Virus Alert !! Vyřešeno
Virus Alert !!
Chytl jsem virus protoze vedle hodin mam napis VIRUS ALERT...na plose mi zmzeli nektere ikony a ostatni zamrzli jedine co mohu delat je ovladat minimum programu ve spodni liste..Z plochy se stal odkaz na nejake stranky..nechci na odkaz klikat abych nechytl dalsi virus..je tam napsano: "YOUR PRIVACY IS IN DANGER!" Download privacy protection software now" bohuzel nemohu poslat ani HJT log protoze se do programu nedostanu :( .
Re: Virus Alert !!
A jeste jsem zjisti ze obrazek lze zmensit a odsunout mysi do prava...ale ikony se mi porad nezobrazuji ty ktere mi zmizely.Mohu i zobrazit cestu souboru: soubor nese nazev spacer.gif a cesta je: file:///c:/WINDOWS/privacy_danger/images/spacer.gif mam cestu najit a smazat?? nebo mam zvolit jiny zpusob??
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43293
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Virus Alert !!
Nejlepší bude , pokud do compu dostaneš ComboFix, třeba na CD od kamaráda, pokud stahování nefunguje.
Pokud máš SpywareTerminátor vypni rezidentní štít.Odpoj se od sítě.
Stáhni si ComboFix (by sUBs)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud máš SpywareTerminátor vypni rezidentní štít.Odpoj se od sítě.
Stáhni si ComboFix (by sUBs)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Virus Alert !!
Myslim že probléém je vyřešen :) dokonce jsem i zprovoznil dlouho nefungující bránu firewall systemu windows ale pro jistou přikládám log z ComboFixu
ComboFix 08-09-05.03 - Lukin 2008-09-07 17:34:51.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1029.18.1438 [GMT 2:00]
Spusteny z: C:\Documents and Settings\Lukin\Plocha\ComboFix.exe
* Vytvoren novy Bod Obnoveni
* Resident AV is active
VAROVANI - NA TOMTO POCITACI NENI NAINSTALOVANA KONZOLA PRO ZOTAVENI !!
.
((((((((((((((((((((((((((((((((((((((( Ostatni vymazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Lukin\Local Settings\Temporary Internet Files\MAILTRAN.INI
C:\Documents and Settings\Lukin\Local Settings\Temporary Internet Files\TRNCOM.INI
C:\Documents and Settings\Lukin\Oblíbené položky\Error Cleaner.url
C:\Documents and Settings\Lukin\Oblíbené položky\Privacy Protector.url
C:\Documents and Settings\Lukin\Oblíbené položky\Spyware&Malware Protection.url
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\edno.exe
C:\WINDOWS\gksraemq.dll
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\system32\awttqOif.dll
C:\WINDOWS\system32\plugin1.dat
C:\WINDOWS\vanwxemgkmx.dll
.
((((((((((((((((((((((((( Soubory vytvorene od 2008-08-07 do 2008-09-07 )))))))))))))))))))))))))))))))
.
2008-09-07 16:12 . 2008-09-07 14:19 143,360 --a------ C:\WINDOWS\sxmaokgf.exe
2008-09-07 13:35 . 2004-01-05 14:04 38,871 --------- C:\WINDOWS\hpomdl03.dat.temp
2008-09-07 13:35 . 2006-07-16 15:45 29,236 --------- C:\WINDOWS\hpoins03.dat.temp
2008-09-06 23:07 . 2008-09-06 23:07 <DIR> d-------- C:\Program Files\Google
2008-09-06 23:07 . 2008-04-08 01:16 9,200 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-09-06 23:07 . 2008-04-08 01:16 9,072 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-09-06 23:02 . 2008-09-06 23:02 <DIR> d-------- C:\Program Files\filehippo.com
2008-09-06 22:30 . 2008-09-06 22:30 <DIR> d-------- C:\Program Files\Longman
2008-09-06 22:20 . 2008-09-06 22:20 <DIR> d-------- C:\Program Files\Uniblue
2008-09-06 20:11 . 2008-09-06 20:11 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-09-06 20:11 . 2008-09-06 20:11 <DIR> d-------- C:\Program Files\Common Files\Nokia
2008-09-06 20:11 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-09-06 20:10 . 2008-09-06 20:10 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-09-06 20:09 . 2008-09-06 20:11 <DIR> d-------- C:\Program Files\Nokia
2008-09-06 19:19 . 2008-09-06 19:19 <DIR> d-------- C:\Program Files\Fireluke
2008-09-06 18:58 . 2008-09-06 18:58 <DIR> d-------- C:\Program Files\uTorrent
2008-09-06 18:28 . 2008-09-06 18:28 <DIR> d-------- C:\Program Files\MyPhoneExplorer
2008-09-06 18:28 . 2008-09-06 18:32 <DIR> d-------- C:\Documents and Settings\Lukin\Data aplikací\MyPhoneExplorer
2008-09-06 18:28 . 2008-09-06 18:44 <DIR> d-a------ C:\Documents and Settings\All Users\Data aplikací\TEMP
2008-09-06 16:29 . 2008-09-06 16:29 <DIR> d-------- C:\Program Files\VDOWNLOADER
2008-09-06 16:14 . 2008-09-06 16:19 <DIR> d-------- C:\Program Files\Teamspeak2_RC2
2008-09-06 15:51 . 2008-09-06 16:03 <DIR> d-------- C:\Program Files\Scorpions WinCheater
2008-09-06 12:42 . 2008-09-06 12:42 <DIR> d-------- C:\Program Files\QIP Infium
2008-08-30 11:52 . 2008-08-30 11:52 <DIR> d-------- C:\Program Files\Skype
2008-08-29 19:18 . 2008-08-29 19:18 2,302,017 --a------ C:\WINDOWS\system32\GPhotos.scr
2008-08-16 18:10 . 2008-08-16 18:10 <DIR> d-------- C:\Documents and Settings\Lukin\.idlerc
2008-08-15 15:07 . 2008-08-15 15:11 <DIR> d-------- C:\Program Files\ICQ6
2008-08-14 11:27 . 2008-05-01 16:37 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-14 11:26 . 2008-04-11 21:06 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-10 15:18 . 2008-08-10 15:18 <DIR> d-------- C:\Program Files\VisualConnection
2008-08-10 15:18 . 2008-08-10 16:50 <DIR> d-------- C:\Documents and Settings\Lukin\Data aplikací\CTVoD
.
(((((((((((((((((((((((((((((((((((((((( Find3M vypis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-07 15:31 --------- d-----w C:\Documents and Settings\Lukin\Data aplikací\Skype
2008-09-07 14:14 --------- d-----w C:\Documents and Settings\Lukin\Data aplikací\uTorrent
2008-09-06 22:24 --------- d-----w C:\Program Files\Portable Driver Genius Professional Edition 2007 v7.1.0.622
2008-09-06 20:40 --------- d-----w C:\Program Files\Down2Home
2008-09-06 19:17 --------- d-----w C:\Program Files\TVUPlayer
2008-09-06 18:19 --------- d-----w C:\Documents and Settings\Lukin\Data aplikací\PC Suite
2008-09-06 18:12 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Installations
2008-09-06 13:44 --------- d-----w C:\Program Files\QIP
2008-08-20 15:40 --------- d-----w C:\Documents and Settings\Lukin\Data aplikací\ICQ
2008-08-15 13:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-29 14:05 1,296,896 ----a-w C:\WINDOWS\system32\SPort.dll
2008-07-27 14:01 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-14 11:55 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-07-07 20:29 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:44 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:42 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:49 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-03-01 16:38 32 ----a-w C:\Documents and Settings\All Users\Data aplikací\ezsid.dat
2008-02-07 12:20 22,328 ----a-w C:\Documents and Settings\Lukin\Data aplikací\PnkBstrK.sys
2006-07-18 13:41 1,019,094 -csha-r C:\Program Files\serial.tde
2006-05-28 16:46 397,306 --sha-r C:\Program Files\wunauclt.zip
2006-05-28 16:46 397,306 --sha-r C:\Program Files\wunauclt.tbe
2008-05-25 18:32 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008052520080526\index.dat
.
(((((((((((((((((((((((((((((((((( Spousteci body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznamka* prazdne zaznamy & legitimni vychozi udaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2008-02-28 13:04 97064 --a------ C:\Program Files\Nero\Nero8\InCD\NBHShx.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"Start WingMan Profiler"="C:\Program Files\Logitech\Profiler\lwemon.exe" [2005-04-18 73728]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" [2008-01-20 192000]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2007-07-07 204288]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-07-06 20034600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FixCamera"="C:\WINDOWS\FixCamera.exe" [2005-12-06 20480]
"tsnpstd3"="C:\WINDOWS\tsnpstd3.exe" [2005-11-04 90112]
"snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2005-09-05 339968]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-08-08 949376]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2007-11-27 2631376]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]
C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-09-11 576104]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 237568]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonui.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe
"filehippo.com"="C:\Program Files\filehippo.com\UpdateChecker.exe" /background
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
"AGRSMMSG"=AGRSMMSG.exe
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\IEPro\\MiniDM.exe"=
R1 VRVD302;VRVD302;C:\WINDOWS\system32\DRIVERS\VRVD302.sys [2008-03-01 11296]
R2 NeroRegInCDSrv;Nero Registry InCD Service;C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [2008-02-28 53032]
R2 UxTuneUp;TuneUp rozšíření vzhledu;C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\system32\ASNDIS5.SYS [2002-09-09 16269]
S3 gHidPnp;USB Device Enhanced Function Driver;C:\WINDOWS\system32\Drivers\gHidPnp.Sys [ ]
S3 gMouPS2;PS2 Scroll Mouse Device;C:\WINDOWS\system32\DRIVERS\gMouPS2.sys [ ]
S3 gMouUsb;USB Mouse Device Drv;C:\WINDOWS\system32\DRIVERS\gMouUsb.sys [ ]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-05-02 306432]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{efaae3d6-d06b-11db-8de8-001731946640}]
\Shell\AutoRun\command - H:\Autorun\UbiAutorun.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Obsah adresare 'Naplanovane ulohy'
.
- - - - NEPLATNE POLOZKY ODSTRANENE Z REGISTRU - - - -
Toolbar-{B766F1CE-A1FD-448E-A03D-5C68DB7F1EC3} - (no file)
HKU-Default-Run-Picasa Media Detector - C:\Program Files\Picasa2\PicasaMediaDetector.exe
ShellExecuteHooks-{8E509EF7-6209-4A5C-A145-22F514F51C4F} - C:\WINDOWS\system32\wvUmJAqN.dll
Notify-wvUmJAqN - wvUmJAqN.dll
.
------- Doplnkovy sken -------
.
FireFox -: Profile - C:\Documents and Settings\Lukin\Data aplikací\Mozilla\Firefox\Profiles\z5lpfsvy.default\
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-07 17:37:03
Windows 5.1.2600 Service Pack 3 NTFS
skenovani skrytych procesu ...
skenovani skrytych polozek 'Po spusteni' ...
skenovani skrytych souboru ...
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
--------------------- Knihovny navazane na bezici procesy ---------------------
PROCES: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
.
Celkovy cas: 2008-09-07 17:40:30
ComboFix-quarantined-files.txt 2008-09-07 15:39:17
Pre-Run: Volných bajtů: 43,301,924,864
Post-Run: Volných bajtů: 43,365,564,416
189 --- E O F --- 2008-09-06 10:10:21
ComboFix 08-09-05.03 - Lukin 2008-09-07 17:34:51.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1029.18.1438 [GMT 2:00]
Spusteny z: C:\Documents and Settings\Lukin\Plocha\ComboFix.exe
* Vytvoren novy Bod Obnoveni
* Resident AV is active
VAROVANI - NA TOMTO POCITACI NENI NAINSTALOVANA KONZOLA PRO ZOTAVENI !!
.
((((((((((((((((((((((((((((((((((((((( Ostatni vymazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Lukin\Local Settings\Temporary Internet Files\MAILTRAN.INI
C:\Documents and Settings\Lukin\Local Settings\Temporary Internet Files\TRNCOM.INI
C:\Documents and Settings\Lukin\Oblíbené položky\Error Cleaner.url
C:\Documents and Settings\Lukin\Oblíbené položky\Privacy Protector.url
C:\Documents and Settings\Lukin\Oblíbené položky\Spyware&Malware Protection.url
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\edno.exe
C:\WINDOWS\gksraemq.dll
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\system32\awttqOif.dll
C:\WINDOWS\system32\plugin1.dat
C:\WINDOWS\vanwxemgkmx.dll
.
((((((((((((((((((((((((( Soubory vytvorene od 2008-08-07 do 2008-09-07 )))))))))))))))))))))))))))))))
.
2008-09-07 16:12 . 2008-09-07 14:19 143,360 --a------ C:\WINDOWS\sxmaokgf.exe
2008-09-07 13:35 . 2004-01-05 14:04 38,871 --------- C:\WINDOWS\hpomdl03.dat.temp
2008-09-07 13:35 . 2006-07-16 15:45 29,236 --------- C:\WINDOWS\hpoins03.dat.temp
2008-09-06 23:07 . 2008-09-06 23:07 <DIR> d-------- C:\Program Files\Google
2008-09-06 23:07 . 2008-04-08 01:16 9,200 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-09-06 23:07 . 2008-04-08 01:16 9,072 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-09-06 23:02 . 2008-09-06 23:02 <DIR> d-------- C:\Program Files\filehippo.com
2008-09-06 22:30 . 2008-09-06 22:30 <DIR> d-------- C:\Program Files\Longman
2008-09-06 22:20 . 2008-09-06 22:20 <DIR> d-------- C:\Program Files\Uniblue
2008-09-06 20:11 . 2008-09-06 20:11 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-09-06 20:11 . 2008-09-06 20:11 <DIR> d-------- C:\Program Files\Common Files\Nokia
2008-09-06 20:11 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-09-06 20:10 . 2008-09-06 20:10 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-09-06 20:09 . 2008-09-06 20:11 <DIR> d-------- C:\Program Files\Nokia
2008-09-06 19:19 . 2008-09-06 19:19 <DIR> d-------- C:\Program Files\Fireluke
2008-09-06 18:58 . 2008-09-06 18:58 <DIR> d-------- C:\Program Files\uTorrent
2008-09-06 18:28 . 2008-09-06 18:28 <DIR> d-------- C:\Program Files\MyPhoneExplorer
2008-09-06 18:28 . 2008-09-06 18:32 <DIR> d-------- C:\Documents and Settings\Lukin\Data aplikací\MyPhoneExplorer
2008-09-06 18:28 . 2008-09-06 18:44 <DIR> d-a------ C:\Documents and Settings\All Users\Data aplikací\TEMP
2008-09-06 16:29 . 2008-09-06 16:29 <DIR> d-------- C:\Program Files\VDOWNLOADER
2008-09-06 16:14 . 2008-09-06 16:19 <DIR> d-------- C:\Program Files\Teamspeak2_RC2
2008-09-06 15:51 . 2008-09-06 16:03 <DIR> d-------- C:\Program Files\Scorpions WinCheater
2008-09-06 12:42 . 2008-09-06 12:42 <DIR> d-------- C:\Program Files\QIP Infium
2008-08-30 11:52 . 2008-08-30 11:52 <DIR> d-------- C:\Program Files\Skype
2008-08-29 19:18 . 2008-08-29 19:18 2,302,017 --a------ C:\WINDOWS\system32\GPhotos.scr
2008-08-16 18:10 . 2008-08-16 18:10 <DIR> d-------- C:\Documents and Settings\Lukin\.idlerc
2008-08-15 15:07 . 2008-08-15 15:11 <DIR> d-------- C:\Program Files\ICQ6
2008-08-14 11:27 . 2008-05-01 16:37 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-14 11:26 . 2008-04-11 21:06 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-10 15:18 . 2008-08-10 15:18 <DIR> d-------- C:\Program Files\VisualConnection
2008-08-10 15:18 . 2008-08-10 16:50 <DIR> d-------- C:\Documents and Settings\Lukin\Data aplikací\CTVoD
.
(((((((((((((((((((((((((((((((((((((((( Find3M vypis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-07 15:31 --------- d-----w C:\Documents and Settings\Lukin\Data aplikací\Skype
2008-09-07 14:14 --------- d-----w C:\Documents and Settings\Lukin\Data aplikací\uTorrent
2008-09-06 22:24 --------- d-----w C:\Program Files\Portable Driver Genius Professional Edition 2007 v7.1.0.622
2008-09-06 20:40 --------- d-----w C:\Program Files\Down2Home
2008-09-06 19:17 --------- d-----w C:\Program Files\TVUPlayer
2008-09-06 18:19 --------- d-----w C:\Documents and Settings\Lukin\Data aplikací\PC Suite
2008-09-06 18:12 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Installations
2008-09-06 13:44 --------- d-----w C:\Program Files\QIP
2008-08-20 15:40 --------- d-----w C:\Documents and Settings\Lukin\Data aplikací\ICQ
2008-08-15 13:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-29 14:05 1,296,896 ----a-w C:\WINDOWS\system32\SPort.dll
2008-07-27 14:01 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-14 11:55 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-07-07 20:29 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:44 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:42 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:49 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-03-01 16:38 32 ----a-w C:\Documents and Settings\All Users\Data aplikací\ezsid.dat
2008-02-07 12:20 22,328 ----a-w C:\Documents and Settings\Lukin\Data aplikací\PnkBstrK.sys
2006-07-18 13:41 1,019,094 -csha-r C:\Program Files\serial.tde
2006-05-28 16:46 397,306 --sha-r C:\Program Files\wunauclt.zip
2006-05-28 16:46 397,306 --sha-r C:\Program Files\wunauclt.tbe
2008-05-25 18:32 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008052520080526\index.dat
.
(((((((((((((((((((((((((((((((((( Spousteci body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznamka* prazdne zaznamy & legitimni vychozi udaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2008-02-28 13:04 97064 --a------ C:\Program Files\Nero\Nero8\InCD\NBHShx.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"Start WingMan Profiler"="C:\Program Files\Logitech\Profiler\lwemon.exe" [2005-04-18 73728]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" [2008-01-20 192000]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2007-07-07 204288]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-07-06 20034600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FixCamera"="C:\WINDOWS\FixCamera.exe" [2005-12-06 20480]
"tsnpstd3"="C:\WINDOWS\tsnpstd3.exe" [2005-11-04 90112]
"snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2005-09-05 339968]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-08-08 949376]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2007-11-27 2631376]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]
C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-09-11 576104]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 237568]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonui.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe
"filehippo.com"="C:\Program Files\filehippo.com\UpdateChecker.exe" /background
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
"AGRSMMSG"=AGRSMMSG.exe
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\IEPro\\MiniDM.exe"=
R1 VRVD302;VRVD302;C:\WINDOWS\system32\DRIVERS\VRVD302.sys [2008-03-01 11296]
R2 NeroRegInCDSrv;Nero Registry InCD Service;C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [2008-02-28 53032]
R2 UxTuneUp;TuneUp rozšíření vzhledu;C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\system32\ASNDIS5.SYS [2002-09-09 16269]
S3 gHidPnp;USB Device Enhanced Function Driver;C:\WINDOWS\system32\Drivers\gHidPnp.Sys [ ]
S3 gMouPS2;PS2 Scroll Mouse Device;C:\WINDOWS\system32\DRIVERS\gMouPS2.sys [ ]
S3 gMouUsb;USB Mouse Device Drv;C:\WINDOWS\system32\DRIVERS\gMouUsb.sys [ ]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-05-02 306432]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{efaae3d6-d06b-11db-8de8-001731946640}]
\Shell\AutoRun\command - H:\Autorun\UbiAutorun.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Obsah adresare 'Naplanovane ulohy'
.
- - - - NEPLATNE POLOZKY ODSTRANENE Z REGISTRU - - - -
Toolbar-{B766F1CE-A1FD-448E-A03D-5C68DB7F1EC3} - (no file)
HKU-Default-Run-Picasa Media Detector - C:\Program Files\Picasa2\PicasaMediaDetector.exe
ShellExecuteHooks-{8E509EF7-6209-4A5C-A145-22F514F51C4F} - C:\WINDOWS\system32\wvUmJAqN.dll
Notify-wvUmJAqN - wvUmJAqN.dll
.
------- Doplnkovy sken -------
.
FireFox -: Profile - C:\Documents and Settings\Lukin\Data aplikací\Mozilla\Firefox\Profiles\z5lpfsvy.default\
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-07 17:37:03
Windows 5.1.2600 Service Pack 3 NTFS
skenovani skrytych procesu ...
skenovani skrytych polozek 'Po spusteni' ...
skenovani skrytych souboru ...
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
--------------------- Knihovny navazane na bezici procesy ---------------------
PROCES: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
.
Celkovy cas: 2008-09-07 17:40:30
ComboFix-quarantined-files.txt 2008-09-07 15:39:17
Pre-Run: Volných bajtů: 43,301,924,864
Post-Run: Volných bajtů: 43,365,564,416
189 --- E O F --- 2008-09-06 10:10:21
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43293
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Virus Alert !!
Vlož sem ještě log z HJT.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Virus Alert !!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:12, on 2008-09-07
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Documents and Settings\Lukin\Plocha\Torrenty\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: (no name) - {B766F1CE-A1FD-448E-A03D-5C68DB7F1EC3} - (no file)
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Add to Vbuzzer RSS list - C:\Program Files\vbuzzer\addurl.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: HP Chytrý výběr - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.cz/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 2798444000
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2817888046
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.airport-nuernberg.de/_/tools ... ontrol.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://82.99.180.2/activex/AMC.cab
O20 - Winlogon Notify: wvUmJAqN - wvUmJAqN.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PsExec (PSEXESVC) - Unknown owner - C:\WINDOWS\PSEXESVC.EXE (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 10883 bytes
Scan saved at 18:12, on 2008-09-07
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Documents and Settings\Lukin\Plocha\Torrenty\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: (no name) - {B766F1CE-A1FD-448E-A03D-5C68DB7F1EC3} - (no file)
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Add to Vbuzzer RSS list - C:\Program Files\vbuzzer\addurl.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: HP Chytrý výběr - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.cz/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 2798444000
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2817888046
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.airport-nuernberg.de/_/tools ... ontrol.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://82.99.180.2/activex/AMC.cab
O20 - Winlogon Notify: wvUmJAqN - wvUmJAqN.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PsExec (PSEXESVC) - Unknown owner - C:\WINDOWS\PSEXESVC.EXE (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 10883 bytes
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43293
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Virus Alert !! Vyřešeno
Fix HJT:
Pokud je comp O.K. dej vyřešeno (fajfka).
Kód: Vybrat vše
O3 - Toolbar: (no name) - {B766F1CE-A1FD-448E-A03D-5C68DB7F1EC3} - (no file)
O4 - Global Startup: Bluetooth.lnk = ?
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O20 - Winlogon Notify: wvUmJAqN - wvUmJAqN.dll (file missing)Pokud je comp O.K. dej vyřešeno (fajfka).
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Zpět na “Viry, antiviry, firewally…”
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 3 hosti