikni na tlačítko: Scan your computer
Zvol možnost: Perform Complete Scan a klikni na tlačítko Další >
Proběhne kontrola, po skončení vypíše vše co našel.
Ujisti se že všechny položko jsou zaškrtnuty a pak zvol tlačítko Další
Pak klikni na tlačítko Finish a měl by ses dostat na úvodní obrazovku.
Tam klikni na tlačítko: Preferences... a tam zvol záložku Statistics/Logs
Tam klikni na log s dnešním datem který tam bude a dej tlačítko: View Log...
Otevře se ti Okno s logem tak jeho obsah sem zkopíruj.
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 09/27/2007 at 08:38 PM
Application Version : 3.9.1008
Core Rules Database Version : 3313
Trace Rules Database Version: 1316
Scan type : Complete Scan
Total Scan Time : 00:26:18
Memory items scanned : 317
Memory threats detected : 4
Registry items scanned : 3552
Registry threats detected : 17
File items scanned : 20494
File threats detected : 93
Trojan.Media-Codec/V4
C:\PROGRAMS\ONLINE VIDEO ADD-ON\ICTHIS.EXE
C:\PROGRAMS\ONLINE VIDEO ADD-ON\ICTHIS.EXE
C:\PROGRAMS\ONLINE VIDEO ADD-ON\ICMNTR.EXE
C:\PROGRAMS\ONLINE VIDEO ADD-ON\ICMNTR.EXE
C:\PROGRAMS\ONLINE VIDEO ADD-ON\ICTMDL.DLL
C:\PROGRAMS\ONLINE VIDEO ADD-ON\ICTMDL.DLL
C:\PROGRAMS\ONLINE VIDEO ADD-ON\ISFMDL.DLL
C:\PROGRAMS\ONLINE VIDEO ADD-ON\ISFMDL.DLL
[some] C:\PROGRAMS\ONLINE VIDEO ADD-ON\ICTHIS.EXE
HKLM\Software\Classes\CLSID\{41F6170D-6AF8-4188-8D92-9DDAB3C71A78}
HKCR\CLSID\{41F6170D-6AF8-4188-8D92-9DDAB3C71A78}
HKCR\CLSID\{41F6170D-6AF8-4188-8D92-9DDAB3C71A78}
HKCR\CLSID\{41F6170D-6AF8-4188-8D92-9DDAB3C71A78}\Implemented Categories
HKCR\CLSID\{41F6170D-6AF8-4188-8D92-9DDAB3C71A78}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
HKCR\CLSID\{41F6170D-6AF8-4188-8D92-9DDAB3C71A78}\InprocServer32
HKCR\CLSID\{41F6170D-6AF8-4188-8D92-9DDAB3C71A78}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{D579A683-0CC7-4023-BAE7-0544D0D1DA3A}
HKCR\CLSID\{D579A683-0CC7-4023-BAE7-0544D0D1DA3A}
HKCR\CLSID\{D579A683-0CC7-4023-BAE7-0544D0D1DA3A}#xxx
HKCR\CLSID\{D579A683-0CC7-4023-BAE7-0544D0D1DA3A}\InprocServer32
HKCR\CLSID\{D579A683-0CC7-4023-BAE7-0544D0D1DA3A}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D579A683-0CC7-4023-BAE7-0544D0D1DA3A}
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{41F6170D-6AF8-4188-8D92-9DDAB3C71A78}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#some [ C:\Programs\Online Video Add-on\icthis.exe ]
C:\Programs\Online Video Add-on\isfmntr.exe
C:\Programs\Online Video Add-on\isfun.exe
C:\Programs\Online Video Add-on\icun.exe
C:\Programs\Online Video Add-on\isfmm.exe
C:\Programs\Online Video Add-on\ictun.exe
C:\Programs\Online Video Add-on\ts.ico
C:\Programs\Online Video Add-on\ot.ico
C:\Programs\Online Video Add-on
HKU\S-1-5-21-507921405-113007714-1060284298-500\Software\Online Add-on
C:\WINDOWS.0\Prefetch\ISFMNTR.EXE-1A20C8AC.pf
C:\WINDOWS.0\Prefetch\ICTHIS.EXE-39ECBFC5.pf
C:\WINDOWS.0\Prefetch\ISFMM.EXE-38A3135B.pf
C:\WINDOWS.0\Prefetch\ICMNTR.EXE-1D80F2AF.pf
C:\WINDOWS.0\Prefetch\ISFUN.EXE-307A091A.pf
Adware.Tracking Cookie
C:\Documents and Settings\Administrator\Cookies\administrator@counter16.sextracker[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@counter.cnw[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@counter11.sextracker[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@movies.spacash[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@statse.webtrendslive[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@sextracker[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@yadro[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@pornbeach[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adultfriendfinder[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@please[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adultadworld[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@please[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.viruslocker[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.malwareburn[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@counter6.sextracker[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@toplist[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@sexlist[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@amateur-porn-links[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@image.masterstats[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@xxxcounter[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.theporntoplist[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@please[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@18.freepornsexgalleries[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@paycounter[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@toplist[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@in[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.counter[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@fpc[1].txt
Browser Hijacker.Favorites
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\OBLíBENé POLOžKY\ONLINE SECURITY TEST.URL
Trojan.Smitfraud Variant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F77B5FEF-9B21-4C90-BCFF-AC0FF43E5FE9}\RP17\A0004091.DLL
Trace.Known Threat Sources
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\YH0ST3MW\block_bg[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8OOA112L\logo_bot[1].jpg
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SSI1QQW4\slogan[1].jpg
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\YH0ST3MW\line_dotted[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\H0A2LM5O\main[1].css
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\H0A2LM5O\home[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SSI1QQW4\button_company_pressed[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SSI1QQW4\button_privacy[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8OOA112L\fl_sep[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8OOA112L\button_affiliates[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\YH0ST3MW\b_r[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\H0A2LM5O\btn_get[1].jpg
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8OOA112L\icon_update[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\H0A2LM5O\blur[1].jpg
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8OOA112L\logo_top[1].jpg
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\H0A2LM5O\logo[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8OOA112L\test[1].swf
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SSI1QQW4\nav_r[1].jpg
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\H0A2LM5O\r[1].jpg
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8OOA112L\b_l[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SSI1QQW4\nav_bg[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8OOA112L\button_support_pressed[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SSI1QQW4\style[2].css
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\H0A2LM5O\fl_l[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SSI1QQW4\top_bg[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SSI1QQW4\bul[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8OOA112L\button_download[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\H0A2LM5O\flag_uk[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8OOA112L\h[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\H0A2LM5O\special_offer[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\H0A2LM5O\flash_bg[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\YH0ST3MW\button_company[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\YH0ST3MW\button_buy[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SSI1QQW4\screen[1].jpg
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SSI1QQW4\flag_fr[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SSI1QQW4\main_bg_fill[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8OOA112L\button_support[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SSI1QQW4\button_features[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\YH0ST3MW\email[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8OOA112L\features[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8OOA112L\images[1].js
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SSI1QQW4\button_buy_pressed[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\H0A2LM5O\button_privacy_pressed[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\H0A2LM5O\bn_download[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SSI1QQW4\icon_scan[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8OOA112L\top_bg[1].gif
http://www.superantispyware.com
Generated 09/27/2007 at 08:38 PM
Application Version : 3.9.1008
Core Rules Database Version : 3313
Trace Rules Database Version: 1316
Scan type : Complete Scan
Total Scan Time : 00:26:18
Memory items scanned : 317
Memory threats detected : 4
Registry items scanned : 3552
Registry threats detected : 17
File items scanned : 20494
File threats detected : 93
Trojan.Media-Codec/V4
C:\PROGRAMS\ONLINE VIDEO ADD-ON\ICTHIS.EXE
C:\PROGRAMS\ONLINE VIDEO ADD-ON\ICTHIS.EXE
C:\PROGRAMS\ONLINE VIDEO ADD-ON\ICMNTR.EXE
C:\PROGRAMS\ONLINE VIDEO ADD-ON\ICMNTR.EXE
C:\PROGRAMS\ONLINE VIDEO ADD-ON\ICTMDL.DLL
C:\PROGRAMS\ONLINE VIDEO ADD-ON\ICTMDL.DLL
C:\PROGRAMS\ONLINE VIDEO ADD-ON\ISFMDL.DLL
C:\PROGRAMS\ONLINE VIDEO ADD-ON\ISFMDL.DLL
[some] C:\PROGRAMS\ONLINE VIDEO ADD-ON\ICTHIS.EXE
HKLM\Software\Classes\CLSID\{41F6170D-6AF8-4188-8D92-9DDAB3C71A78}
HKCR\CLSID\{41F6170D-6AF8-4188-8D92-9DDAB3C71A78}
HKCR\CLSID\{41F6170D-6AF8-4188-8D92-9DDAB3C71A78}
HKCR\CLSID\{41F6170D-6AF8-4188-8D92-9DDAB3C71A78}\Implemented Categories
HKCR\CLSID\{41F6170D-6AF8-4188-8D92-9DDAB3C71A78}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
HKCR\CLSID\{41F6170D-6AF8-4188-8D92-9DDAB3C71A78}\InprocServer32
HKCR\CLSID\{41F6170D-6AF8-4188-8D92-9DDAB3C71A78}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{D579A683-0CC7-4023-BAE7-0544D0D1DA3A}
HKCR\CLSID\{D579A683-0CC7-4023-BAE7-0544D0D1DA3A}
HKCR\CLSID\{D579A683-0CC7-4023-BAE7-0544D0D1DA3A}#xxx
HKCR\CLSID\{D579A683-0CC7-4023-BAE7-0544D0D1DA3A}\InprocServer32
HKCR\CLSID\{D579A683-0CC7-4023-BAE7-0544D0D1DA3A}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D579A683-0CC7-4023-BAE7-0544D0D1DA3A}
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{41F6170D-6AF8-4188-8D92-9DDAB3C71A78}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#some [ C:\Programs\Online Video Add-on\icthis.exe ]
C:\Programs\Online Video Add-on\isfmntr.exe
C:\Programs\Online Video Add-on\isfun.exe
C:\Programs\Online Video Add-on\icun.exe
C:\Programs\Online Video Add-on\isfmm.exe
C:\Programs\Online Video Add-on\ictun.exe
C:\Programs\Online Video Add-on\ts.ico
C:\Programs\Online Video Add-on\ot.ico
C:\Programs\Online Video Add-on
HKU\S-1-5-21-507921405-113007714-1060284298-500\Software\Online Add-on
C:\WINDOWS.0\Prefetch\ISFMNTR.EXE-1A20C8AC.pf
C:\WINDOWS.0\Prefetch\ICTHIS.EXE-39ECBFC5.pf
C:\WINDOWS.0\Prefetch\ISFMM.EXE-38A3135B.pf
C:\WINDOWS.0\Prefetch\ICMNTR.EXE-1D80F2AF.pf
C:\WINDOWS.0\Prefetch\ISFUN.EXE-307A091A.pf
Adware.Tracking Cookie
C:\Documents and Settings\Administrator\Cookies\administrator@counter16.sextracker[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@counter.cnw[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@counter11.sextracker[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@movies.spacash[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@statse.webtrendslive[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@sextracker[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@yadro[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@pornbeach[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adultfriendfinder[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@please[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adultadworld[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@please[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.viruslocker[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.malwareburn[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@counter6.sextracker[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@toplist[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@sexlist[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@amateur-porn-links[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@image.masterstats[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@xxxcounter[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.theporntoplist[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@please[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@18.freepornsexgalleries[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@paycounter[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@toplist[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@in[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.counter[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@fpc[1].txt
Browser Hijacker.Favorites
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\OBLíBENé POLOžKY\ONLINE SECURITY TEST.URL
Trojan.Smitfraud Variant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F77B5FEF-9B21-4C90-BCFF-AC0FF43E5FE9}\RP17\A0004091.DLL
Trace.Known Threat Sources
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\YH0ST3MW\block_bg[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8OOA112L\logo_bot[1].jpg
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SSI1QQW4\slogan[1].jpg
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\YH0ST3MW\line_dotted[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\H0A2LM5O\main[1].css
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\H0A2LM5O\home[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SSI1QQW4\button_company_pressed[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SSI1QQW4\button_privacy[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8OOA112L\fl_sep[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8OOA112L\button_affiliates[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\YH0ST3MW\b_r[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\H0A2LM5O\btn_get[1].jpg
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8OOA112L\icon_update[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\H0A2LM5O\blur[1].jpg
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8OOA112L\logo_top[1].jpg
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\H0A2LM5O\logo[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8OOA112L\test[1].swf
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SSI1QQW4\nav_r[1].jpg
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\H0A2LM5O\r[1].jpg
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8OOA112L\b_l[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SSI1QQW4\nav_bg[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8OOA112L\button_support_pressed[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SSI1QQW4\style[2].css
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\H0A2LM5O\fl_l[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SSI1QQW4\top_bg[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SSI1QQW4\bul[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8OOA112L\button_download[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\H0A2LM5O\flag_uk[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8OOA112L\h[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\H0A2LM5O\special_offer[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\H0A2LM5O\flash_bg[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\YH0ST3MW\button_company[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\YH0ST3MW\button_buy[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SSI1QQW4\screen[1].jpg
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SSI1QQW4\flag_fr[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SSI1QQW4\main_bg_fill[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8OOA112L\button_support[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SSI1QQW4\button_features[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\YH0ST3MW\email[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8OOA112L\features[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8OOA112L\images[1].js
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SSI1QQW4\button_buy_pressed[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\H0A2LM5O\button_privacy_pressed[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\H0A2LM5O\bn_download[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SSI1QQW4\icon_scan[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8OOA112L\top_bg[1].gif
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:52:31, on 27.9.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\Explorer.EXE
C:\WINDOWS.0\system32\spoolsv.exe
C:\Programs\CyberLink\PowerDVD\PDVDServ.exe
C:\Programs\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programs\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programs\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Programs\WinZip\WZQKPICK.EXE
C:\WINDOWS.0\system32\inetsrv\inetinfo.exe
C:\WINDOWS.0\system32\svchost.exe
C:\Programs\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Programs\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Programs\internet explorer\iexplore.exe
C:\Programs\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
O4 - HKLM\..\Run: [RemoteControl] C:\Programs\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programs\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programs\WinZip\WZQKPICK.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Programs\Microsoft Office\Office\OSA9.EXE
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/S ... anager.ocx
O20 - Winlogon Notify: !SASWinLogon - C:\Programs\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS.0\system32\HPZipm12.exe
--
End of file - 2754 bytes
Scan saved at 20:52:31, on 27.9.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\Explorer.EXE
C:\WINDOWS.0\system32\spoolsv.exe
C:\Programs\CyberLink\PowerDVD\PDVDServ.exe
C:\Programs\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programs\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programs\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Programs\WinZip\WZQKPICK.EXE
C:\WINDOWS.0\system32\inetsrv\inetinfo.exe
C:\WINDOWS.0\system32\svchost.exe
C:\Programs\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Programs\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Programs\internet explorer\iexplore.exe
C:\Programs\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
O4 - HKLM\..\Run: [RemoteControl] C:\Programs\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programs\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programs\WinZip\WZQKPICK.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Programs\Microsoft Office\Office\OSA9.EXE
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/S ... anager.ocx
O20 - Winlogon Notify: !SASWinLogon - C:\Programs\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS.0\system32\HPZipm12.exe
--
End of file - 2754 bytes
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Log vypadá dobře ale jak jsem už psal nemáš vůbec zabezpečené PC.
Nainstaluj si antivir a projeď s ním Pc.
Pro lepší zabezpečení by bylo dobré si doinstalovat firewall, můžeš si vybrat některý zde uvedený nebo některý jiný z odkazu: Přehled osobních firewallů
Firewally zdarma:
Comodo - kvalitní, pokročilý, s mnoha funkcemi, originálně v angličtině, čeština by měla být asi až od verze 3 která by se měl objevit v brzké době
Kerio - přehledný, větší možnosti nastavení, náročnější na systémové prostředky, v češtině
ZoneAlarm - jednoduchý, kompatibilní, nenáročný na systémové prostředky, málo možností nastavení, v angličtině
Máš ještě problémy?
Nainstaluj si antivir a projeď s ním Pc.
Pro lepší zabezpečení by bylo dobré si doinstalovat firewall, můžeš si vybrat některý zde uvedený nebo některý jiný z odkazu: Přehled osobních firewallů
Firewally zdarma:
Comodo - kvalitní, pokročilý, s mnoha funkcemi, originálně v angličtině, čeština by měla být asi až od verze 3 která by se měl objevit v brzké době
Kerio - přehledný, větší možnosti nastavení, náročnější na systémové prostředky, v češtině
ZoneAlarm - jednoduchý, kompatibilní, nenáročný na systémové prostředky, málo možností nastavení, v angličtině
Máš ještě problémy?
Zpět na “Viry, antiviry, firewally…”
Kdo je online
Uživatelé prohlížející si toto fórum: Google [Bot] a 5 hostů